Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: daabfe61 by Salvatore Bonaccorso at 2024-01-20T09:37:14+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,71 +1,71 @@ CVE-2024-23689 (Exposure of sensitive information in exceptions in ClichHouse's clickh ...) TODO: check CVE-2024-23688 (Consensys Discovery versions less than 0.4.5 uses the same AES/GCM non ...) - TODO: check + NOT-FOR-US: Consensys Discovery CVE-2024-23687 (Hard-coded credentials in FOLIO mod-data-export-spring versions before ...) - TODO: check + NOT-FOR-US: FOLIO mod-data-export-spring CVE-2024-23686 (DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0 ...) TODO: check CVE-2024-23685 (Hard-coded credentials in mod-remote-storage versions under 1.7.2 and ...) - TODO: check + NOT-FOR-US: mod-remote-storage CVE-2024-23684 (Inefficient algorithmic complexity in DecodeFromBytes function in com. ...) TODO: check CVE-2024-23683 (Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a ...) - TODO: check + NOT-FOR-US: Artemis Java Test Sandbox CVE-2024-23682 (Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sa ...) - TODO: check + NOT-FOR-US: Artemis Java Test Sandbox CVE-2024-23681 (Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a s ...) - TODO: check + NOT-FOR-US: Artemis Java Test Sandbox CVE-2024-23680 (AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9. ...) TODO: check CVE-2024-23679 (Enonic XP versions less than 7.7.4 are vulnerable to a session fixatio ...) - TODO: check + NOT-FOR-US: Enonic XP CVE-2024-23332 (The Notary Project is a set of specifications and tools intended to pr ...) - TODO: check + NOT-FOR-US: Notary Project CVE-2024-22421 (JupyterLab is an extensible environment for interactive and reproducib ...) TODO: check CVE-2024-22420 (JupyterLab is an extensible environment for interactive and reproducib ...) TODO: check CVE-2024-0758 (MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A r ...) - TODO: check + NOT-FOR-US: MolecularFaces CVE-2024-0739 (A vulnerability, which was classified as critical, was found in Hechen ...) - TODO: check + NOT-FOR-US: Hecheng Leadshop CVE-2024-0738 (A vulnerability, which was classified as critical, has been found in \ ...) - TODO: check + NOT-FOR-US: mldong CVE-2024-0737 (A vulnerability classified as problematic was found in Xlightftpd Xlig ...) - TODO: check + NOT-FOR-US: Xlightftpd Xlight FTP Server CVE-2024-0736 (A vulnerability classified as problematic has been found in EFS Easy F ...) - TODO: check + NOT-FOR-US: EFS Easy File Sharing FTP CVE-2024-0735 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) - TODO: check + NOT-FOR-US: SourceCodester Online Tours & Travels Management System CVE-2024-0734 (A vulnerability was found in Smsot up to 2.12. It has been declared as ...) - TODO: check + NOT-FOR-US: Smsot CVE-2024-0733 (A vulnerability was found in Smsot up to 2.12. It has been classified ...) - TODO: check + NOT-FOR-US: Smsot CVE-2024-0679 (The ColorMag theme for WordPress is vulnerable to unauthorized access ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-0623 (The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51928 (An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmon ...) - TODO: check + NOT-FOR-US: YonBIP CVE-2023-51927 (YonBIP v3_23.05 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: YonBIP CVE-2023-51926 (YonBIP v3_23.05 was discovered to contain an arbitrary file read vulne ...) - TODO: check + NOT-FOR-US: YonBIP CVE-2023-51925 (An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmon ...) - TODO: check + NOT-FOR-US: YonBIP CVE-2023-51924 (An arbitrary file upload vulnerability in the uap.framework.rc.itf.IRe ...) - TODO: check + NOT-FOR-US: YonBIP CVE-2023-51906 (An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute ...) - TODO: check + NOT-FOR-US: YonBIP CVE-2023-51892 (An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to ...) - TODO: check + NOT-FOR-US: weaver e-cology CVE-2023-49329 (Anomali Match before 4.6.2 allows OS Command Injection. An authenticat ...) - TODO: check + NOT-FOR-US: Anomali Match CVE-2023-47024 (Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5 ...) - TODO: check + NOT-FOR-US: NCR Terminal Handler CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth ...) - TODO: check + NOT-FOR-US: POPS! Rebel CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite dev serv ...) TODO: check CVE-2024-23329 (changedetection.io is an open source tool designed to monitor websites ...) @@ -101,9 +101,9 @@ CVE-2024-22911 (A stack-buffer-underflow vulnerability was found in SWFTools v0. - swftools <removed> NOTE: https://github.com/matthiaskramm/swftools/issues/216 CVE-2024-22877 (StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scriptin ...) - TODO: check + NOT-FOR-US: StrangeBee TheHive CVE-2024-22876 (StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to ...) - TODO: check + NOT-FOR-US: StrangeBee TheHive CVE-2024-22563 (openvswitch 2.17.8 was discovered to contain a memory leak via the fun ...) - openvswitch <undetermined> NOTE: https://github.com/openvswitch/ovs-issues/issues/315 @@ -191407,7 +191407,7 @@ CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885) NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/ CVE-2021-31314 (File upload vulnerability in ejinshan v8+ terminal security system all ...) - TODO: check + NOT-FOR-US: ejinshan v8+ terminal security system CVE-2021-31313 RESERVED CVE-2021-31312 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daabfe618448a1ea2541fdba6fb4c010e47229f1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daabfe618448a1ea2541fdba6fb4c010e47229f1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits