Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fcb827c1 by Salvatore Bonaccorso at 2024-02-01T21:25:35+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,15 +1,15 @@ CVE-2024-24754 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...) - TODO: check + NOT-FOR-US: Bref CVE-2024-24753 (Bref enable serverless PHP on AWS Lambda. When Bref is used in combina ...) - TODO: check + NOT-FOR-US: Bref CVE-2024-24752 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...) - TODO: check + NOT-FOR-US: Bref CVE-2024-24570 (Statamic is a Laravel and Git powered CMS. HTML files crafted to look ...) TODO: check CVE-2024-24569 (The Pixee Java Code Security Toolkit is a set of security APIs meant t ...) TODO: check CVE-2024-24561 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) - TODO: check + NOT-FOR-US: Vyper CVE-2024-24557 (Moby is an open-source project created by Docker to enable software co ...) TODO: check CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) @@ -25,27 +25,27 @@ CVE-2024-23832 (Mastodon is a free, open-source social network server based on A CVE-2024-23645 (GLPI is a Free Asset and IT Management Software package. A malicious U ...) TODO: check CVE-2024-23328 (Dataease is an open source data visualization analysis tool. A deseria ...) - TODO: check + NOT-FOR-US: Dataease CVE-2024-22939 (Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remo ...) - TODO: check + NOT-FOR-US: FlyCms CVE-2024-22936 (Cross-site scripting (XSS) vulnerability in Parents & Student Portal i ...) - TODO: check + NOT-FOR-US: Parents & Student Portal in Genesis School Management Systems CVE-2024-22449 (Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a miss ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22433 (Dell Data Protection Search 19.2.0 and above contain an exposed passwo ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22430 (Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incor ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-21750 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1167 (When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information un ...) - TODO: check + NOT-FOR-US: SEW-EURODRIVE MOVITOOLS MotionStudio CVE-2024-1141 (A vulnerability was found in python-glance-store. The issue occurs whe ...) TODO: check CVE-2024-0935 (An insertion of Sensitive Information into Log File vulnerability is a ...) - TODO: check + NOT-FOR-US: DELMIA Apriso CVE-2024-0704 REJECTED CVE-2023-6078 (An OS Command Injection vulnerability exists in BIOVIA Materials Studi ...) @@ -53,71 +53,71 @@ CVE-2023-6078 (An OS Command Injection vulnerability exists in BIOVIA Materials CVE-2023-5841 (Due to a failure in validating the number of scanline samples of a Ope ...) TODO: check CVE-2023-52195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52191 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52175 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-52118 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51835 (An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to e ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-51695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51691 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51689 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51685 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51669 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51666 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51514 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51446 (GLPI is a Free Asset and IT Management Software package. When authenti ...) TODO: check CVE-2023-37621 (An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers ...) - TODO: check + NOT-FOR-US: Fronius Datalogger Web CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...) - minio <itp> (bug #859207) CVE-2024-24573 (facileManager is a modular suite of web apps built with the sysadmin i ...) @@ -171,7 +171,7 @@ CVE-2024-24579 (stereoscope is a go library for processing container images and CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...) TODO: check CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...) - TODO: check + NOT-FOR-US: OctoPrint CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) @@ -259,7 +259,7 @@ CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker, deve CVE-2024-1111 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: SourceCodester QR Code Login System CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...) - TODO: check + NOT-FOR-US: CodeAstro Real Estate Management System CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been classifi ...) NOT-FOR-US: Rebuild CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified as pro ...) @@ -299,9 +299,9 @@ CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The vulnerab ...) TODO: check CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb ...) - TODO: check + NOT-FOR-US: Apache ServiceComb Service-Center CVE-2023-44312 (Exposure of Sensitive Information to an Unauthorized Actor in Apache S ...) - TODO: check + NOT-FOR-US: Apache ServiceComb Service-Center CVE-2024-24567 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) NOT-FOR-US: Vyper CVE-2024-23834 (Discourse is an open-source discussion platform. Improperly sanitized ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcb827c1cd66ed04c2f0ec766d4493e9fa480ec5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcb827c1cd66ed04c2f0ec766d4493e9fa480ec5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits