[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 22 12:27:31 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1d96f0d5 by Moritz Muehlenhoff at 2024-05-22T13:27:12+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -433,7 +433,7 @@ CVE-2024-3345 (The ShopLentor plugin for WordPress is vulnerable to Stored Cross
CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...)
- TODO: check
+ NOT-FOR-US: WinRAR
CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...)
- python-pymysql <unfixed>
NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp
@@ -2390,7 +2390,7 @@ CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get f
CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows ...)
NOT-FOR-US: Waxlab wax
CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...)
- TODO: check
+ NOT-FOR-US: ArcSight Enterprise Security Manager
CVE-2024-29651 (A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v. ...)
NOT-FOR-US: Node json-schema-ref-parser
CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a reflected c ...)
@@ -2398,9 +2398,9 @@ CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a refle
CVE-2024-27312 (Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization v ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 a ...)
- TODO: check
+ NOT-FOR-US: @blackprint/engine
CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 all ...)
- TODO: check
+ NOT-FOR-US: @bit/loader
CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the Authorization head ...)
- python-scrapy 2.11.2-1
NOTE: https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a
@@ -2812,7 +2812,7 @@ CVE-2024-36078 (In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installe
CVE-2024-36076 (Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to ve ...)
NOT-FOR-US: Syslifters SysReptor
CVE-2024-36070 (tine before 2023.11.8, when an LDAP backend is used, allows anonymous ...)
- TODO: check
+ NOT-FOR-US: Tine groupware
CVE-2024-36053 (In the mintupload package through 4.2.0 for Linux Mint, service-name m ...)
NOT-FOR-US: mintupload
CVE-2024-35947 (In the Linux kernel, the following vulnerability has been resolved: d ...)
@@ -3322,7 +3322,7 @@ CVE-2024-23556 (SSL/TLS Renegotiation functionality potentially leading to DoS a
CVE-2024-23554 (Cross-Site Request Forgery (CSRF) on Session Token vulnerability that ...)
NOT-FOR-US: HCL
CVE-2023-52424 (The IEEE 802.11 standard sometimes enables an adversary to trick a vic ...)
- TODO: check
+ NOT-FOR-US: IEEE 802.11 standard
CVE-2024-5072 (Improper input validation in PAM JIT elevation feature in Devolutions ...)
NOT-FOR-US: Devolutions Server
CVE-2024-5066 (A vulnerability classified as critical was found in PHPGurukul Online ...)
@@ -3810,7 +3810,7 @@ CVE-2024-34370 (Improper Privilege Management vulnerability in WPFactory EAN for
CVE-2024-34241 (A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1. ...)
NOT-FOR-US: Rocketsoft Rocket LMS
CVE-2024-34058 (The WebTop package for NethServer 7 and 8 allows stored XSS (for examp ...)
- TODO: check
+ NOT-FOR-US: WebTop package for NethServer
CVE-2024-33917 (Authentication Bypass by Spoofing vulnerability in webtechideas WTI Li ...)
NOT-FOR-US: WordPress plugin
CVE-2024-33644 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
@@ -4556,7 +4556,7 @@ CVE-2023-40071 (Improper access control in some Intel(R) GPA software installers
CVE-2023-40070 (Improper access control in some Intel(R) Power Gadget software for mac ...)
NOT-FOR-US: Intel
CVE-2023-39929 (Uncontrolled search path in some Libva software maintained by Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39433 (Improper access control for some Intel(R) CST software before version ...)
NOT-FOR-US: Intel
CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -4564,49 +4564,49 @@ CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2023-38654 (Improper input validation for some some Intel(R) PROSet/Wireless WiFi ...)
TODO: check
CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows all vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38420 (Improper conditions check in Intel(R) Power Gadget software for macOS ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38417 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...)
- firmware-nonfree <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html
TODO: check, likely fixed in 20240513 tag update
CVE-2023-38399 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37999 (Improper Privilege Management vulnerability in HasThemes HT Mega allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37888 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37866 (Improper Privilege Management vulnerability in Crocoblock JetFormBuild ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37389 (Improper Privilege Management vulnerability in SAASPROJECT Booking Pac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37385 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35881 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-35192 (Uncontrolled search path in some Intel(R) GPA Framework software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34186 (Missing Authorization vulnerability in Imran Sayed Headless CMS.This i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33321 (Missing Authorization vulnerability in Metagauss EventPrime allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33310 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32297 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32244 (Improper Privilege Management vulnerability in XTemos Woodmart Core al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32129 (Missing Authorization vulnerability in Sparkle WP Editorialmag editori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32110 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28402 (Improper input validation in some Intel(R) BIOS Guard firmware may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28383 (Improper conditions check in some Intel(R) BIOS PPAM firmware may allo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-27504 (Improper conditions check in some Intel(R) BIOS Guard firmware may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-22662 (Improper input validation of EpsdSrMgmtConfig in UEFI firmware for som ...)
NOT-FOR-US: Intel
CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R) DSA and In ...)
@@ -5196,7 +5196,7 @@ CVE-2024-35109 (idccms v1.35 was discovered to contain a Cross-Site Request Forg
CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
NOT-FOR-US: idccms
CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provi ...)
- TODO: check
+ NOT-FOR-US: Amazon JDBC Driver for Redshift
CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local attacker to ex ...)
NOT-FOR-US: Reportico Web
CVE-2024-31483 (An authenticated sensitive information disclosure vulnerability exists ...)
@@ -5621,9 +5621,9 @@ CVE-2024-22268 (VMware Workstation and Fusion contain a heap buffer-overflow vul
CVE-2024-22267 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...)
NOT-FOR-US: VMware
CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities could cau ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities could cau ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-1630 (Path traversal vulnerability in \u201cgetAllFolderContents\u201d funct ...)
NOT-FOR-US: GE HealthCare
CVE-2024-1629 (Path traversal vulnerability in \u201cdeleteFiles\u201d function of Co ...)
@@ -5653,7 +5653,7 @@ CVE-2023-44247 (A double free vulnerability [CWE-415] in Fortinet FortiOS before
CVE-2023-40720 (An authorization bypass through user-controlled key vulnerability [CWE ...)
NOT-FOR-US: FortiGuard
CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
- TODO: check
+ NOT-FOR-US: FortiNet
CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...)
TODO: check
CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs showed e ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d96f0d551544caac183a5ddc815ac1e6afea2db
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d96f0d551544caac183a5ddc815ac1e6afea2db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/6bc4e609/attachment.htm>
More information about the debian-security-tracker-commits
mailing list