Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
83206806 by Salvatore Bonaccorso at 2024-08-15T23:03:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2024-7263 (Improper path validation in
promecefpluginhost.exe in Kingsoft WP
CVE-2024-7262 (Improper path validation in promecefpluginhost.exe in Kingsoft
WPS Off ...)
NOT-FOR-US: Kingsoft WPS Office
CVE-2024-6347 (* Unprotected privileged mode access through UDS session in
the Blind ...)
- TODO: check
+ NOT-FOR-US: Nissan
CVE-2024-43373 (webcrack is a tool for reverse engineering javascript. An
arbitrary fi ...)
NOT-FOR-US: webcrack
CVE-2024-43357 (ECMA-262 is the language specification for the scripting
language ECMA ...)
@@ -119,33 +119,33 @@ CVE-2024-40705 (IBM InfoSphere Information Server could
allow an authenticated u
CVE-2024-40704 (IBM InfoSphere Information Server 11.7 could allow a
privileged user t ...)
NOT-FOR-US: IBM
CVE-2024-32231 (Stash up to v0.25.1 was discovered to contain a SQL injection
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Stash
CVE-2024-31905 (IBM QRadar Network Packet Capture 7.5 could allow a remote
attacker to ...)
NOT-FOR-US: IBM
CVE-2024-31800 (Authentication Bypass in GNCC's GC2 Indoor Security Camera
1080P allow ...)
- TODO: check
+ NOT-FOR-US: GNCC's GC2 Indoor Security Camera 1080P
CVE-2024-31799 (Information Disclosure in GNCC's GC2 Indoor Security Camera
1080P allo ...)
- TODO: check
+ NOT-FOR-US: GNCC's GC2 Indoor Security Camera 1080P
CVE-2024-31798 (Identical Hardcoded Root Password for All Devices in GNCC's
GC2 Indoor ...)
- TODO: check
+ NOT-FOR-US: GNCC's GC2 Indoor Security Camera 1080P
CVE-2024-27731 (Cross Site Scripting vulnerability in Friendica v.2023.12
allows a rem ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2024-27730 (Insecure Permissions vulnerability in Friendica v.2023.12
allows a rem ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2024-27729 (Cross Site Scripting vulnerability in Friendica v.2023.12
allows a rem ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2024-27728 (Cross Site Scripting vulnerability in Friendica v.2023.12
allows a rem ...)
- TODO: check
+ NOT-FOR-US: Friendica
CVE-2024-25633 (eLabFTW is an open source electronic lab notebook for research
labs. ...)
- TODO: check
+ NOT-FOR-US: eLabFTW
CVE-2024-23168 (Vulnerability in Xiexe XSOverlay before build 647 allows
non-local web ...)
- TODO: check
+ NOT-FOR-US: Xiexe XSOverlay
CVE-2024-22219 (XML External Entity (XXE) vulnerability in Terminalfour
8.0.0001 throu ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2024-22218 (XML External Entity (XXE) vulnerability in Terminalfour
8.0.0001 throu ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2024-22217 (A Server-Side Request Forgery (SSRF) vulnerability in
Terminalfour bef ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2023-37228
REJECTED
CVE-2024-7815 (A vulnerability has been found in CodeAstro Online Railway
Reservation ...)
@@ -391,7 +391,7 @@ CVE-2024-39386 (Bridge versions 13.0.8, 14.1.1 and earlier
are affected by an ou
CVE-2024-39383 (Acrobat Reader versions 20.005.30636, 24.002.20965,
24.002.20964, 24.0 ...)
NOT-FOR-US: Adobe
CVE-2024-39283 (Incomplete filtering of special elements in Intel(R) TDX
module softwa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-38483 (Dell BIOS contains an Improper Input Validation vulnerability
in an ex ...)
NOT-FOR-US: Dell
CVE-2024-37529 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
@@ -403,7 +403,7 @@ CVE-2024-35152 (IBM Db2 for Linux, UNIX and Windows
(includes Db2 Connect Server
CVE-2024-35136 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) fede ...)
NOT-FOR-US: IBM
CVE-2024-34163 (Improper input validation in firmware for some Intel(R) NUC
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-34138 (Illustrator versions 28.5, 27.9.4 and earlier are affected by
a NULL P ...)
NOT-FOR-US: Adobe
CVE-2024-34137 (Illustrator versions 28.5, 27.9.4 and earlier are affected by
a NULL P ...)
