Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30e7764d by Salvatore Bonaccorso at 2024-02-02T21:44:42+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,101 +1,101 @@
CVE-2024-25006 (XenForo before 2.2.14 allows Directory Traversal (with write
access) b ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2024-25001
REJECTED
CVE-2024-24760 (mailcow is a dockerized email package, with multiple
containers linked ...)
- TODO: check
+ NOT-FOR-US: mailcow
CVE-2024-24757 (open-irs is an issue response robot that reponds to issues in
the inst ...)
TODO: check
CVE-2024-24560 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2024-24470 (Cross Site Request Forgery vulnerability in flusity-CMS v.2.33
allows ...)
- TODO: check
+ NOT-FOR-US: flusity-CMS
CVE-2024-24388 (Cross-site scripting (XSS) vulnerability in XunRuiCMS versions
v4.6.2 ...)
- TODO: check
+ NOT-FOR-US: XunRuiCMS
CVE-2024-24161 (MRCMS 3.0 contains an Arbitrary File Read vulnerability in
/admin/file ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2024-24160 (MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability
via /adm ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2024-24029 (JFinalCMS 5.0.0 is vulnerable to SQL injection via
/admin/content/data ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2024-23895 (A vulnerability has been reported in Cups Easy (Purchase &
Inventory), ...)
- TODO: check
+ NOT-FOR-US: Cups Easy (Purchase & Inventory)
CVE-2024-23831 (LedgerSMB is a free web-based double-entry accounting system.
When a L ...)
TODO: check
CVE-2024-23824 (mailcow is a dockerized email package, with multiple
containers linked ...)
- TODO: check
+ NOT-FOR-US: mailcow
CVE-2024-23635 (AntiSamy is a library for performing fast, configurable
cleansing of H ...)
TODO: check
CVE-2024-22851 (Directory Traversal Vulnerability in LiveConfig before v.2.5.2
allows ...)
- TODO: check
+ NOT-FOR-US: LiveConfig
CVE-2024-22108 (An issue was discovered in GTB Central Console
15.17.1-30814.NG. The m ...)
- TODO: check
+ NOT-FOR-US: GTB Central Console
CVE-2024-22107 (An issue was discovered in GTB Central Console
15.17.1-30814.NG. The m ...)
- TODO: check
+ NOT-FOR-US: GTB Central Console
CVE-2024-1201 (Search path or unquoted item vulnerability in HDD Health
affecting ver ...)
- TODO: check
+ NOT-FOR-US: HDD Health
CVE-2024-1192 (A vulnerability was found in South River WebDrive 18.00.5057.
It has b ...)
- TODO: check
+ NOT-FOR-US: South River WebDrive
CVE-2024-1191 (A vulnerability was found in Hyper CdCatalog 2.3.1. It has been
classi ...)
- TODO: check
+ NOT-FOR-US: Hyper CdCatalog
CVE-2024-1190 (A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and
classifi ...)
- TODO: check
+ NOT-FOR-US: Global Scape CuteFTP
CVE-2024-1189 (A vulnerability has been found in AMPPS 2.7 and classified as
problema ...)
- TODO: check
+ NOT-FOR-US: AMPPS
CVE-2024-1188 (A vulnerability, which was classified as problematic, was found
in Riz ...)
- TODO: check
+ NOT-FOR-US: Rizone Soft Notepad3
CVE-2024-1187 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Munsoft Easy Outlook Express Recovery
CVE-2024-1186 (A vulnerability classified as problematic was found in Munsoft
Easy Ar ...)
- TODO: check
+ NOT-FOR-US: Munsoft Easy Archive Recovery
CVE-2024-1185 (A vulnerability classified as problematic has been found in
Nsasoft NB ...)
- TODO: check
+ NOT-FOR-US: Nsasoft NBMonitor Network Bandwidth Monitor
CVE-2024-1184 (A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It
has be ...)
- TODO: check
+ NOT-FOR-US: Nsasoft Network Sleuth
CVE-2024-0963 (The Calculated Fields Form plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0844 (The Popup More Popups, Lightboxes, and more popup modules
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0338 (A buffer overflow vulnerability has been found in XAMPP
affecting vers ...)
TODO: check
CVE-2024-0269 (ManageEngine ADAudit Plus versions7270and below are vulnerable
to the ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2024-0253 (ManageEngine ADAudit Plus versions7270and below are vulnerable
to the ...)
