Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11d3ebd8 by Salvatore Bonaccorso at 2024-03-12T21:25:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2024-2394 (A vulnerability was found in SourceCodester Employee Management
System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Employee Management System
CVE-2024-2393 (A vulnerability was found in SourceCodester CRUD without Page
Reload 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester CRUD without Page Reload
CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 and classified as
problem ...)
- TODO: check
+ NOT-FOR-US: EVE-NG
CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550
affecting fi ...)
- TODO: check
+ NOT-FOR-US: Korenix JetI/O 6550
CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored
Cross-S ...)
TODO: check
CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN
Standard/Premium E ...)
@@ -13,197 +13,197 @@ CVE-2024-2049 (Server-Side Request Forgery (SSRF) in
Citrix SD-WAN Standard/Prem
CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is
vulnerable to ...)
TODO: check
CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in
the entr ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in
the mitI ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-28340 (An information leak in the currentsetting.htm component of
Netgear CBR ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-28339 (An information leak in the debuginfo.htm component of Netgear
CBR40 2. ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-28338 (A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows
attacke ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built
with PHP. ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both
Rails a ...)
TODO: check
CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a
Server Si ...)
- TODO: check
+ NOT-FOR-US: Peering Manager
CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering
Manager < ...)
- TODO: check
+ NOT-FOR-US: Peering Manager
CVE-2024-28112 (Peering Manager is a BGP session management tool. Affected
versions of ...)
- TODO: check
+ NOT-FOR-US: Peering Manager
CVE-2024-28098 (The vulnerability allows authenticated users with only produce
or cons ...)
- TODO: check
+ NOT-FOR-US: Apache Pulsar
CVE-2024-27907 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-27894 (The Pulsar Functions Worker includes a capability that permits
authent ...)
- TODO: check
+ NOT-FOR-US: Apache Pulsar
CVE-2024-27758 (In RPyC before 6.0.0, when a server exposes a method that
calls the at ...)
TODO: check
CVE-2024-27317 (In Pulsar Functions Worker, authenticated users can upload
functions i ...)
- TODO: check
+ NOT-FOR-US: Apache Pulsar
CVE-2024-27279 (Directory traversal vulnerability exists in a-blog cms
Ver.3.1.x serie ...)
- TODO: check
+ NOT-FOR-US: a-blog cms
CVE-2024-27135 (Improper input validation in the Pulsar Function Worker allows
a malic ...)
- TODO: check
+ NOT-FOR-US: Apache Pulsar
CVE-2024-26288 (An unauthenticated remote attacker can influence the
communication due ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-26204 (Outlook for Android Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26203 (Azure Data Studio Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26201 (Microsoft Intune Linux Agent Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26199 (Microsoft Office Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26198 (Microsoft Exchange Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26197 (Windows Standards-Based Storage Management Service Denial of
Service V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26190 (Microsoft QUIC Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26185 (Windows Compressed Folder Tampering Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26182 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26181 (Windows Kernel Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26178 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26177 (Windows Kernel Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26176 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26174 (Windows Kernel Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26173 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26170 (Windows Composite Image File System (CimFS) Elevation of
Privilege Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26169 (Windows Error Reporting Service Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26166 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26165 (Visual Studio Code Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26164 (Microsoft Django Backend for SQL Server Remote Code Execution
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26162 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26161 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26160 (Windows Cloud Files Mini Filter Driver Information Disclosure
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26159 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26005 (An unauthenticated remote attackercan gain service level
privileges th ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-26004 (An unauthenticated remote attacker can DoS a control agent due
to acce ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-26003 (An unauthenticated remote attacker can DoS the control agent
due to a ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-26002 (An improper input validation in the Qualcom plctool allows a
local att ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-26001 (An unauthenticated remote attacker can writememory out of
bounds due t ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-26000 (An unauthenticated remote attacker can read memory out of
bounds due t ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-25999 (An unauthenticated local attacker can perform a privilege
escalation d ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-25998 (An unauthenticated remote attacker can perform a command
injectionin t ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-25997 (An unauthenticated remote attacker can perform a log injection
due to ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-25996 (An unauthenticated remote attacker can perform a remote code
execution ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-25995 (An unauthenticated remote attacker can modify configurations
to perfor ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-25994 (An unauthenticated remote attacker can upload a arbitrary
script file ...)