@@ -431,113 +431,113 @@ CVE-2024-34117 (Photoshop Desktop versions 24.7.3,
25.9.1 and earlier are affect
CVE-2024-31882 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2024-29015 (Uncontrolled search path in some Intel(R) VTune(TM) Profiler
software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28953 (Uncontrolled search path in some EMON software before version
11.44 ma ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28947 (Improper input validation in kernel mode driver for some
Intel(R) Serv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28887 (Uncontrolled search path in some Intel(R) IPP software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28876 (Uncontrolled search path for some Intel(R) MPI Library
software before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28799 (IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM
Cloud Pa ...)
NOT-FOR-US: IBM
CVE-2024-28172 (Uncontrolled search path for some Intel(R) Trace Analyzer and
Collecto ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28050 (Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe
Graphics ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-28046 (Uncontrolled search path in some Intel(R) GPA software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-27461 (Incorrect default permissions in software installer for
Intel(R) MAS ( ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-27267 (The Object Request Broker (ORB) in IBM SDK, Java Technology
Edition 7. ...)
NOT-FOR-US: IBM
CVE-2024-27120 (A Local File Inclusion vulnerability has been found in
ComfortKey, a p ...)
- TODO: check
+ NOT-FOR-US: ComfortKey
CVE-2024-26027 (Uncontrolled search path for some Intel(R) Simics Package
Manager soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-26025 (Incorrect default permissions for some Intel(R) Advisor
software befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-26022 (Improper access control in some Intel(R) UEFI Integrator Tools
on Apti ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25939 (Mirrored regions with different values in 3rd Generation
Intel(R) Xeon ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2024-25576 (improper access control in firmware for some Intel(R) FPGA
products be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25562 (Improper buffer restrictions in some Intel(R) Distribution for
GDB sof ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25561 (Insecure inherited permissions in some Intel(R) HID Event
Filter softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-25157 (An authentication bypass vulnerability in GoAnywhere MFT prior
to 7.6. ...)
- TODO: check
+ NOT-FOR-US: GoAnywhere MFT
CVE-2024-24986 (Improper access control in Linux kernel mode driver for some
Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24983 (Protection mechanism failure in firmware for some Intel(R)
Ethernet Ne ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24980 (Protection mechanism failure in some 3rd, 4th, and 5th
Generation Inte ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2024-24977 (Uncontrolled search path for some Intel(R) License Manager for
FLEXlm ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24973 (Improper input validation for some Intel(R) Distribution for
GDB softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-24853 (Incorrect behavior order in transition between executive
monitor and S ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2024-24580 (Improper conditions check in some Intel(R) Data Center GPU Max
Series ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23981 (Wrap-around error in Linux kernel mode driver for some
Intel(R) Ethern ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23974 (Incorrect default permissions in some Intel(R) ISH software
installers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23909 (Uncontrolled search path in some Intel(R) FPGA SDK for
OpenCL(TM) soft ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23908 (Insecure inherited permissions in some Flexlm License Daemons
for Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23907 (Uncontrolled search path in some Intel(R) High Level Synthesis
Compile ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23499 (Protection mechanism failure in Linux kernel mode driver for
some Inte ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23497 (Out-of-bounds write in Linux kernel mode driver for some
Intel(R) Ethe ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23495 (Incorrect default permissions in some Intel(R) Distribution
for GDB so ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23491 (Uncontrolled search path in some Intel(R) Distribution for GDB
softwar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-23489 (Uncontrolled search path for some Intel(R) VROC software
before versio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-22378 (Incorrect default permissions in some Intel Unite(R) Client
Extended D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-22376 (Uncontrolled search path element in some installation software
for Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-22374 (Insufficient control flow management for some Intel(R) Xeon
Processors ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-22184 (Uncontrolled search path for some Intel(R) Quartus(R) Prime
Pro Editio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21857 (Uncontrolled search path for some Intel(R) oneAPI Compiler
software be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21844 (Integer overflow in firmware for some Intel(R) CSME may allow
an unaut ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21810 (Improper input validation in the Linux kernel mode driver for
some Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21807 (Improper initialization in the Linux kernel mode driver for
some Intel ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21806 (Improper conditions check in Linux kernel mode driver for some
Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21801 (Insufficient control flow management in some Intel(R) TDX
module softw ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21787 (Inadequate encryption strength for some BMRA software before
version 2 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21784 (Uncontrolled search path for some Intel(R) IPP Cryptography
software b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21769 (Uncontrolled search path in some Intel(R) Ethernet Connection
I219-LM ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-21766 (Uncontrolled search path for some Intel(R) oneAPI Math Kernel
Library ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-20790 (Dimension versions 3.4.11 and earlier are affected by an
out-of-bounds ...)
