Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c7a34ef by Salvatore Bonaccorso at 2024-01-19T22:19:41+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49,101 +49,101 @@ CVE-2024-22211 (FreeRDP is a set of free and open source
remote desktop protocol
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff
(3.2.0)
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9
(2.11.5)
CVE-2024-0732 (A vulnerability was found in PCMan FTP Server 2.0.7 and
classified as ...)
- TODO: check
+ NOT-FOR-US: PCMan FTP Server
CVE-2024-0731 (A vulnerability has been found in PCMan FTP Server 2.0.7 and
classifie ...)
- TODO: check
+ NOT-FOR-US: PCMan FTP Server
CVE-2024-0730 (A vulnerability, which was classified as critical, was found in
Projec ...)
- TODO: check
+ NOT-FOR-US: Project Worlds Online Time Table Generator
CVE-2024-0729 (A vulnerability, which was classified as critical, has been
found in F ...)
- TODO: check
+ NOT-FOR-US: ForU CMS
CVE-2024-0728 (A vulnerability classified as problematic was found in ForU CMS
up to ...)
- TODO: check
+ NOT-FOR-US: ForU CMS
CVE-2024-0726 (A vulnerability was found in Project Worlds Student Project
Allocation ...)
- TODO: check
+ NOT-FOR-US: Project Worlds Student Project Allocation System
CVE-2024-0725 (A vulnerability was found in ProSSHD 1.2 on Windows. It has
been decla ...)
- TODO: check
+ NOT-FOR-US: ProSSHD
CVE-2024-0723 (A vulnerability was found in freeSSHd 1.0.9 on Windows. It has
been cl ...)
- TODO: check
+ NOT-FOR-US: freeSSHd
CVE-2024-0722 (A vulnerability was found in code-projects Social Networking
Site 1.0 ...)
- TODO: check
+ NOT-FOR-US: code-projects Social Networking Site
CVE-2024-0721 (A vulnerability has been found in Jspxcms 10.2.0 and classified
as pro ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2024-0720 (A vulnerability, which was classified as problematic, was found
in Fac ...)
- TODO: check
+ NOT-FOR-US: FactoMineR FactoInvestigate
CVE-2024-0718 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: liuwy-dlsdys zhglxt
CVE-2024-0717 (A vulnerability classified as critical was found in D-Link
DAP-1360, D ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-0716 (A vulnerability classified as problematic has been found in
Beijing Ba ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform
CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to
2.5.0. It ...)
- TODO: check
+ NOT-FOR-US: MiczFlor RPi-Jukebox-RFID
CVE-2024-0713 (A vulnerability was found in Monitorr 1.7.6m. It has been
declared as ...)
- TODO: check
+ NOT-FOR-US: Monitorr
CVE-2024-0712 (A vulnerability was found in Beijing Baichuo Smart S150
Management Pla ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S150 Management Platform
CVE-2024-0705 (The Stripe Payment Plugin for WooCommerce plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0663
REJECTED
CVE-2023-6450 (An incorrect permissions vulnerability was reported in the
Lenovo App ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-6044 (A privilege escalation vulnerability was reported in Lenovo
Vantage th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-6043 (A privilege escalation vulnerability was reported in Lenovo
Vantage th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-5081 (An information disclosure vulnerability was reported in the
Lenovo Tab ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-5080 (A privilege escalation vulnerability was reported in some
Lenovo table ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2023-51948 (A Site-wide directory listing vulnerability in /fm in actidata
actiNAS ...)
- TODO: check
+ NOT-FOR-US: actidata actiNAS SL 2U-8 RDX
CVE-2023-51947 (Improper access control on nasSvr.php in actidata actiNAS SL
2U-8 RDX ...)
- TODO: check
+ NOT-FOR-US: actidata actiNAS SL 2U-8 RDX
CVE-2023-51946 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in nasSv ...)
- TODO: check
+ NOT-FOR-US: actidata actiNAS-SL-2U-8
CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote
attacke ...)
- TODO: check
+ NOT-FOR-US: dom96 HTTPbeast
CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote
attacker t ...)
- TODO: check
+ NOT-FOR-US: dom96 Jester
CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code
Executi ...)
