Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
536cec60 by Salvatore Bonaccorso at 2024-04-03T23:05:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,13 +17,13 @@ CVE-2024-3252 (A vulnerability classified as critical has
been found in SourceCo
CVE-2024-3251 (A vulnerability was found in SourceCodester Computer Laboratory
Manage ...)
NOT-FOR-US: SourceCodester Computer Laboratory Management System
CVE-2024-3181 (Concrete CMS version 9 prior to 9.2.8 and previous versions
prior to 8 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3180 (Concrete CMS version 9 below 9.2.8 and previous versions below
8.5.16 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions
before 8.5.1 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16
are vulne ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This
flaw allow ...)
TODO: check
CVE-2024-31419 (An information disclosure flaw was found in OpenShift
Virtualization. ...)
@@ -33,51 +33,51 @@ CVE-2024-31393 (Dragging Javascript URLs to the address bar
could cause them to
CVE-2024-31392 (If an insecure element was added to a page after a delay,
Firefox woul ...)
TODO: check
CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30572 (Netgear R6850 1.1.0.88 was discovered to contain a command
injection v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30571 (An information leak in the BRS_top.html component of Netgear
R6850 v1. ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30570 (An information leak in debuginfo.htm of Netgear R6850
v1.1.0.88 allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30569 (An information leak in currentsetting.htm of Netgear R6850
v1.1.0.88 a ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30568 (Netgear R6850 1.1.0.88 was discovered to contain a command
injection v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-30366 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30334 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30333 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30332 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30331 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30330 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30329 (Foxit PDF Reader Annotation Use-After-Free Information
Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30328 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30327 (Foxit PDF Reader template Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30326 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30325 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30324 (Foxit PDF Reader Doc Object Use-After-Free Remote Code
Execution Vulne ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30323 (Foxit PDF Reader template Out-Of-Bounds Read Remote Code
Execution Vul ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-30322 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are
either se ...)
- TODO: check
+ NOT-FOR-US: Tempesta FW
CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior
to 8.5 ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded
buffer and ...)
TODO: check
CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr
ERP CRM u ...)
@@ -85,101 +85,101 @@ CVE-2024-29477 (Lack of sanitization during Installation
Process in Dolibarr ERP
CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM
Cloud Pa ...)
NOT-FOR-US: IBM
CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was
discovere ...)
- TODO: check
+ NOT-FOR-US: Puwell Cloud Tech Co, Ltd 360Eyes Pro
CVE-2024-27972 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27951 (Unrestricted Upload of File with Dangerous Type vulnerability
in Theme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27674 (Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M)
access to ...)
- TODO: check
+ NOT-FOR-US: Macro Expert
CVE-2024-27673
REJECTED
CVE-2024-27346 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read
Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27345 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read
Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27344 (Kofax Power PDF PDF File Parsing Memory Corruption Remote Code
Executi ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27343 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Read
Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27342 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27341 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27340 (Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow
Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27339 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27338 (Kofax Power PDF app response Out-Of-Bounds Read Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27337 (Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow
Remote Co ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27336 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read
Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27335 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote
Code Execut ...)
- TODO: check
+ NOT-FOR-US: Kofax
CVE-2024-27254 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 10.5 ...)
NOT-FOR-US: IBM
CVE-2024-27201 (An improper input validation vulnerability exists in the OAS
Engine Us ...)
- TODO: check
+ NOT-FOR-US: OAS Engine User Configuration
CVE-2024-27191 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-26701
REJECTED
CVE-2024-25918 (Unrestricted Upload of File with Dangerous Type vulnerability
in Insta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25096 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25046 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2024-25030 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2024-24976 (A denial of service vulnerability exists in the OAS Engine
File Data S ...)
- TODO: check
+ NOT-FOR-US: OAS Engine File Data Source Configuration
CVE-2024-24707 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23540 (The HCL BigFix Inventory server is vulnerable to path
traversal which ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-22360 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
NOT-FOR-US: IBM
CVE-2024-22178 (A file write vulnerability exists in the OAS Engine Save
Security Conf ...)
- TODO: check
+ NOT-FOR-US: OAS Engine Save Security Configuration
CVE-2024-21870 (A file write vulnerability exists in the OAS Engine Tags
Configuration ...)
- TODO: check
+ NOT-FOR-US: OAS Engine Tags Configuration
CVE-2024-20368 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20367 (A vulnerability in the web UI of Cisco Enterprise Chat and
Email (ECE) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20362 (A vulnerability in the web-based management interface of Cisco
Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20352 (A vulnerability in Cisco Emergency Responder could allow an
authentica ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20348 (A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP)
feature o ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20347 (A vulnerability in Cisco Emergency Responder could allow an
unauthenti ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20334 (A vulnerability in the web-based management interface of Cisco
TelePre ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20332 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20310 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20302 (A vulnerability in the tenant security implementation of Cisco
Nexus D ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20283 (A vulnerability in Cisco Nexus Dashboard could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20282 (A vulnerability in Cisco Nexus Dashboard could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20281 (A vulnerability in the web-based management interface of Cisco
Nexus D ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-1180 (TP-Link Omada ER605 Access Control Command Injection Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-0394 (Rapid7 Minerva Armor versions below 4.5.5 suffer from a
privilege esca ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Minerva Armor
CVE-2024-0335 (ABB has internally identified a vulnerability in the ABB VPNI
feature ...)
TODO: check
CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain
an imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-5755
REJECTED
CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
@@ -758,7 +758,7 @@ CVE-2024-25864 (Server Side Request Forgery (SSRF)
vulnerability in Friendica ve
CVE-2024-25075 (An issue was discovered in Softing uaToolkit Embedded before
1.41.1. W ...)
NOT-FOR-US: Softing uaToolkit Embedded
CVE-2024-24724 (Gibbon through 26.0.00 allows
/modules/School%20Admin/messengerSetting ...)
- TODO: check
+ NOT-FOR-US: GibbonEdu Gibbon
CVE-2024-24506 (Cross Site Scripting (XSS) vulnerability in Lime Survey
Community Edit ...)
TODO: check
CVE-2024-1327 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
Stored Cro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/536cec604094dba18b2c0ffa72557387491cb681
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/536cec604094dba18b2c0ffa72557387491cb681
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