- TODO: check
+ NOT-FOR-US: ManageEngine
CVE-2023-6676 (Cross-Site Request Forgery (CSRF) vulnerability in National
Keep Cyber ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2023-6675 (Unrestricted Upload of File with Dangerous Type vulnerability
in Natio ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2023-6673 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2023-6672 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: National Keep Cyber Security Services CyberMath
CVE-2023-6387 (A potential buffer overflow exists in the Bluetooth LE HCI CPC
sample ...)
TODO: check
CVE-2023-51838 (Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or
Risky Crypt ...)
- TODO: check
+ NOT-FOR-US: Ylianst MeshCentral
CVE-2023-51820 (An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558
allows ...)
- TODO: check
+ NOT-FOR-US: Blurams Lumi Security Camera (A31C)
CVE-2023-51072 (A stored cross-site scripting (XSS) vulnerability in the NOC
component ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2023-50488 (An issue in Blurams Lumi Security Camera (A31C)
v23.0406.435.4120 allo ...)
- TODO: check
+ NOT-FOR-US: Blurams Lumi Security Camera (A31C)
CVE-2023-50359 (An unchecked return value vulnerability has been reported to
affect se ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-48645 (An issue was discovered in the Archibus app 4.0.3 for iOS. It
uses a l ...)
- TODO: check
+ NOT-FOR-US: Archibus app
CVE-2023-47568 (A SQL injection vulnerability has been reported to affect
several QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47567 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47566 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47564 (An incorrect permission assignment for critical resource
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47562 (An OS command injection vulnerability has been reported to
affect Phot ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47561 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47148 (IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin
Console ...)
NOT-FOR-US: IBM
CVE-2023-47144 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0
through 7. ...)
@@ -105,61 +105,61 @@ CVE-2023-47143 (IBM Tivoli Application Dependency
Discovery Manager 7.3.0.0 thro
CVE-2023-47142 (IBM Tivoli Application Dependency Discovery Manager 7.3.0.0
through 7. ...)
NOT-FOR-US: IBM
CVE-2023-45037 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45036 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45035 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45028 (An uncontrolled resource consumption vulnerability has been
reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45027 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45026 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45025 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41292 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41283 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41282 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41281 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41280 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41279 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41278 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41277 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41276 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41275 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41274 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41273 (A heap-based buffer overflow vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39611 (An issue in Software FX Chart FX 7 version 7.0.4962.20829
allows attac ...)
TODO: check
CVE-2023-39303 (An improper authentication vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39302 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39297 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-38273 (IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an
inadequate ...)
NOT-FOR-US: IBM
CVE-2023-37530 (A cross-site scripting (XSS) vulnerability in the Web Reports
componen ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37529 (A cross-site scripting (XSS) vulnerability in the Web Reports
componen ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37527 (A reflected cross-site scripting (XSS) vulnerability in the
Web Report ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-32967 (An incorrect authorization vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-XXXX [GHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow]
- rust-snow <unfixed> (bug #1062663)
NOTE:
https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3
@@ -74382,7 +74382,7 @@ CVE-2022-47074
CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create
Ticket page o ...)
NOT-FOR-US: Small CRM
CVE-2022-47072 (SQL injection vulnerability in Enterprise Architect 16.0.1605
32-bit a ...)
- TODO: check
+ NOT-FOR-US: Enterprise Architect
CVE-2022-47071 (In NVS365 V01, the background network test function can
trigger comman ...)
NOT-FOR-US: NVS365 V01
CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After
entering a ...)
@@ -113116,7 +113116,7 @@ CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions
before 1.03.10 contain an
CVE-2022-34382 (Dell Command Update, Dell Update and Alienware Update versions
prior t ...)
NOT-FOR-US: Dell
CVE-2022-34381 (Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5,
and Dell B ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an
Authenticatio ...)
NOT-FOR-US: Dell
CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an
Authenticat ...)
@@ -218336,7 +218336,7 @@ CVE-2021-21577 (Dell EMC iDRAC9 versions prior to
4.40.40.00 contain a DOM-based
CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a
DOM-based cross ...)
NOT-FOR-US: EMC
CVE-2021-21575 (Dell BSAFE Micro Edition Suite,versions before 4.5.2, contain
an Obser ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow
vulnerability. An ...)
NOT-FOR-US: Dell
CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow
vulnerability. An ...)
@@ -227203,7 +227203,7 @@ CVE-2020-29506 (Dell BSAFE Crypto-C Micro Edition,
versions before 4.1.5, and De
CVE-2020-29505 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
NOT-FOR-US: Dell
CVE-2020-29504 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-29503 (Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a
file per ...)
NOT-FOR-US: EMC PowerStore
CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a
Plain-Te ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e7764da3c704a6aa463104f748a72c022e3125
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e7764da3c704a6aa463104f748a72c022e3125
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
