Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4e720f78 by Salvatore Bonaccorso at 2024-01-30T13:13:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,54 +3,54 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server
framework for asyn
CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
TODO: check
CVE-2024-22938 (Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a
local a ...)
- TODO: check
+ NOT-FOR-US: BossCMS
CVE-2024-22682 (DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: DuckDB
CVE-2024-22648 (A Blind SSRF vulnerability exists in the "Crawl Meta Data"
functionali ...)
- TODO: check
+ NOT-FOR-US: SEO Panel
CVE-2024-22647 (An user enumeration vulnerability was found in SEO Panel
4.10.0. This ...)
- TODO: check
+ NOT-FOR-US: SEO Panel
CVE-2024-22646 (An email address enumeration vulnerability exists in the
password rese ...)
- TODO: check
+ NOT-FOR-US: SEO Panel
CVE-2024-22643 (A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel
version ...)
- TODO: check
+ NOT-FOR-US: SEO Panel
CVE-2024-21840 (Incorrect Default Permissions vulnerability in Hitachi Storage
Plug-in ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-21803 (Use After Free vulnerability in Linux Linux kernel kernel on
Linux, x8 ...)
- linux <unfixed>
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8081
CVE-2024-21488 (Versions of the package network before 0.7.0 are vulnerable to
Arbitra ...)
TODO: check
CVE-2024-1029 (A vulnerability was found in Cogites eReserv 7.7.58 and
classified as ...)
- TODO: check
+ NOT-FOR-US: Cogites eReserv
CVE-2024-1028 (A vulnerability has been found in SourceCodester Facebook News
Feed Li ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Facebook News Feed Like
CVE-2024-1027 (A vulnerability, which was classified as critical, was found in
Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Facebook News Feed Like
CVE-2024-1026 (A vulnerability was found in Cogites eReserv 7.7.58 and
classified as ...)
- TODO: check
+ NOT-FOR-US: Cogites eReserv
CVE-2024-1024 (A vulnerability has been found in SourceCodester Facebook News
Feed Li ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Facebook News Feed Like
CVE-2024-1022 (A vulnerability, which was classified as problematic, was found
in Cod ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Simple Student Result Management System
CVE-2024-1021 (A vulnerability, which was classified as critical, has been
found in R ...)
TODO: check
CVE-2024-1020 (A vulnerability classified as problematic was found in Rebuild
up to 3 ...)
TODO: check
CVE-2023-7225 (The MapPress Maps for WordPress plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5372 (The post-authentication command injection vulnerability in
Zyxel NAS32 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-52071 (tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to
contain ...)
TODO: check
CVE-2023-51982 (CrateDB 5.5.1 is contains an authentication bypass
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: CrateDB
CVE-2023-51843 (react-dashboard 1.4.0 is vulnerable to Cross Site Scripting
(XSS) as h ...)
TODO: check
CVE-2023-51837 (Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL
Certificate Va ...)
- TODO: check
+ NOT-FOR-US: Ylianst MeshCentral
CVE-2023-51813 (Cross Site Request Forgery (CSRF) vulnerability in Free
Open-Source In ...)
- TODO: check
+ NOT-FOR-US: Free Open-Source Inventory Management System
CVE-2023-4554 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
TODO: check
CVE-2023-4553 (Improper Input Validation vulnerability in OpenText AppBuilder
on Wind ...)
@@ -62,7 +62,7 @@ CVE-2023-4551 (Improper Input Validation vulnerability in
OpenText AppBuilder on
CVE-2023-4550 (Improper Input Validation, Files or Directories Accessible to
External ...)
TODO: check
CVE-2023-49038 (Command injection in the ping utility on Buffalo LS210D
1.78-0.03 allo ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2023-45930
REJECTED
CVE-2023-45928
@@ -190,7 +190,7 @@ CVE-2023-5956 (The Wp-Adv-Quiz WordPress plugin through
1.0.2 does not sanitise
CVE-2023-5943 (The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise
and es ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5378 (Improper Input Validation vulnerability in MegaBIP and already
unsupp ...)
- TODO: check
+ NOT-FOR-US: MegaBIPMegaBIP (and SmodBIP) software
CVE-2023-5124 (The Page Builder: Pagelayer WordPress plugin before 1.8.0
doesn't prev ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51842 (An algorithm-downgrade issue was discovered in Ylianst
MeshCentral 1.1 ...)
@@ -198,7 +198,7 @@ CVE-2023-51842 (An algorithm-downgrade issue was discovered
in Ylianst MeshCentr
CVE-2023-51840 (DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic
Key.)
NOT-FOR-US: DoraCMS
CVE-2023-51839 (DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky
Cryptogr ...)
- TODO: check
+ NOT-FOR-US: DeviceFarmer stf
CVE-2023-46050
REJECTED
CVE-2023-45932
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e720f780da4b2ef53d8fafd3d05fd196764719f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e720f780da4b2ef53d8fafd3d05fd196764719f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