- TODO: check
+ NOT-FOR-US: VDE
CVE-2024-23112 (An authorization bypass through user-controlled key
vulnerability [CWE ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-22045 (A vulnerability has been identified in SINEMA Remote Connect
Client (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-22044 (A vulnerability has been identified in SENTRON 3KC ATC6
Expansion Modu ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-22041 (A vulnerability has been identified in Cerberus PRO EN
Engineering Too ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-22040 (A vulnerability has been identified in Cerberus PRO EN
Engineering Too ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-22039 (A vulnerability has been identified in Cerberus PRO EN
Engineering Too ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-21761 (An improper authorization vulnerability [CWE-285] in
FortiPortal versi ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-21483 (A vulnerability has been identified in SENTRON 7KM PAC3120
AC/DC (7KM3 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-21451 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21450 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21448 (Microsoft Teams for Android Information Disclosure
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21446 (NTFS Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21445 (Windows USB Print Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21444 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21443 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21442 (Windows USB Print Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21441 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21440 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21439 (Windows Telephony Server Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21438 (Microsoft AllJoyn API Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21437 (Windows Graphics Component Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21436 (Windows Installer Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21435 (Windows OLE Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21434 (Microsoft Windows SCSI Class System File Elevation of
Privilege Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21433 (Windows Print Spooler Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21432 (Windows Update Stack Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21431 (Hypervisor-Protected Code Integrity (HVCI) Security Feature
Bypass Vul ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21430 (Windows USB Attached SCSI (UAS) Protocol Remote Code Execution
Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21429 (Windows USB Hub Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21427 (Windows Kerberos Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21426 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21421 (Azure SDK Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21419 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21418 (Software for Open Networking in the Cloud (SONiC) Elevation of
Privile ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21411 (Skype for Consumer Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21408 (Windows Hyper-V Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21407 (Windows Hyper-V Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21400 (Microsoft Azure Kubernetes Service Confidential Container
Elevation of ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21392 (.NET and Visual Studio Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21390 (Microsoft Authenticator Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21334 (Open Management Infrastructure (OMI) Remote Code Execution
Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21330 (Open Management Infrastructure (OMI) Elevation of Privilege
Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20671 (Microsoft Defender Security Feature Bypass Vulnerability)
TODO: check
CVE-2024-1765 (Cloudflare Quiche (through version 0.19.1/0.20.0) was affected
by an u ...)
@@ -324,13 +324,13 @@ CVE-2024-2193 [GhostRace: Speculative Race Conditions]
NOTE: https://www.vusec.net/projects/ghostrace/
NOTE: https://xenbits.xen.org/xsa/advisory-453.html
CVE-2024-28199 (phlex is an open source framework for building object-oriented
views i ...)
- TODO: check
+ NOT-FOR-US: phlex framework
CVE-2024-28163 (Under certain conditions, Support Web Pages of SAP NetWeaver
Process I ...)
NOT-FOR-US: SAP
CVE-2024-28120 (codeium-chrome is an open source code completion plugin for
the chrome ...)
- TODO: check
+ NOT-FOR-US: codeium-chrome
CVE-2024-27938 (Postal is an open source SMTP server. Postal versions less
than 3.0.0 ...)
- TODO: check
+ NOT-FOR-US: Postal SMTP server (not the same as src:postal)
CVE-2024-27902 (Applications based on SAP GUI for HTML in SAP NetWeaver AS
ABAP - vers ...)
NOT-FOR-US: SAP
CVE-2024-27900 (Due to missing authorization check, attacker with business
user accoun ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d3ebd8ea0aefe19e3b7a31421f317b651d4b9c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d3ebd8ea0aefe19e3b7a31421f317b651d4b9c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
