Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd02ce70 by Moritz Muehlenhoff at 2024-04-04T11:36:04+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,18 +37,18 @@ CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and
WRC-G01-W v1.24 and earli
CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote
authenticated ...)
NOT-FOR-US: SEEnergy Corp SVR-116
CVE-2024-29008 (A problem has been identified in the CloudStack additional VM
configur ...)
- TODO: check
+ NOT-FOR-US: Apache CloudStack
CVE-2024-29007 (The CloudStack management server and secondary storage VM
could be tri ...)
- TODO: check
+ NOT-FOR-US: Apache CloudStack
CVE-2024-29006 (By default the CloudStack management server honours the
x-forwarded-fo ...)
- TODO: check
+ NOT-FOR-US: Apache CloudStack
CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- suricata 1:7.0.4-1
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8
NOTE: https://redmine.openinfosecfoundation.org/issues/6800
NOTE: https://redmine.openinfosecfoundation.org/issues/6801
CVE-2024-28520 (File Upload vulnerability in Byzoro Networks Smart
multi-service secur ...)
- TODO: check
+ NOT-FOR-US: Byzoro
CVE-2024-27706 (Cross Site Scripting vulnerability in Huly Platform v.0.6.202
allows a ...)
NOT-FOR-US: Huily Platform
CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows
attackers ...)
@@ -58,7 +58,7 @@ CVE-2024-26258 (OS command injection vulnerability in
WRC-X3200GST3-B v1.25 and
CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25
and earlie ...)
NOT-FOR-US: WRC-X3200GST3-B
CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST
Client v.17. ...)
- TODO: check
+ NOT-FOR-US: Advanced REST Client
CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to
Sensiti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band
Whole-Home M ...)
@@ -100,13 +100,13 @@ CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and
previous versions before
CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16
are vulne ...)
NOT-FOR-US: Concrete CMS
CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This
flaw allow ...)
- TODO: check
+ NOT-FOR-US: KubeVirt
CVE-2024-31419 (An information disclosure flaw was found in OpenShift
Virtualization. ...)
NOT-FOR-US: Red Hat OpenShift Virtualization
CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them
to be loa ...)
- TODO: check
+ - firefox <not-affected> (Only affects Firefox for iOS)
CVE-2024-31392 (If an insecure element was added to a page after a delay,
Firefox woul ...)
- TODO: check
+ - firefox <not-affected> (Only affects Firefox for iOS)
CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
@@ -154,9 +154,9 @@ CVE-2024-2758 (Tempesta FW rate limits are not enabled by
default. They are eith
CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior
to 8.5 ...)
NOT-FOR-US: Concrete CMS
CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded
buffer and ...)
- TODO: check
+ NOT-FOR-US: amphp/http
CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr
ERP CRM u ...)
- TODO: check
+ - dolibarr <removed>
CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM
Cloud Pa ...)
NOT-FOR-US: IBM
CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was
discovere ...)
@@ -252,7 +252,7 @@ CVE-2024-1180 (TP-Link Omada ER605 Access Control Command
Injection Remote Code
CVE-2024-0394 (Rapid7 Minerva Armor versions below 4.5.5 suffer from a
privilege esca ...)
NOT-FOR-US: Rapid7 Minerva Armor
CVE-2024-0335 (ABB has internally identified a vulnerability in the ABB VPNI
feature ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain
an imp ...)
NOT-FOR-US: Dell
CVE-2023-5755
@@ -260,17 +260,17 @@ CVE-2023-5755
CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
NOT-FOR-US: IBM
CVE-2023-45552 (In VeridiumID before 3.5.0, a stored cross-site scripting
(XSS) vulner ...)
- TODO: check
+ NOT-FOR-US: VeridiumID
CVE-2023-44040 (In VeridiumID before 3.5.0, the identity provider page is
susceptible ...)
- TODO: check
+ NOT-FOR-US: VeridiumID
CVE-2023-44039 (In VeridiumID before 3.5.0, the WebAuthn API allows an
internal unauth ...)
- TODO: check
+ NOT-FOR-US: VeridiumID
CVE-2023-44038 (In VeridiumID before 3.5.0, the identity provider page allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: VeridiumID
CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)10.5, ...)
NOT-FOR-US: IBM
CVE-2023-35812 (An issue was discovered in the Amazon Linux packages of
OpenSSH 7.4 fo ...)
- TODO: check
+ NOT-FOR-US: Incomplate OpenSSH backport in Amazon Linux
CVE-2024-26779 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux 6.7.7-1
NOTE:
https://git.kernel.org/linus/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f (6.8-rc2)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd02ce7046b91a4fecd118d8333b4b277972968e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd02ce7046b91a4fecd118d8333b4b277972968e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
