Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed11b07c by Salvatore Bonaccorso at 2024-02-14T22:33:46+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50,17 +50,17 @@ CVE-2024-24990 (When NGINX Plus or NGINX OSS are configured
to use the HTTP/3 QU
CVE-2024-24989 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3
QUIC mod ...)
TODO: check
CVE-2024-24966 (When LDAP remote authentication is configured on F5OS, a
remote user w ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-24775 (When a virtual server is enabled with VLAN group and SNAT
listener is ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23982 (When a BIG-IP PEM classification profile is configured on a
UDP virtua ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23979 (When SSL Client Certificate LDAP or Certificate Revocation
List Distri ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23976 (When running in Appliance mode, an authenticated attacker
assigned the ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23805 (Undisclosed requests can cause the Traffic Management
Microkernel (TMM ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23789 (Energy Management Controller with Cloud Services JH-RVB1
/JH-RV11 Ver. ...)
NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1
/JH-RV11
CVE-2024-23788 (Server-side request forgery vulnerability in Energy Management
Control ...)
@@ -76,29 +76,29 @@ CVE-2024-23784 (Improper access control vulnerability
exists in Energy Managemen
CVE-2024-23783 (Improper authentication vulnerability in Energy Management
Controller ...)
NOT-FOR-US: Energy Management Controller with Cloud Services JH-RVB1
/JH-RV11
CVE-2024-23607 (A directory traversal vulnerability exists in the F5OS QKView
utility ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23603 (An SQL injection vulnerability exists in an undisclosed page
of the BI ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23314 (When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK
systems, undisc ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23308 (When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request
Body Ha ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-23306 (A vulnerability exists in BIG-IP Next CNF and SPK systems that
may all ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-22389 (When BIG-IP is deployed in high availability (HA) and an
iControl REST ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-22093 (When running in appliance mode, an authenticated remote
command inject ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21849 (When an Advanced WAF/ASM security policy and a Websockets
profile are ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21789 (When a BIG-IP ASM/Advanced WAF security policy is configured
on a virt ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21782 (BIG-IP or BIG-IQ Resource Administrators and Certificate
Managers who ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21771 (For unspecified traffic patterns, BIG-IP AFM IPS engine may
spend an e ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-21763 (When BIG-IP AFM Device DoS or DoS profile is configured with
NXDOMAIN ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2024-0568 (CWE-287: Improper Authentication vulnerability exists that
could cause ...)
NOT-FOR-US: Schneider Electric
CVE-2024-0011 (A reflected cross-site scripting (XSS) vulnerability in the
Captive Po ...)
@@ -112,13 +112,13 @@ CVE-2024-0008 (Web sessions in the management interface
in Palo Alto Networks PA
CVE-2024-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto
Networks PAN-O ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-6441 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: UNI-PA University Marketing & Computer Internet Trade Inc.
University Information System
CVE-2023-6409 (CWE-798: Use of Hard-coded Credentials vulnerability exists
that could ...)
NOT-FOR-US: Schneider Electric
CVE-2023-6408 (CWE-924: Improper Enforcement of Message Integrity During
Transmission ...)
NOT-FOR-US: Schneider Electric
CVE-2023-5123 (The JSON datasource plugin (
https://grafana.com/grafana/plugins/marcu ...)
- TODO: check
+ NOT-FOR-US: Grafana plugin
CVE-2023-5122 (Grafana is an open-source platform for monitoring and
observability. T ...)
TODO: check
CVE-2023-52399
@@ -206,79 +206,79 @@ CVE-2023-42665
CVE-2023-42437
REJECTED
CVE-2023-41252 (Out-of-bounds read in some Intel(R) QAT software drivers for
Windows b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41231 (Incorrect default permissions in some ACAT software maintained
by Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41091 (Uncontrolled search path for some Intel(R) MPI Library
Software before ...)
TODO: check
CVE-2023-41090 (Race condition in some Intel(R) MAS software before version
2.3 may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40161 (Improper access control in some Intel Unite(R) Client software
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40156 (Uncontrolled search path element in some Intel(R) SSU software
before ...)
