Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0348c0d2 by Salvatore Bonaccorso at 2024-02-07T10:18:42+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,103 +35,103 @@ CVE-2024-24255 (A Race Condition discovered in
geofence.cpp and mission_feasibil
CVE-2024-24254 (PX4 Autopilot 1.14 and earlier, due to the lack of
synchronization mec ...)
NOT-FOR-US: PX4 Autopilot
CVE-2024-24019 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1
and prio ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2024-24015 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1
and prio ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2024-24013 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1
and prio ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2024-24004 (jshERP v3.3 is vulnerable to SQL Injection. The
com.jsh.erp.controller ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2024-24002 (jshERP v3.3 is vulnerable to SQL Injection. The
com.jsh.erp.controller ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2024-24001 (jshERP v3.3 is vulnerable to SQL Injection. via the
com.jsh.erp.contro ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2024-24000 (jshERP v3.3 is vulnerable to Arbitrary File Upload. The
jshERP-boot/sy ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2024-23917 (In JetBrains TeamCity before 2023.11.3 authentication bypass
leading t ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-23673 (Malicious code execution via path traversal in Apache Software
Foundat ...)
- TODO: check
+ NOT-FOR-US: Apache Sling Servlets Resolver
CVE-2024-23447 (An issue was discovered in the Windows Network Drive Connector
when us ...)
TODO: check
CVE-2024-23446 (An issue was discovered by Elastic, whereby the Detection
Engine Searc ...)
TODO: check
CVE-2024-23344 (Tuleap is an Open Source Suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2024-22520 (An issue discovered in Dronetag Drone Scanner 1.5.2 allows
attackers t ...)
TODO: check
CVE-2024-22519 (An issue discovered in OpenDroneID OSM 3.5.1 allows attackers
to imper ...)
TODO: check
CVE-2024-22515 (Unrestricted File Upload vulnerability in iSpyConnect.com
Agent DVR 5. ...)
- TODO: check
+ NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0
allows attack ...)
- TODO: check
+ NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2024-22388 (Certain configuration available in the communication channel
for encod ...)
TODO: check
CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through
7.1.2.15, ...)
NOT-FOR-US: IBM
CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22240 (Aria Operations for Networks contains a local file read
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22239 (Aria Operations for Networks contains a local privilege
escalation vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22238 (Aria Operations for Networks contains a cross site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22237 (Aria Operations for Networks contains a local privilege
escalation vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-22022 (Vulnerability CVE-2024-22022 allows a Veeam Recovery
Orchestrator user ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-22021 (VulnerabilityCVE-2024-22021 allowsaVeeam Recovery Orchestrator
user wi ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-1269 (A vulnerability has been found in SourceCodester Product
Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Product Management System
CVE-2024-1268 (A vulnerability, which was classified as critical, was found in
CodeAs ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Restaurant POS System
CVE-2024-1267 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Restaurant POS System
CVE-2024-1266 (A vulnerability classified as problematic was found in
CodeAstro Unive ...)
- TODO: check
+ NOT-FOR-US: CodeAstro University Management System
CVE-2024-1265 (A vulnerability classified as problematic has been found in
CodeAstro ...)
- TODO: check
+ NOT-FOR-US: CodeAstro University Management System
CVE-2024-1264 (A vulnerability has been found in Juanpao JPShop up to 1.5.02
and clas ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1263 (A vulnerability, which was classified as critical, was found in
Juanpa ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1262 (A vulnerability, which was classified as critical, has been
found in J ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1261 (A vulnerability classified as critical was found in Juanpao
JPShop up ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1260 (A vulnerability classified as critical has been found in
Juanpao JPSho ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1259 (A vulnerability was found in Juanpao JPShop up to 1.5.02. It
has been ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1258 (A vulnerability was found in Juanpao JPShop up to 1.5.02. It
has been ...)
- TODO: check
+ NOT-FOR-US: Juanpao JPShop
CVE-2024-1257 (A vulnerability was found in Jspxcms 10.2.0. It has been
classified as ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2024-1256 (A vulnerability was found in Jspxcms 10.2.0 and classified as
problema ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2024-1255 (A vulnerability has been found in sepidz SepidzDigitalMenu up
to 7.1.0 ...)
- TODO: check
+ NOT-FOR-US: SepidzDigitalMenu
CVE-2024-1254 (A vulnerability, which was classified as critical, was found in
Beijin ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S20 Management Platform
CVE-2024-1253 (A vulnerability, which was classified as critical, has been
found in B ...)
- TODO: check
+ NOT-FOR-US: Beijing Baichuo Smart S40 Management Platform
CVE-2024-1252 (A vulnerability classified as critical was found in Tongda OA
2017 up ...)