NOT-FOR-US: Adobe
CVE-2024-20789 (Dimension versions 3.4.11 and earlier are affected by a Use
After Free ...)
@@ -547,29 +547,29 @@ CVE-2023-50315 (IBM WebSphere Application Server 8.5 and
9.0 could allow an atta
CVE-2023-50314 (IBM WebSphere Application Server Liberty 17.0.0.3 through
24.0.0.8 cou ...)
NOT-FOR-US: IBM
CVE-2023-49144 (Out of bounds read in OpenBMC Firmware for some Intel(R)
Server Platfo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-49141 (Improper isolation in some Intel(R) Processors stream cache
mechanism ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2023-48361 (Improper initialization in firmware for some Intel(R) CSME may
allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43747 (Incorrect default permissions for some Intel(R) Connectivity
Performan ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43489 (Improper access control for some Intel(R) CIP software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42667 (Improper isolation in the Intel(R) Core(TM) Ultra Processor
stream cac ...)
- intel-microcode <unfixed> (bug #1078742)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html
NOTE:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
CVE-2023-40067 (Unchecked return value in firmware for some Intel(R) CSME may
allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-38655 (Improper buffer restrictions in firmware for some Intel(R) AMT
and Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-35123 (Uncaught exception in OpenBMC Firmware for some Intel(R)
Server Platfo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-34424 (Improper input validation in firmware for some Intel(R) CSME
may allow ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2024-7347 (NGINX Open Source and NGINX Plus have a vulnerability in the
ngx_http_ ...)
- nginx <unfixed>
[bookworm] - nginx <no-dsa> (Minor issue)
@@ -642,7 +642,7 @@ CVE-2024-7730
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2427
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/98e77e3dd8dd6e7aa9a7dffa60f49c8c8a49d4e3
(v9.1.0-rc0)
CVE-2024-7746 (Use of Default Credentials vulnerability in Tananaev Solutions
Traccar ...)
- TODO: check
+ NOT-FOR-US: Tananaev Solutions Traccar Server
CVE-2024-7741 (A vulnerability was found in wanglongcn ltcms 1.0.20 and
classified as ...)
NOT-FOR-US: wanglongcn ltcms
CVE-2024-7740 (A vulnerability has been found in wanglongcn ltcms 1.0.20 and
classifi ...)
@@ -722,7 +722,7 @@ CVE-2024-41613 (A Cross Site Scripting (XSS) vulnerability
in Symphony CMS 2.7.1
CVE-2024-40697 (IBM Common Licensing 9.0 does not require that users should
have stron ...)
NOT-FOR-US: IBM
CVE-2024-3913 (An unauthenticated remote attacker can use this vulnerability
to chang ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT
CVE-2024-39651 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-39642 (Authorization Bypass Through User-Controlled Key vulnerability
in Thim ...)
@@ -748,9 +748,9 @@ CVE-2024-38699 (Missing Authorization vulnerability in WP
Swings Wallet System f
CVE-2024-38688 (Missing Authorization vulnerability in Igor Beni\u0107 Recipe
Maker Fo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-38502 (An unauthenticated remote attacker may use stored XSS
vulnerability to ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs SE
CVE-2024-38501 (An unauthenticated remote attacker may use a HTML injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs SE
CVE-2024-38223 (Windows Initial Machine Configuration Elevation of Privilege
Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2024-38215 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
@@ -916,7 +916,7 @@ CVE-2024-37935 (Missing Authorization vulnerability in
anhvnit Woocommerce OpenP
CVE-2024-37287 (A flaw allowing arbitrary code execution was discovered in
Kibana. An ...)
TODO: check
CVE-2024-37015 (An issue was discovered in Ada Web Server 20.0. When
configured to use ...)
- TODO: check
+ NOT-FOR-US: Ada Web Server
CVE-2024-36505 (An improper access control vulnerability [CWE-284] in FortiOS
7.4.0 th ...)
NOT-FOR-US: FortiGuard
CVE-2024-36446 (The provisioning manager component of Mitel MiVoice MX-ONE
through 7.6 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8320680626b3f63d7056fe51382622a8886ec390
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8320680626b3f63d7056fe51382622a8886ec390
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
