Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44afb1c1 by Salvatore Bonaccorso at 2024-01-18T21:34:09+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
CVE-2024-22819 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22818 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerbility ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22817 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22699 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22603 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22601 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22593 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22592 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22591 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22568 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22549 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the
email se ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22548 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the
system w ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22419 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-22400 (Nextcloud User Saml is an app for authenticating Nextcloud
users using ...)
- TODO: check
+ NOT-FOR-US: Nextcloud User Saml app
CVE-2024-22317 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and
12.0.1.0 thr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22213 (Deck is a kanban style organization tool aimed at personal
planning an ...)
- TODO: check
+ NOT-FOR-US: Deck
CVE-2024-22212 (Nextcloud Global Site Selector is a tool which allows you to
run multi ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Global Site Selector
CVE-2024-0694
REJECTED
CVE-2024-0669 (A Cross-Frame Scripting vulnerability has been found on Plone
CMS affe ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2024-0580 (Omission of user-controlled key authorization in the
IDMSistemas platf ...)
- TODO: check
+ NOT-FOR-US: IDMSistemas platform / QSige
CVE-2023-7153 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Macroturk Software and Internet Technologies Macro-Bel
CVE-2023-5806 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Mergen Software Quality Management System
CVE-2023-51464 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-51463 (Adobe Experience Manager versions 6.5.18 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-49943 (Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows
stored XSS ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-40052 (This issue affects Progress Application Server (PAS) for
OpenEdge in v ...)
- TODO: check
+ NOT-FOR-US: OpenEdge
CVE-2023-40051 (This issue affects Progress Application Server (PAS) for
OpenEdge in v ...)
- TODO: check
+ NOT-FOR-US: OpenEdge
CVE-2023-34348 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior
contain a vul ...)
- TODO: check
+ NOT-FOR-US: AVEVA PI Server
CVE-2023-31274 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior
contain a vul ...)
- TODO: check
+ NOT-FOR-US: AVEVA PI Server
CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows
XXE att ...)
- libspreadsheet-parsexlsx-perl <unfixed> (bug #1061098)
NOTE: https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
@@ -66,7 +66,7 @@ CVE-2024-22416 (pyLoad is a free and open-source Download
Manager written in pur
CVE-2024-22414 (flaskBlog is a simple blog app built with Flask. Improper
storage and ...)
NOT-FOR-US: flaskBlog
CVE-2024-22410 (Creditcoin is a network that enables cross-blockchain credit
transacti ...)
- TODO: check
+ NOT-FOR-US: Creditcoin
CVE-2024-0655 (A vulnerability has been found in Novel-Plus 4.3.0-RC1 and
classified ...)
NOT-FOR-US: Novel-Plus
CVE-2024-0654 (A vulnerability, which was classified as problematic, was found
in Dee ...)
@@ -142,7 +142,7 @@ CVE-2023-48340 (In video decoder, there is a possible out
of bounds write due to
CVE-2023-48339 (In jpg driver, there is a possible missing permission check.
This coul ...)
NOT-FOR-US: Unisoc
CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It
has be ...)
- TODO: check
+ NOT-FOR-US: Karjasoft Sami HTTP Server
CVE-2024-22365 [pam_namespace: protect_dir(): use O_DIRECTORY to prevent local
DoS situations]
- pam <unfixed> (bug #1061097)
NOTE: https://www.openwall.com/lists/oss-security/2024/01/18/3
@@ -171,7 +171,7 @@ CVE-2024-0646 (An out-of-bounds memory write flaw was found
in the Linux kernel\
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/c5a595000e2677e865a39f249c056bc05d6e55fd (6.7-rc5)
CVE-2024-0645 (Buffer overflow vulnerability in Explorer++ affecting version
1.3.5.53 ...)
- TODO: check
+ NOT-FOR-US: Explorer++
CVE-2024-0643 (Unrestricted upload of dangerous file types in the C21 Live
Encoder an ...)
NOT-FOR-US: C21 Live encoder and Live Mosaic
CVE-2024-0642 (Inadequate access control in the C21 Live Encoder and Live
Mosaic prod ...)
@@ -45870,9 +45870,9 @@ CVE-2023-28903
CVE-2023-28902
RESERVED
CVE-2023-28901 (The Skoda Automotive cloud contains a Broken Access Control
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Skoda
CVE-2023-28900 (The Skoda Automotive cloud contains a Broken Access Control
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Skoda
CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of
Skoda vehicl ...)
NOT-FOR-US: Skoda
CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3
infotainme ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44afb1c13d922c6b3d46ae3ad05fe678b18fe0f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44afb1c13d922c6b3d46ae3ad05fe678b18fe0f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
