Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f361a9bd by Salvatore Bonaccorso at 2024-01-31T21:42:36+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,97 +5,97 @@ CVE-2024-24566 (Lobe Chat is a chatbot framework that
supports speech synthesis,
CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint
versions up un ...)
TODO: check
CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23502 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22310 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22307 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22305 (Authorization Bypass Through User-Controlled Key vulnerability
in ali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22304 (Cross-Site Request Forgery (CSRF) vulnerability in Borbis
Media FreshM ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22302 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22297 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22295 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22293 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22292 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22291 (Cross-Site Request Forgery (CSRF) vulnerability in Marco
Milesi Browse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22290 (Cross-Site Request Forgery (CSRF) vulnerability in
AboZain,O7abeeb,Uni ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22287 (Cross-Site Request Forgery (CSRF) vulnerability in Lud\u011bk
Melichar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22286 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22285 (Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse
Frontpa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22282 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22163 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22162 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22161 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22160 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22159 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22158 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22153 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22150 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22146 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22143 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell
Check.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22140 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs
Profile ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22136 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes
Droit E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-21917 (A vulnerability exists in Rockwell Automation FactoryTalk\xae
Service ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-21916 (A denial-of-service vulnerability exists in specific Rockwell
Automati ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-21893 (A server-side request forgery vulnerability in the SAML
component of I ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-21888 (A privilege escalation vulnerability in web component of
Ivanti Connec ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-1116 (A vulnerability was found in openBI up to 1.0.8. It has been
classifie ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1115 (A vulnerability was found in openBI up to 1.0.8 and classified
as crit ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1114 (A vulnerability has been found in openBI up to 1.0.8 and
classified as ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1113 (A vulnerability, which was classified as critical, was found in
openBI ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker,
developed ...)
TODO: check
CVE-2024-1111 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: SourceCodester QR Code Login System
CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management
System 1 ...)
TODO: check
CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been
classifi ...)
- TODO: check
+ NOT-FOR-US: Rebuild
CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified
as pro ...)
- TODO: check
+ NOT-FOR-US: Rebuild
CVE-2024-1087
REJECTED
CVE-2024-1086 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
@@ -109,25 +109,25 @@ CVE-2024-1085 (A use-after-free vulnerability in the
Linux kernel's netfilter: n
NOTE: https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
NOTE:
https://git.kernel.org/linus/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 (6.8-rc1)
CVE-2024-0833 (In Telerik Test Studio versions prior to v2023.3.1330, a
privilege e ...)
- TODO: check
+ NOT-FOR-US: Telerik
CVE-2024-0832 (In Telerik Reporting versions prior to 2024 R1, a privilege
elevation ...)
- TODO: check
+ NOT-FOR-US: Telerik
CVE-2024-0589 (Cross-site scripting (XSS) vulnerability in the entry overview
tab in ...)
- TODO: check
+ NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2024-0219 (In Telerik JustDecompile versions prior to 2024 R1, a privilege
elevat ...)
- TODO: check
+ NOT-FOR-US: Telerik
CVE-2023-7043 (Unquoted service path in ESET products allows to drop a
prepared pro ...)
TODO: check
CVE-2023-5390 (An attacker could potentially exploit this vulnerability,
leading to f ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1
ASP webs ...)
- TODO: check
+ NOT-FOR-US: AREAL SAS Websrv1 ASP website
CVE-2023-50356 (SSL connections to NOVELL and Synology LDAP server are
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: AREAL Topkapi Vision (Server)
CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue
with an ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected
by an Gen ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The
vulnerab ...)
TODO: check
CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache
ServiceComb ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f361a9bdd74d44b234db2d08293a160734b0750d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f361a9bdd74d44b234db2d08293a160734b0750d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
