Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fcb827c1 by Salvatore Bonaccorso at 2024-02-01T21:25:35+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2024-24754 (Bref enable serverless PHP on AWS Lambda. When Bref is used
with the E ...)
- TODO: check
+ NOT-FOR-US: Bref
CVE-2024-24753 (Bref enable serverless PHP on AWS Lambda. When Bref is used in
combina ...)
- TODO: check
+ NOT-FOR-US: Bref
CVE-2024-24752 (Bref enable serverless PHP on AWS Lambda. When Bref is used
with the E ...)
- TODO: check
+ NOT-FOR-US: Bref
CVE-2024-24570 (Statamic is a Laravel and Git powered CMS. HTML files crafted
to look ...)
TODO: check
CVE-2024-24569 (The Pixee Java Code Security Toolkit is a set of security APIs
meant t ...)
TODO: check
CVE-2024-24561 (Vyper is a pythonic Smart Contract Language for the ethereum
virtual m ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-24557 (Moby is an open-source project created by Docker to enable
software co ...)
TODO: check
CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting
(XSS) vi ...)
@@ -25,27 +25,27 @@ CVE-2024-23832 (Mastodon is a free, open-source social
network server based on A
CVE-2024-23645 (GLPI is a Free Asset and IT Management Software package. A
malicious U ...)
TODO: check
CVE-2024-23328 (Dataease is an open source data visualization analysis tool. A
deseria ...)
- TODO: check
+ NOT-FOR-US: Dataease
CVE-2024-22939 (Cross Site Request Forgery vulnerability in FlyCms v.1.0
allows a remo ...)
- TODO: check
+ NOT-FOR-US: FlyCms
CVE-2024-22936 (Cross-site scripting (XSS) vulnerability in Parents & Student
Portal i ...)
- TODO: check
+ NOT-FOR-US: Parents & Student Portal in Genesis School Management
Systems
CVE-2024-22449 (Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x
contains a miss ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-22433 (Dell Data Protection Search 19.2.0 and above contain an
exposed passwo ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-22430 (Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains
an incor ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-22148 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-21750 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1167 (When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML
information un ...)
- TODO: check
+ NOT-FOR-US: SEW-EURODRIVE MOVITOOLS MotionStudio
CVE-2024-1141 (A vulnerability was found in python-glance-store. The issue
occurs whe ...)
TODO: check
CVE-2024-0935 (An insertion of Sensitive Information into Log File
vulnerability is a ...)
- TODO: check
+ NOT-FOR-US: DELMIA Apriso
CVE-2024-0704
REJECTED
CVE-2023-6078 (An OS Command Injection vulnerability exists in BIOVIA
Materials Studi ...)
@@ -53,71 +53,71 @@ CVE-2023-6078 (An OS Command Injection vulnerability exists
in BIOVIA Materials
CVE-2023-5841 (Due to a failure in validating the number of scanline samples
of a Ope ...)
TODO: check
CVE-2023-52195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52194 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52193 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52192 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52191 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52189 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52188 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52175 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52118 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51835 (An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local
attacker to e ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-51695 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51693 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51691 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51690 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51689 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51685 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51684 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51677 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51674 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51669 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51666 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51548 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51540 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51534 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51532 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51520 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51514 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51506 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51446 (GLPI is a Free Asset and IT Management Software package. When
authenti ...)
TODO: check
CVE-2023-37621 (An issue in Fronius Datalogger Web v.2.0.5-4, allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Fronius Datalogger Web
CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone
creates an ac ...)
- minio <itp> (bug #859207)
CVE-2024-24573 (facileManager is a modular suite of web apps built with the
sysadmin i ...)
@@ -171,7 +171,7 @@ CVE-2024-24579 (stereoscope is a go library for processing
container images and
CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech
synthesis, multi ...)
TODO: check
CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint
versions up un ...)
- TODO: check
+ NOT-FOR-US: OctoPrint
CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -259,7 +259,7 @@ CVE-2024-1112 (Heap-based buffer overflow vulnerability in
Resource Hacker, deve
CVE-2024-1111 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: SourceCodester QR Code Login System
CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Real Estate Management System
CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been
classifi ...)
NOT-FOR-US: Rebuild
CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified
as pro ...)
@@ -299,9 +299,9 @@ CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity
23.1.0 are affected by
CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The
vulnerab ...)
TODO: check
CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache
ServiceComb ...)
- TODO: check
+ NOT-FOR-US: Apache ServiceComb Service-Center
CVE-2023-44312 (Exposure of Sensitive Information to an Unauthorized Actor in
Apache S ...)
- TODO: check
+ NOT-FOR-US: Apache ServiceComb Service-Center
CVE-2024-24567 (Vyper is a pythonic Smart Contract Language for the ethereum
virtual m ...)
NOT-FOR-US: Vyper
CVE-2024-23834 (Discourse is an open-source discussion platform. Improperly
sanitized ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcb827c1cd66ed04c2f0ec766d4493e9fa480ec5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcb827c1cd66ed04c2f0ec766d4493e9fa480ec5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