TODO: check
CVE-2023-50030 (In the module "Jms Setting" (jmssetting) from Joommasters for
PrestaSh ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-50028 (In the module "Sliding cart block" (blockslidingcart) up to
version 2. ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-47035 (RPTC 0x3b08c was discovered to not conduct status checks on
the parame ...)
TODO: check
CVE-2023-47034 (A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers
to caus ...)
- TODO: check
+ NOT-FOR-US: UniswapFrontRunBot
CVE-2023-47033 (MultiSigWallet 0xF0C99 was discovered to contain a reentrancy
vulnerab ...)
TODO: check
CVE-2023-46351 (In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a
guest can ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-45485
REJECTED
CVE-2023-43985 (SunnyToo stblogsearch up to v1.0.0 was discovered to contain a
SQL inj ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-43956
REJECTED
CVE-2023-42766 (Improper input validation in some Intel NUC 8 Compute Element
BIOS fir ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42429 (Improper buffer restrictions in some Intel NUC BIOS firmware
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38587 (Improper input validation in some Intel NUC BIOS firmware may
allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38541 (Insecure inherited permissions in some Intel HID Event Filter
drivers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33295 (Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a
incorre ...)
- TODO: check
+ NOT-FOR-US: Cohesity DataProtect
CVE-2023-32544 (Improper access control in some Intel HotKey Services for
Windows 10 f ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32272 (Uncontrolled search path in some Intel NUC Pro Software Suite
Configur ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29495 (Improper input validation for some Intel NUC BIOS firmware
before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28743 (Improper input validation for some Intel NUC BIOS firmware
before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21733 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
- tomcat9 9.0.53-1
NOTE: https://www.openwall.com/lists/oss-security/2024/01/19/2
@@ -41090,7 +41090,7 @@ CVE-2023-29162
CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers
for Wind ...)
NOT-FOR-US: Intel
CVE-2023-28722 (Improper buffer restrictions for some Intel NUC BIOS firmware
before v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28407
RESERVED
CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset
Device Softw ...)
@@ -44016,7 +44016,7 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on
pathnames under TMPDIR (typically
NOTE: https://github.com/sagemath/sage/pull/35419
NOTE: Neutralised by kernel hardening
CVE-2023-29244 (Incorrect default permissions in some Intel Integrated Sensor
Hub (ISH ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) &
Iris(R) Xe ...)
NOT-FOR-US: Intel
CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and
component ...)
@@ -45959,7 +45959,7 @@ CVE-2023-28939
CVE-2023-28739
RESERVED
CVE-2023-28738 (Improper input validation for some Intel NUC BIOS firmware
before vers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-28721
RESERVED
CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL
software before ...)
@@ -52000,7 +52000,7 @@ CVE-2023-27170 (Xpand IT Write-back manager v2.3.1
allows attackers to perform a
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in
license cl ...)
NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27168 (An arbitrary file upload vulnerability in Xpand IT Write-back
Manager ...)
- TODO: check
+ NOT-FOR-US: Xpand IT Write-back Manager
CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL
injection vu ...)
NOT-FOR-US: Suprema BioStar
CVE-2023-27166
@@ -71553,7 +71553,7 @@ CVE-2022-47162 (Cross-Site Request Forgery (CSRF)
vulnerability in Dannie Herdya
CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The
WordPress.Org c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47160 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster
Logaster L ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pakp ...)
@@ -75673,7 +75673,7 @@ CVE-2022-45847
CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys
Image Map Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45845 (Deserialization of Untrusted Data vulnerability in Nextend
Smart Slide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45844
RESERVED
CVE-2022-45843 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability
in Next ...)
@@ -78065,7 +78065,7 @@ CVE-2022-45085 (Server-Side Request Forgery (SSRF)
vulnerability in Group Arge E
CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Softacul ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45083 (Deserialization of Untrusted Data vulnerability in
ProfilePress Member ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45081
@@ -90637,7 +90637,7 @@ CVE-2022-40966 (Authentication bypass vulnerability in
multiple Buffalo network
CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local
Pickup for ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40700 (Server-Side Request Forgery (SSRF) vulnerability in Montonio
Montonio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr
\u2013 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in3com ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c7a34efa00fab03ec9b9c944475e4b8728795f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c7a34efa00fab03ec9b9c944475e4b8728795f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