NOT-FOR-US: Intel
CVE-2023-40154 (Incorrect default permissions in the Intel(R) SUR for Gameplay
Softwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39941 (Improper access control in some Intel(R) SUR software before
version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39932 (Uncontrolled search path in the Intel(R) SUR for Gameplay
Software bef ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39450
REJECTED
CVE-2023-39432 (Improper access control element in some Intel(R) Ethernet
tools and dr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39425 (Improper access control in some Intel(R) DSA software before
version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38566 (Uncontrolled search path in some Intel(R) ISPC software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38561 (Improper access control in some Intel(R) XTU software before
version 7 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38262
REJECTED
CVE-2023-38137
REJECTED
CVE-2023-38135 (Improper authorization in some Intel(R) PM software may allow
a privil ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-36493 (Uncontrolled search path in some Intel(R) SDK for OpenCL(TM)
Applicati ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-36490 (Improper initialization in some Intel(R) MAS software before
version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35769 (Uncontrolled search path in some Intel(R) CIP software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35121 (Improper access control in some Intel(R) oneAPI DPC++/C++
Compiler sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35062 (Improper access control in some Intel(R) DSA software before
version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35061 (Improper initialization for some Intel(R) PROSet/Wireless and
Intel(R) ...)
TODO: check
CVE-2023-35060 (Uncontrolled search path in some Intel(R) Battery Life
Diagnostic Tool ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35003 (Path transversal in some Intel(R) VROC software before version
8.0.8.1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34983 (Improper input validation for some Intel(R) PROSet/Wireless
and Intel( ...)
TODO: check
CVE-2023-34351 (Buffer underflow in some Intel(R) PCM software before version
202307 m ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34315 (Incorrect default permissions in some Intel(R) VROC software
before ve ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-33875 (Improper access control for some Intel(R) PROSet/Wireless and
Intel(R) ...)
TODO: check
CVE-2023-33870 (Insecure inherited permissions in some Intel(R) Ethernet tools
and dri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32651 (Improper validation of specified type of input for some
Intel(R) PROSe ...)
TODO: check
CVE-2023-32647 (Improper access control in some Intel(R) XTU software before
version 7 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32646 (Uncontrolled search path element in some Intel(R) VROC
software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32644 (Protection mechanism failure for some Intel(R) PROSet/Wireless
and Int ...)
TODO: check
CVE-2023-32642 (Insufficient adherence to expected conventions for some
Intel(R) PROSe ...)
TODO: check
CVE-2023-32618 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and
component ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-32280 (Insufficiently protected credentials in some Intel(R) Server
Product O ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-31271 (Improper access control in some Intel(R) VROC software before
version ...)
TODO: check
CVE-2023-31189 (Improper authentication in some Intel(R) Server Product
OpenBMC firmwa ...)
@@ -343,7 +343,7 @@ CVE-2023-38960 (Insecure Permissions issue in Raiden
Professional Server RaidenF
CVE-2024-1342
NOT-FOR-US: Red Hat OpenShift
CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents
simultane ...)
- TODO: check
+ NOT-FOR-US: sidekiq-unique-jobs
CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2024-24924 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
@@ -822,19 +822,19 @@ CVE-2023-47218 (An OS command injection vulnerability has
been reported to affec
CVE-2023-46615 (Deserialization of Untrusted Data vulnerability in Kalli Dan.
KD Comin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-42374 (An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a
remote at ...)
- TODO: check
+ NOT-FOR-US: mystenlabs Sui Blockchain
CVE-2023-41708 (References to the "app loader" functionality could contain
redirects t ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41707 (Processing of user-defined mail search expressions is not
limited. Ava ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41706 (Processing time of drive search expressions now gets
monitored, and th ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41705 (Processing of user-defined DAV user-agent strings is not
limited. Avai ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41704 (Processing of CID references at E-Mail can be abused to inject
malicio ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2023-41703 (User ID references at mentions in document comments were not
correctly ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2022-48623 (The Cpanel::JSON::XS package before 4.33 for Perl performs
out-of-boun ...)
TODO: check
CVE-2021-4437 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -935,7 +935,7 @@ CVE-2024-25714 (In Rhonabwy through 1.1.13, HMAC signature
verification uses a s
CVE-2024-25713 (yyjson through 0.8.0 has a double free, leading to remote code
executi ...)
- yyjson <itp> (bug #972804)
CVE-2024-25712 (http-swagger before 1.2.6 allows XSS via PUT requests, because
a file ...)
- TODO: check
+ NOT-FOR-US: http-swagger
CVE-2024-23724 (Ghost through 5.76.0 allows stored XSS, and resultant
privilege escala ...)
NOT-FOR-US: Ghost CMS
CVE-2024-21875 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed11b07cc3cd482ed518404a0d65d9395bf3b1a7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed11b07cc3cd482ed518404a0d65d9395bf3b1a7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
