Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1eafc42 by Moritz Muehlenhoff at 2024-02-07T10:46:53+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS
attack was possible vi
CVE-2024-24942 (In JetBrains TeamCity before 2023.11.3 path traversal allowed
reading ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2024-24941 (In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for
JetBrains Spac ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2024-24940 (In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was
possible ...)
- TODO: check
+ - intellij-idea <itp> (bug #747616)
CVE-2024-24939 (In JetBrains Rider before 2023.3.3 logging of environment
variables co ...)
NOT-FOR-US: JetBrains Rider
CVE-2024-24938 (In JetBrains TeamCity before 2023.11.2 limited directory
traversal was ...)
@@ -53,21 +53,21 @@ CVE-2024-23917 (In JetBrains TeamCity before 2023.11.3
authentication bypass lea
CVE-2024-23673 (Malicious code execution via path traversal in Apache Software
Foundat ...)
NOT-FOR-US: Apache Sling Servlets Resolver
CVE-2024-23447 (An issue was discovered in the Windows Network Drive Connector
when us ...)
- TODO: check
+ NOT-FOR-US: Elastic Network Drive Connector
CVE-2024-23446 (An issue was discovered by Elastic, whereby the Detection
Engine Searc ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2024-23344 (Tuleap is an Open Source Suite to improve management of
software devel ...)
NOT-FOR-US: Tuleap
CVE-2024-22520 (An issue discovered in Dronetag Drone Scanner 1.5.2 allows
attackers t ...)
- TODO: check
+ NOT-FOR-US: Dronetag Drone Scanner
CVE-2024-22519 (An issue discovered in OpenDroneID OSM 3.5.1 allows attackers
to imper ...)
- TODO: check
+ NOT-FOR-US: OpenDroneID OSM
CVE-2024-22515 (Unrestricted File Upload vulnerability in iSpyConnect.com
Agent DVR 5. ...)
NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2024-22514 (An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0
allows attack ...)
NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2024-22388 (Certain configuration available in the communication channel
for encod ...)
- TODO: check
+ NOT-FOR-US: HID Global iCLASS SE CP1000 Encoder
CVE-2024-22331 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through
7.1.2.15, ...)
NOT-FOR-US: IBM
CVE-2024-22241 (Aria Operations for Networks contains a cross site scripting
vulnerabi ...)
@@ -133,11 +133,11 @@ CVE-2024-1037 (The All-In-One Security (AIOS) \u2013
Security and Firewall plugi
CVE-2024-0977 (The Timeline Widget For Elementor (Elementor Timeline, Vertical
& Hori ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0971 (A SQL injection vulnerability exists where an authenticated,
low-privi ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2024-0955 (A stored XSS vulnerability exists where an authenticated,
remote attac ...)
- TODO: check
+ NOT-FOR-US: Nessur
CVE-2024-0849 (Leanote version 2.7.0 allows obtaining arbitrary local files.
This is ...)
- TODO: check
+ NOT-FOR-US: Leanote
CVE-2024-0628 (The WP RSS Aggregator plugin for WordPress is vulnerable to
Server-Sid ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0256 (The Starbox plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
@@ -161,29 +161,29 @@ CVE-2023-46683 (A post authentication command injection
vulnerability exists wh
CVE-2023-46183 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00
through FW ...)
NOT-FOR-US: IBM
CVE-2023-45735 (A potential attacker with access to the Westermo Lynx device
may be ab ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-45227 (An attacker with access to the web application with vulnerable
softwar ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-45222 (An attacker with access to the web application that has the
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-45213 (A potential attacker with access to the Westermo Lynx device
would be ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-43482 (A command execution vulnerability exists in the guest resource
functio ...)
NOT-FOR-US: Tp-Link
CVE-2023-42765 (An attacker with access to the vulnerable software could
introduce arb ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-42664 (A post authentication command injection vulnerability exists
when sett ...)
NOT-FOR-US: Tp-Link
CVE-2023-40545 (Authenticationbypass when an OAuth2 Client is using
client_secret_jwt ...)
- TODO: check
+ NOT-FOR-US: Ping Identity PingFederate
CVE-2023-40544 (An attacker with access to the network where the affected
devices are ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-40355 (Cross Site Scripting (XSS) vulnerability in Axigen versions
10.3.3.0 b ...)
NOT-FOR-US: Axigen
CVE-2023-40143 (An attacker with access to the Westermo Lynx web application
that has ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-38579 (The cross-site request forgery token in the request may be
predictable ...)
- TODO: check
+ NOT-FOR-US: Westermo Lynx
CVE-2023-36498 (A post-authentication command injection vulnerability exists
in the PP ...)
NOT-FOR-US: Tp-Link
CVE-2023-35188 (SQL Injection Remote Code Execution Vulnerability was found
using a cr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1eafc427c1c72d0b0ab2625db8ba87b7e516322
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1eafc427c1c72d0b0ab2625db8ba87b7e516322
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
