Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
60931f05 by Moritz Muehlenhoff at 2024-02-14T16:12:11+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -671,7 +671,7 @@ CVE-2024-25109 (ManageWiki is a MediaWiki extension
allowing users to manage wik
CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an
executables. Any ...)
- TODO: check
+ NOT-FOR-US: Node pkg
CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -695,7 +695,7 @@ CVE-2024-23323 (Envoy is a high-performance
edge/middle/service proxy. The regex
CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy
will cras ...)
- envoyproxy <itp> (bug #987544)
CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot
framework wri ...)
- TODO: check
+ NOT-FOR-US: nonebot2
CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
- angular.js <unfixed>
[buster] - angular.js <postponed> (Fix along with the next DLA)
@@ -730,7 +730,7 @@ CVE-2024-25711 (diffoscope before 256 allows directory
traversal via an embedded
NOTE:
https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
NOTE:
https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476
(256)
CVE-2024-25679 (In PQUIC before 5bde5bb, retention of unused initial
encryption keys a ...)
- TODO: check
+ NOT-FOR-US: pquic
CVE-2024-25678 (In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID
validation is mi ...)
NOT-FOR-US: LiteSpeed QUIC (LSQUIC) Library
CVE-2024-25677 (In Min before 1.31.0, local files are not correctly treated as
unique ...)
@@ -1861,7 +1861,7 @@ CVE-2024-22202 (phpMyFAQ is an open source FAQ web
application for PHP 8.1+ and
CVE-2024-1225 (A vulnerability classified as critical was found in QiboSoft
QiboCMS X ...)
NOT-FOR-US: QiboSoft QiboCMS X1
CVE-2024-0953 (When a user scans a QR Code with the QR Code Scanner feature,
the user ...)
- TODO: check
+ - firefox <not-affected> (Only affects Firefox for iOS)
CVE-2024-0323 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in B&R ...)
NOT-FOR-US: B&R Industrial Automation Automation Runtime (SDM modules)
CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility.
This iss ...)
@@ -54155,7 +54155,7 @@ CVE-2023-28020 (URL redirection in Login page in HCL
BigFix WebUI allows malicio
CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version <
14 allo ...)
NOT-FOR-US: HCL
CVE-2023-28018 (HCL Connections is vulnerable to a denial of service, caused
by improp ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack
where a ...)
NOT-FOR-US: HCL
CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare
Metal S ...)
@@ -58074,7 +58074,7 @@ CVE-2023-26564 (The Syncfusion EJ2 ASPCore File
Provider 3ac357f is vulnerable t
CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to
filesys ...)
NOT-FOR-US: Syncfusion
CVE-2023-26562 (In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account
(with 2 ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2023-26561
RESERVED
CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a
subset of aut ...)
@@ -61575,7 +61575,7 @@ CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions
prior to 2.18.1 and Dell
CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive
informati ...)
NOT-FOR-US: Dell
CVE-2023-25535 (Dell SupportAssist for Home PCs Installer Executable file
version prio ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-22660 (A heap-based buffer overflow vulnerability exists in the way
Ichitaro ...)
NOT-FOR-US: Ichitaro
CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to
Stored ...)
@@ -87448,7 +87448,7 @@ CVE-2023-20588 (A division-by-zero error on some AMD
processors can potentially
NOTE: https://xenbits.xen.org/xsa/advisory-439.html
NOTE:
https://github.com/xen-project/xen/commit/d7b78041dc819efde0350f27754a61cb01a93496
CVE-2023-20587 (Improper Access Control in System Management Mode (SMM) may
allow an a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122
Software Crimso ...)
NOT-FOR-US: AMD
CVE-2023-20585
@@ -87464,7 +87464,7 @@ CVE-2023-20581
CVE-2023-20580
RESERVED
CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may
allow a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20578
RESERVED
CVE-2023-20577
@@ -87482,7 +87482,7 @@ CVE-2023-20572
CVE-2023-20571 (A race condition in System Management Mode (SMM) code may
allow an att ...)
NOT-FOR-US: AMD
CVE-2023-20570 (Insufficient verification of data authenticity in the
configuration st ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow
an atta ...)
{DSA-5475-1 DLA-3525-1}
- amd64-microcode 3.20230719.1
@@ -132731,7 +132731,7 @@ CVE-2021-46759 (Improper syscall input validation in
AMD TEE (Trusted Execution
CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD
Secure ...)
NOT-FOR-US: AMD
CVE-2021-46757 (Insufficient checking of memory buffer in ASP Secure OS may
allow an a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the
ASP (AM ...)
NOT-FOR-US: AMD
CVE-2021-46755 (Failure to unmap certain SysHub mappings in error paths of the
ASP (AM ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60931f05cbec4f129bde22e7b66dd9045f87f877
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60931f05cbec4f129bde22e7b66dd9045f87f877
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
