Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f15f187d by Moritz Mühlenhoff at 2024-02-02T10:57:18+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -119,7 +119,7 @@ CVE-2023-50327 (IBM PowerSC 1.3, 2.0, and 2.1 uses insecure
HTTP methods which c
CVE-2023-50326 (IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account
lockout setti ...)
NOT-FOR-US: IBM
CVE-2023-4472 (Objectplanet Opinio version 7.22 and prior uses a
cryptographically we ...)
- TODO: check
+ NOT-FOR-US: Objectplanet Opinio
CVE-2023-49617 (The MachineSense application programmable interface (API) is
improperl ...)
NOT-FOR-US: MachineSense
CVE-2023-49610 (MachineSense FeverWarn Raspberry Pi-based devices lack input
sanitizat ...)
@@ -155,7 +155,7 @@ CVE-2023-38020 (IBM SOAR QRadar Plugin App 1.0 through
5.0.3 could allow an auth
CVE-2023-38019 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a
remote atta ...)
NOT-FOR-US: IBM
CVE-2023-36496 (Delegated Admin Privilege virtual attribute provider plugin,
when enab ...)
- TODO: check
+ NOT-FOR-US: pingidentity
CVE-2023-32333 (IBM Maximo Asset Management 7.6.1.3 could allow a remote
attacker to l ...)
NOT-FOR-US: IBM
CVE-2024-24754 (Bref enable serverless PHP on AWS Lambda. When Bref is used
with the E ...)
@@ -165,21 +165,21 @@ CVE-2024-24753 (Bref enable serverless PHP on AWS Lambda.
When Bref is used in c
CVE-2024-24752 (Bref enable serverless PHP on AWS Lambda. When Bref is used
with the E ...)
NOT-FOR-US: Bref
CVE-2024-24570 (Statamic is a Laravel and Git powered CMS. HTML files crafted
to look ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2024-24569 (The Pixee Java Code Security Toolkit is a set of security APIs
meant t ...)
- TODO: check
+ NOT-FOR-US: Pixee Java Code Security Toolkit
CVE-2024-24561 (Vyper is a pythonic Smart Contract Language for the ethereum
virtual m ...)
NOT-FOR-US: Vyper
CVE-2024-24557 (Moby is an open-source project created by Docker to enable
software co ...)
TODO: check
CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting
(XSS) vi ...)
- TODO: check
+ NOT-FOR-US: springboot-manager
CVE-2024-24061 (springboot-manager v1.6 is vulnerable to Cross Site Scripting
(XSS) vi ...)
- TODO: check
+ NOT-FOR-US: springboot-manager
CVE-2024-24060 (springboot-manager v1.6 is vulnerable to Cross Site Scripting
(XSS) vi ...)
- TODO: check
+ NOT-FOR-US: springboot-manager
CVE-2024-24059 (springboot-manager v1.6 is vulnerable to Arbitrary File
Upload. The sy ...)
- TODO: check
+ NOT-FOR-US: springboot-manager
CVE-2024-23832 (Mastodon is a free, open-source social network server based on
Activit ...)
- mastodon <itp> (bug #859741)
CVE-2024-23645 (GLPI is a Free Asset and IT Management Software package. A
malicious U ...)
@@ -334,7 +334,7 @@ CVE-2024-21626 (runc is a CLI tool for spawning and running
containers on Linux
CVE-2024-24579 (stereoscope is a go library for processing container images
and simula ...)
TODO: check
CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech
synthesis, multi ...)
- TODO: check
+ NOT-FOR-US: Lobe Chat
CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint
versions up un ...)
NOT-FOR-US: OctoPrint
CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -420,7 +420,7 @@ CVE-2024-1114 (A vulnerability has been found in openBI up
to 1.0.8 and classifi
CVE-2024-1113 (A vulnerability, which was classified as critical, was found in
openBI ...)
NOT-FOR-US: openBI
CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker,
developed ...)
- TODO: check
+ NOT-FOR-US: Resource Hacker
CVE-2024-1111 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: SourceCodester QR Code Login System
CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management
System 1 ...)
@@ -462,7 +462,7 @@ CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is
affected by an XSS issue wi
CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected
by an Gen ...)
NOT-FOR-US: Pega Platform
CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The
vulnerab ...)
- TODO: check
+ - label-studio <itp> (bug #1026232)
CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache
ServiceComb ...)
NOT-FOR-US: Apache ServiceComb Service-Center
CVE-2023-44312 (Exposure of Sensitive Information to an Unauthorized Actor in
Apache S ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f15f187da1d2ffffbd3c93c30992ebf20533fa3c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f15f187da1d2ffffbd3c93c30992ebf20533fa3c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
