Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0d8b07e by Salvatore Bonaccorso at 2024-01-12T21:35:35+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
CVE-2024-22494 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the
/gusetboo ...)
- TODO: check
+ NOT-FOR-US: JFinalcms
CVE-2024-22493 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the
/gusetboo ...)
- TODO: check
+ NOT-FOR-US: JFinalcms
CVE-2024-22492 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the
/gusetboo ...)
- TODO: check
+ NOT-FOR-US: JFinalcms
CVE-2024-21887 (A command injection vulnerability in web components of Ivanti
Connect ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-0467 (A vulnerability, which was classified as problematic, was found
in cod ...)
- TODO: check
+ NOT-FOR-US: code-projects Employee Profile Management System
CVE-2024-0466 (A vulnerability, which was classified as critical, has been
found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Employee Profile Management System
CVE-2024-0465 (A vulnerability classified as problematic was found in
code-projects E ...)
- TODO: check
+ NOT-FOR-US: code-projects Employee Profile Management System
CVE-2024-0464 (A vulnerability classified as critical has been found in
code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Faculty Clearance
CVE-2024-0463 (A vulnerability was found in code-projects Online Faculty
Clearance 1. ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Faculty Clearance
CVE-2024-0462 (A vulnerability was found in code-projects Online Faculty
Clearance 1. ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Faculty Clearance
CVE-2024-0461 (A vulnerability was found in code-projects Online Faculty
Clearance 1. ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Faculty Clearance
CVE-2024-0460 (A vulnerability was found in code-projects Faculty Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects Faculty Management System
CVE-2024-0459 (A vulnerability has been found in Blood Bank & Donor Management
5.6 an ...)
- TODO: check
+ NOT-FOR-US: Blood Bank & Donor Management
CVE-2023-6683 (A flaw was found in the QEMU built-in VNC server while
processing Clie ...)
TODO: check
CVE-2023-52026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to
contain a r ...)
- TODO: check
+ NOT-FOR-US: TOTOlink
CVE-2023-51978 (In PHPGurukul Art Gallery Management System v1.1, "Update
Artist Image ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Art Gallery Management System
CVE-2023-51949 (Verydows v2.0 was discovered to contain a Cross-Site Request
Forgery ( ...)
- TODO: check
+ NOT-FOR-US: Verydows
CVE-2023-51806 (File Upload vulnerability in Ujcms v.8.0.2 allows a local
attacker to ...)
- TODO: check
+ NOT-FOR-US: Ujcms
CVE-2023-51790 (Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a
remote ...)
TODO: check
CVE-2023-49569 (A path traversal vulnerability was discovered in go-git
versions prior ...)
@@ -41,31 +41,31 @@ CVE-2023-49569 (A path traversal vulnerability was
discovered in go-git versions
CVE-2023-49568 (A denial of service (DoS) vulnerability was discovered in
go-git versi ...)
TODO: check
CVE-2023-49262 (The authentication mechanism can be bypassed by overflowing
the value ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49261 (The "tokenKey" value used in user authorization is visible in
the HTML ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49260 (An XSS attack can be performed by changing the MOTD banner and
pointin ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49259 (The authentication cookies are generated using an algorithm
based on t ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49258 (User browser may be forced to execute JavaScript and pass the
authenti ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49257 (An authenticated user is able to upload an arbitrary
CGI-compatible fi ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49256 (It is possible to download the configuration backup without
authorizat ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49255 (The router console is accessible without authentication at
"data" fiel ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49254 (Authenticated user can execute arbitrary commands in the
context of th ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-49253 (Root user password is hardcoded into the device and cannot be
changed ...)
- TODO: check
+ NOT-FOR-US: Hongdian
CVE-2023-48909 (An issue was discovered in Jave2 version 3.3.1, allows
attackers to ex ...)
TODO: check
CVE-2023-46805 (An authentication bypass vulnerability in the web component of
Ivanti ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2010-10011 (A vulnerability, which was classified as problematic, was
found in Acr ...)
- TODO: check
+ NOT-FOR-US: Acritum Femitter Server
CVE-2024-XXXX [spip XSS]
- spip 4.1.15+dfsg-1
[bookworm] - spip <no-dsa> (Minor issue)
@@ -38236,21 +38236,21 @@ CVE-2012-10013 (A vulnerability was found in Kau-Boy
Backend Localization Plugin
CVE-2023-31037
RESERVED
CVE-2023-31036 (NVIDIA Triton Inference Server for Linux and Windows contains
a vulner ...)
- TODO: check
+ NOT-FOR-US: NVIDIA Triton Inference Server for Linux and Windows
CVE-2023-31035 (NVIDIA DGX A100 SBIOS contains a vulnerability where an
attacker may c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31034 (NVIDIA DGX A100 SBIOS contains a vulnerability where a local
attacker ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31033 (NVIDIA DGX A100 BMC contains a vulnerability where a user may
cause a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31032 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user
may cause ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31031 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user
may cause ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31030 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM
daemon, w ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31029 (NVIDIA DGX A100 baseboard management controller (BMC) contains
a vulne ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31028
RESERVED
CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability
that al ...)
@@ -38258,9 +38258,9 @@ CVE-2023-31027 (NVIDIA GPU Display Driver for Windows
contains a vulnerability t
CVE-2023-31026 (NVIDIA vGPU software for Windows and Linux contains a
vulnerability in ...)
NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
CVE-2023-31025 (NVIDIA DGX A100 BMC contains a vulnerability where an attacker
may cau ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31024 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM
daemon, w ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2023-31023 (NVIDIA Display Driver for Windows contains a vulnerability
where an at ...)
NOT-FOR-US: NVIDIA
CVE-2023-31022 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
@@ -41286,11 +41286,11 @@ CVE-2023-30018 (Judging Management System v1.0 is
vulnerable to SQL Injection. v
CVE-2023-30017
RESERVED
CVE-2023-30016 (SQL Injection vulnerability in oretnom23 Judging Management
System v1. ...)
- TODO: check
+ NOT-FOR-US: oretnom23 Judging Management System
CVE-2023-30015 (SQL Injection vulnerability in oretnom23 Judging Management
System v1. ...)
- TODO: check
+ NOT-FOR-US: oretnom23 Judging Management System
CVE-2023-30014 (SQL Injection vulnerability in oretnom23 Judging Management
System v1. ...)
- TODO: check
+ NOT-FOR-US: oretnom23 Judging Management System
CVE-2023-30013 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and
V9.1.0u.6369_B20230113 cont ...)
NOT-FOR-US: TOTOLINK
CVE-2023-30012
@@ -44750,11 +44750,11 @@ CVE-2023-28901
CVE-2023-28900
RESERVED
CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of
Skoda vehicl ...)
- TODO: check
+ NOT-FOR-US: Skoda
CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3
infotainme ...)
- TODO: check
+ NOT-FOR-US: MIB3 infotainment
CVE-2023-28897 (The secret value used for access to critical UDS services of
the MIB3 ...)
- TODO: check
+ NOT-FOR-US: MIB3 infotainment
CVE-2023-28896 (Access to critical Unified Diagnostics Services (UDS) of the
Modular I ...)
NOT-FOR-US: Skoda
CVE-2023-28895 (The password for access to the debugging console of the PoWer
Controll ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0d8b07eecf8dd6ce2b0e90599222e86ca05edf1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0d8b07eecf8dd6ce2b0e90599222e86ca05edf1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