- TODO: check
+ NOT-FOR-US: Tongda
CVE-2024-1251 (A vulnerability classified as critical has been found in Tongda
OA 201 ...)
- TODO: check
+ NOT-FOR-US: Tongda
CVE-2024-1079 (The Quiz Maker plugin for WordPress is vulnerable to
unauthorized acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1078 (The Quiz Maker plugin for WordPress is vulnerable to
unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1055 (The PowerPack Addons for Elementor (Free Widgets, Extensions
and Templ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1037 (The All-In-One Security (AIOS) \u2013 Security and Firewall
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0977 (The Timeline Widget For Elementor (Elementor Timeline, Vertical
& Hori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0971 (A SQL injection vulnerability exists where an authenticated,
low-privi ...)
TODO: check
CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated,
remote attac ...)
@@ -139,25 +139,25 @@ CVE-2024-0955 (A stored XSS vulnerability exists where an
authenticated, remote
CVE-2024-0849 (Leanote version 2.7.0 allows obtaining arbitrary local files.
This is ...)
TODO: check
CVE-2024-0628 (The WP RSS Aggregator plugin for WordPress is vulnerable to
Server-Sid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0256 (The Starbox plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6388 (Suite CRM version 7.14.2 allows making arbitrary HTTP requests
through ...)
- TODO: check
+ NOT-FOR-US: Suite CRM
CVE-2023-5584
REJECTED
CVE-2023-50395 (SQL Injection Remote Code Execution Vulnerability was found
using an u ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2023-47618 (A post authentication command execution vulnerability exists
in the we ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-47617 (A post authentication command injection vulnerability exists
when conf ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-47209 (A post authentication command injection vulnerability exists
in the ip ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-47167 (A post authentication command injection vulnerability exists
in the GR ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-46683 (A post authentication command injection vulnerability exists
when con ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00
through FW ...)
NOT-FOR-US: IBM
CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device
may be ab ...)
@@ -169,25 +169,25 @@ CVE-2023-45222 (An attacker with access to the web
application that has the vuln
CVE-2023-45213 (A potential attacker with access to the Westermo Lynx device
would be ...)
TODO: check
CVE-2023-43482 (A command execution vulnerability exists in the guest resource
functio ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-42765 (An attacker with access to the vulnerable software could
introduce arb ...)
TODO: check
CVE-2023-42664 (A post authentication command injection vulnerability exists
when sett ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-40545 (Authenticationbypass when an OAuth2 Client is using
client_secret_jwt ...)
TODO: check
CVE-2023-40544 (An attacker with access to the network where the affected
devices are ...)
TODO: check
CVE-2023-40355 (Cross Site Scripting (XSS) vulnerability in Axigen versions
10.3.3.0 b ...)
- TODO: check
+ NOT-FOR-US: Axigen
CVE-2023-40143 (An attacker with access to the Westermo Lynx web application
that has ...)
TODO: check
CVE-2023-38579 (The cross-site request forgery token in the request may be
predictable ...)
TODO: check
CVE-2023-36498 (A post-authentication command injection vulnerability exists
in the PP ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-35188 (SQL Injection Remote Code Execution Vulnerability was found
using a cr ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-1271 [privileges escalation from root to domain admin]
- freeipa <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262978
@@ -461,13 +461,13 @@ CVE-2023-51951 (SQL Injection vulnerability in Stock
Management System 1.0 allow
CVE-2023-4637 (The WPvivid plugin for WordPress is vulnerable to unauthorized
access ...)
NOT-FOR-US: WordPress plugin
CVE-2023-47889 (The Android application BINHDRM26 com.bdrm.superreboot 1.0.3,
exposes ...)
- TODO: check
+ NOT-FOR-US: Android application BINHDRM26 com.bdrm.superreboot
CVE-2023-47354 (An issue in the PowerOffWidgetReceiver function of Super
Reboot (Root) ...)
TODO: check
CVE-2023-47353 (An issue in the com.oneed.dvr.service.DownloadFirmwareService
componen ...)
TODO: check
CVE-2023-47022 (An issue in NCR Terminal Handler v.1.5.1 allows a remote
attacker to e ...)
- TODO: check
+ NOT-FOR-US: NCR Terminal Handler
CVE-2023-46360 (Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is
vulnerable ...)
NOT-FOR-US: Hardy Barth cPH2 eCharge Ladestation
CVE-2023-46359 (An OS command injection vulnerability in Hardy Barth cPH2
eCharge Lade ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0348c0d2584dea5bf3153392a16cf6212e1cabb2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0348c0d2584dea5bf3153392a16cf6212e1cabb2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
