Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 31822729 by Salvatore Bonaccorso at 2024-01-23T22:15:39+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -14,58 +14,58 @@ CVE-2024-23848 (In the Linux kernel through 6.7.1, there is a use-after-free in - linux <unfixed> NOTE: https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952e5fd53e5%40xs4all.nl/ CVE-2024-23636 (SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA He ...) - TODO: check + NOT-FOR-US: SOFARPC CVE-2024-23348 (Improper input validation vulnerability in a-blog cms Ver.3.1.x series ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-23341 (TuiTse-TsuSin is a package for organizing the comparative corpus of Ta ...) - TODO: check + NOT-FOR-US: TuiTse-TsuSin CVE-2024-23330 (Tuta is an encrypted email service. In versions prior to 119.10, an at ...) - TODO: check + NOT-FOR-US: Tuta CVE-2024-23183 (Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series vers ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-23182 (Relative path traversal vulnerability in a-blog cms Ver.3.1.x series v ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-23181 (Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series vers ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-23180 (Improper input validation vulnerability in a-blog cms Ver.3.1.x series ...) - TODO: check + NOT-FOR-US: a-blog cms CVE-2024-22705 (An issue was discovered in ksmbd in the Linux kernel before 6.6.10. sm ...) - linux 6.6.11-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d10c77873ba1e9e6b91905018e29e196fd5f863d (6.7-rc8) CVE-2024-22663 (TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerabi ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-22662 (TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerabili ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-22660 (TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerabilit ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-22497 (Cross Site Scripting (XSS) vulnerability in /admin/login password para ...) - TODO: check + NOT-FOR-US: JFinalcms CVE-2024-22496 (Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows att ...) - TODO: check + NOT-FOR-US: JFinalcms CVE-2024-22490 (Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attac ...) - TODO: check + NOT-FOR-US: beetl-bbs CVE-2024-22417 (Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 a ...) - TODO: check + NOT-FOR-US: Whoogle Search CVE-2024-22205 (Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 a ...) - TODO: check + NOT-FOR-US: Whoogle Search CVE-2024-22204 (Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and ...) - TODO: check + NOT-FOR-US: Whoogle Search CVE-2024-22203 (Whoogle Search is a self-hosted metasearch engine. In versions prior t ...) - TODO: check + NOT-FOR-US: Whoogle Search CVE-2024-22076 (MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Cod ...) - TODO: check + NOT-FOR-US: MyQ Print Server CVE-2024-0703 (The Sticky Buttons \u2013 floating buttons builder plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7238 (A XSS payload can be uploaded as a DICOM study and when a user tries t ...) - TODO: check + NOT-FOR-US: Osimis WebViewer CVE-2023-6926 (There is an OS command injection vulnerability in Crestron AM-300 firm ...) - TODO: check + NOT-FOR-US: Crestron CVE-2023-6573 (HPE OneView may have a missing passphrase during restore.) - TODO: check + NOT-FOR-US: HPE CVE-2023-51210 (SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a re ...) - TODO: check + NOT-FOR-US: Webkul Bundle Product CVE-2023-51043 (In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a u ...) - linux 6.4.11-1 [bookworm] - linux 6.1.52-1 @@ -79,15 +79,15 @@ CVE-2023-51042 (In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 (6.5-rc1) CVE-2023-50275 (HPE OneView may allow clusterService Authentication Bypass resulting i ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-50274 (HPE OneView may allow command injection with local privilege escalatio ...) - TODO: check + NOT-FOR-US: HPE CVE-2023-49783 (Silverstripe Admin provides a basic management interface for the Silve ...) - TODO: check + NOT-FOR-US: Silverstripe Admin CVE-2023-49657 (A stored cross-site scripting (XSS) vulnerability exists in Apache Sup ...) - TODO: check + NOT-FOR-US: Apache Superset CVE-2023-48714 (Silverstripe Framework is the framework that forms the base of the Sil ...) - TODO: check + NOT-FOR-US: Silverstripe Framework CVE-2023-46343 (In the Linux kernel before 6.5.9, there is a NULL pointer dereference ...) - linux 6.5.10-1 [bookworm] - linux 6.1.64-1 @@ -95,11 +95,11 @@ CVE-2023-46343 (In the Linux kernel before 6.5.9, there is a NULL pointer derefe [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/7937609cd387246aed994e81aa4fa951358fba41 (6.6-rc7) CVE-2023-45889 (A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink One ...) - TODO: check + NOT-FOR-US: ClassLink OneClick Extension CVE-2023-44401 (The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQ ...) - TODO: check + NOT-FOR-US: Silverstripe CVE-2023-42143 (Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c ...) - TODO: check + NOT-FOR-US: Shelly CVE-2024-0755 (Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thun ...) - firefox <unfixed> - firefox-esr <unfixed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31822729fab3c0f6e716e31b4dbddaa00b54e554 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31822729fab3c0f6e716e31b4dbddaa00b54e554 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits