Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36e919e8 by Salvatore Bonaccorso at 2024-01-22T22:44:52+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,65 +1,65 @@
CVE-2024-22895 (DedeCMS 5.7.112 has a File Upload vulnerability via
uploads/dede/modul ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-22233 (In Spring Framework versions 6.0.15 and 6.1.2, it is possible
for a us ...)
TODO: check
CVE-2024-0784 (A vulnerability was found in biantaibao octopus 1.0. It has
been class ...)
- TODO: check
+ NOT-FOR-US: biantaibao octopus
CVE-2024-0783 (A vulnerability was found in Project Worlds Online Admission
System 1. ...)
- TODO: check
+ NOT-FOR-US: Project Worlds Online Admission System
CVE-2024-0782 (A vulnerability has been found in CodeAstro Online Railway
Reservation ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Online Railway Reservation System
CVE-2024-0781 (A vulnerability, which was classified as problematic, was found
in Cod ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Internet Banking System
CVE-2024-0778 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
- TODO: check
+ NOT-FOR-US: Uniview
CVE-2024-0706
REJECTED
CVE-2024-0606 (An attacker could execute unauthorized script on a legitimate
site thr ...)
- TODO: check
+ NOT-FOR-US: Focus for iOS
CVE-2024-0605 (Using a javascript: URI with a setTimeout race condition, an
attacker ...)
- TODO: check
+ NOT-FOR-US: Focus for iOS
CVE-2024-0430 (IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of
Servic ...)
- TODO: check
+ NOT-FOR-US: IObit Malware Fighter
CVE-2024-0204 (Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1
allows ...)
- TODO: check
+ NOT-FOR-US: Fortra's GoAnywhere MFT
CVE-2023-7194 (The Meris WordPress theme through 1.1.2 does not sanitise and
escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-7170 (The EventON-RSVP WordPress plugin before 2.9.5 does not
sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7082 (The Import any XML or CSV File to WordPress plugin before 3.7.3
accept ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6626 (The Product Enquiry for WooCommerce WordPress plugin before 3.1
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6625 (The Product Enquiry for WooCommerce WordPress plugin before 3.1
does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6456 (The WP Review Slider WordPress plugin before 13.0 does not
sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6447 (The EventPrime WordPress plugin before 3.3.6 lacks
authentication and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6384 (The WP User Profile Avatar WordPress plugin before 1.0.1 does
not prop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6290 (The SEOPress WordPress plugin before 7.3 does not sanitise and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50308 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-48118 (SQL Injection vulnerability in Quest Analytics LLC IQCRM
v.2023.9.5 al ...)
- TODO: check
+ NOT-FOR-US: Quest Analytics LLC IQCRM
CVE-2023-47747 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-47746 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-47158 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-47152 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-45193 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-44395 (Autolab is a course management service that enables
instructors to off ...)
- TODO: check
+ NOT-FOR-US: Autolab
CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts
file path ...)
- TODO: check
+ NOT-FOR-US: CloudLinux CageFS
CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication
token as ...)
- TODO: check
+ NOT-FOR-US: CloudLinux CageFS
CVE-2023-46838 [xen-netback: don't produce zero-size SKB frags]
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-448.html
@@ -50129,7 +50129,7 @@ CVE-2023-27861 (IBM Maximo Application Suite - Manage
Component 8.8.0 and 8.9.0
CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose
sensiti ...)
NOT-FOR-US: IBM
CVE-2023-27859 (IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to
execute arbi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary
code execut ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition
occurs w ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36e919e8bdb4e4958cf364eb5edb9f5692a0b17d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36e919e8bdb4e4958cf364eb5edb9f5692a0b17d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
