Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
feae722f by Moritz Muehlenhoff at 2024-02-23T10:57:08+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52,65 +52,65 @@ CVE-2024-25748 (A Stack Based Buffer Overflow vulnerability
in tenda AC9 AC9 v.3
CVE-2024-25746 (Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0
with firm ...)
NOT-FOR-US: Tenda
CVE-2024-25385 (An issue in flvmeta v.1.2.2 allows a local attacker to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: FLVMeta
CVE-2024-25369 (A reflected Cross-Site Scripting (XSS) vulnerability in FUEL
CMS 1.5.2 ...)
- TODO: check
+ NOT-FOR-US: FUEL CMS
CVE-2024-25130 (Tuleap is an open source suite to improve management of
software devel ...)
- TODO: check
+ NOT-FOR-US: Tuleap
CVE-2024-25129 (The CodeQL CLI repo holds binaries for the CodeQL command line
interfa ...)
- TODO: check
+ NOT-FOR-US: CodeQL
CVE-2024-25021 (IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a
non-privileg ...)
NOT-FOR-US: IBM
CVE-2024-24817 (Discourse Calendar adds the ability to create a dynamic
calendar in th ...)
- TODO: check
+ NOT-FOR-US: Discourse Calendar
CVE-2024-23094 (Flusity-CMS v2.33 was discovered to contain a Cross-Site
Request Forge ...)
- TODO: check
+ NOT-FOR-US: Flusity-CMS
CVE-2024-22547 (WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting
(XSS).)
- TODO: check
+ NOT-FOR-US: WayOS
CVE-2024-22243 (Applications that use UriComponentsBuilderto parse an
externally provi ...)
TODO: check
CVE-2024-1786 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-1784 (A vulnerability classified as problematic was found in Limbas
5.2.14. ...)
- TODO: check
+ NOT-FOR-US: Limbas
CVE-2024-1783 (A vulnerability classified as critical has been found in
Totolink LR12 ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-1781 (A vulnerability was found in Totolink X6000R AX3000
9.4.0cu.852_202307 ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-1779 (The Admin side data storage for Contact Form 7 plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1778 (The Admin side data storage for Contact Form 7 plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1777 (The Admin side data storage for Contact Form 7 plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1776 (The Admin side data storage for Contact Form 7 plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1750 (A vulnerability, which was classified as critical, was found in
Temmok ...)
- TODO: check
+ NOT-FOR-US: TemmokuMVC
CVE-2024-1749 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Bhojon Best Restaurant Management Software
CVE-2024-1748 (A vulnerability classified as critical was found in
van_der_Schaar LAB ...)
- TODO: check
+ NOT-FOR-US: van_der_Schaar LAB AutoPrognosis
CVE-2024-1683 (A DLL injection vulnerability exists where an authenticated,
low-privi ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2024-1563 (An attacker could have executed unauthorized scripts on top
origin sit ...)
- TODO: check
+ NOT-FOR-US: Mozilla Firefox Focus
CVE-2024-1104 (An unauthenticated remote attacker can bypass the brute force
preventi ...)
- TODO: check
+ NOT-FOR-US: Areal Topkapi WebServ2
CVE-2024-0220 (B&R Automation Studio Upgrade Service and B&R Technology
Guarding use ...)
- TODO: check
+ NOT-FOR-US: B&R Automation Studio
CVE-2023-51653 (Hertzbeat is a real-time monitoring system. In the
implementation of ` ...)
- TODO: check
+ NOT-FOR-US: Hertzbeat
CVE-2023-51450 (baserCMS is a website development framework. Prior to version
5.0.9, t ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2023-51389 (Hertzbeat is a real-time monitoring system. At the interface
of `/defi ...)
- TODO: check
+ NOT-FOR-US: Hertzbeat
CVE-2023-51388 (Hertzbeat is a real-time monitoring system. In
`CalculateAlarm.java`, ...)
- TODO: check
+ NOT-FOR-US: Hertzbeat
CVE-2023-44379 (baserCMS is a website development framework. Prior to version
5.0.9, t ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2023-37540 (Sametime Connect desktop chat client includes, but does not
use or req ...)
- TODO: check
+ NOT-FOR-US: Sametime Connect
CVE-2024-26141 [Reject Range headers which are too large]
- ruby-rack <unfixed>
NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
@@ -236,7 +236,7 @@ CVE-2024-26482 (An HTML injection vulnerability in the Edit
Content Layout modul
CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected
cross-site scri ...)
NOT-FOR-US: Kirby CMS
CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Querybook
CVE-2024-25801 (SKINsoft S-Museum 7.02.3 allows XSS via the filename of an
uploaded fi ...)
NOT-FOR-US: SKINsoft S-Museum
CVE-2024-25423 (An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker
to execu ...)
@@ -244,7 +244,7 @@ CVE-2024-25423 (An issue in MAXON CINEMA 4D R2024.2.0
allows a local attacker to
CVE-2024-25251 (code-projects Agro-School Management System 1.0 is suffers
from Incorr ...)
NOT-FOR-US: code-projects Agro-School Management System
CVE-2024-25124 (Fiber is a web framework written in go. Prior to version
2.52.1, the C ...)
- TODO: check
+ NOT-FOR-US: Fiber
CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion
platform ...)
NOT-FOR-US: Discourse plugin
CVE-2024-23137 (A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll
parsed thr ...)
@@ -374,7 +374,7 @@ CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to
Denial of Service.)
CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver
when exitin ...)
NOT-FOR-US: Silabs
CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004
QP3 and 8 ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified
Intelligence ...)
NOT-FOR-US: Cisco
CVE-2024-1714
@@ -402,9 +402,9 @@ CVE-2024-1700 (A vulnerability, which was classified as
problematic, was found i
CVE-2024-1474 (In WS_FTP Server versions before 8.8.5, reflected cross-site
scripting ...)
NOT-FOR-US: Progress WS_FTP Server
CVE-2024-1212 (Unauthenticated remote attackers can access the system through
the Loa ...)
- TODO: check
+ NOT-FOR-US: LoadMaster Linux
CVE-2023-7235 (The OpenVPN GUI installer before version 2.6.9 did not set the
proper ...)
- TODO: check
+ NOT-FOR-US: OpenVPN 2.x GUI on Windows
CVE-2023-6640 (Malformed S2 Nonce Get Command Class packets can be sent to
crash PC C ...)
NOT-FOR-US: Silabs
CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be
sent to th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feae722f15f348e7caf7c1ecdd9f1ff00a720293
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feae722f15f348e7caf7c1ecdd9f1ff00a720293
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
