Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c2f14b1 by Moritz Muehlenhoff at 2024-04-05T14:39:03+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -110,57 +110,57 @@ CVE-2024-2660 (Vault and Vault Enterprise TLS
certificates auth method did not c
CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible
when logge ...)
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code
executi ...)
- TODO: check
+ NOT-FOR-US: projeqtor
CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: projeqtor
CVE-2024-29193 (gotortc is a camera streaming application. Versions 1.8.5 and
prior ar ...)
- TODO: check
+ NOT-FOR-US: gotortc
CVE-2024-29192 (gotortc is a camera streaming application. Versions 1.8.5 and
prior ar ...)
- TODO: check
+ NOT-FOR-US: gotortc
CVE-2024-29191 (gotortc is a camera streaming application. Versions 1.8.5 and
prior ar ...)
- TODO: check
+ NOT-FOR-US: gotortc
CVE-2024-29182 (Collabora Online is a collaborative online office suite based
on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and
the relate ...)
TODO: check
CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM
Application G ...)
NOT-FOR-US: IBM
CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik
GmbH IN ...)
- TODO: check
+ NOT-FOR-US: INOTEC
CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through
24.0.0.3 is ...)
NOT-FOR-US: IBM
CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for
ArcGIS <=1 ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri
Portal for A ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25704 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25703 (There is a reflected cross site scripting vulnerability in the
home ap ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25700 (There is a stored Cross-site Scripting vulnerability in Esri
Portal fo ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25699 (There is a difficult to exploit improper authentication issue
in the H ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25698 (There is a reflected cross site scripting vulnerability in the
home ap ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25697 (There is a Cross-site Scripting vulnerabilityin Portal for
ArcGIS in v ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25696 (There is a Cross-site Scripting vulnerability in Portal for
ArcGIS in ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25695 (There is a Cross-site Scripting vulnerability in Portal for
ArcGIS in ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25693 (There is a path traversal in Esri Portal for ArcGIS versions
<= 11.2. ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25692 (There is a cross-site-request forgery vulnerability in Esri
Portal for ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25690 (There is an HTML injection vulnerability in Esri Portal for
ArcGIS ver ...)
- TODO: check
+ NOT-FOR-US: Esri Portal
CVE-2024-25007 (Ericsson Network Manager (ENM), versions prior to 23.1,
contains a vul ...)
- TODO: check
+ NOT-FOR-US: Ericsson Network Manager
CVE-2024-22189 (quic-go is an implementation of the QUIC protocol in Go. Prior
to vers ...)
- golang-github-lucas-clemente-quic-go 0.38.2-1
[bookworm] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
@@ -169,21 +169,21 @@ CVE-2024-22189 (quic-go is an implementation of the QUIC
protocol in Go. Prior t
NOTE:
https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a
(v0.42.0)
NOTE:
https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management
CVE-2024-22053 (A heap overflow vulnerability in IPSec component of Ivanti
Connect Sec ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-22052 (A null pointer dereference vulnerability in IPSec component of
Ivanti ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-22023 (An XML entity expansion or XEE vulnerability in SAML component
of Ivan ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-20800 (Adobe Experience Manager versions 6.5.19 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-3454 (Remote code execution (RCE) vulnerability in Brocade Fabric OS
after v ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2023-36645 (SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows
remote a ...)
- TODO: check
+ NOT-FOR-US: ITB-GmbH TradePro
CVE-2023-36644 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows
remote atta ...)
- TODO: check
+ NOT-FOR-US: ITB-GmbH TradePro
CVE-2023-36643 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows
remote atta ...)
- TODO: check
+ NOT-FOR-US: ITB-GmbH TradePro
CVE-2024-26809 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c2f14b154cff30d9e34624a436c22aa27b03991
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c2f14b154cff30d9e34624a436c22aa27b03991
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
