Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3c74ae1a by Salvatore Bonaccorso at 2024-01-09T21:56:20+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -120,7 +120,7 @@ CVE-2024-0228 CVE-2024-0226 (Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored ...) NOT-FOR-US: Synopsys CVE-2024-0213 (A buffer overflow vulnerability in TA for Linux and TA for MacOS prior ...) - TODO: check + NOT-FOR-US: Trellix CVE-2024-0206 (A symbolic link manipulation vulnerability in Trellix Anti-Malware Eng ...) NOT-FOR-US: Trellix CVE-2024-0057 (NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnera ...) @@ -146,59 +146,59 @@ CVE-2023-5376 (An Improper Authentication vulnerability in Korenix JetNet TFTP a CVE-2023-5347 (An Improper Verification of Cryptographic Signature vulnerability in t ...) NOT-FOR-US: Korenix JetNet Series CVE-2023-51746 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-51745 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-51744 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-51439 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.6 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-51438 (A vulnerability has been identified in SIMATIC IPC1047E (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-50974 (In Appwrite CLI before 3.0.0, when using the login command, the creden ...) TODO: check CVE-2023-50585 (Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49722 (Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 product ...) - TODO: check + NOT-FOR-US: WiFi firmware of BCC101/BCC102/BCC50 products CVE-2023-49621 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49252 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49251 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49237 (An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-49236 (A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5 ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-49235 (An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5. ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2023-49132 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49131 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49130 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49129 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49128 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49127 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49126 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49124 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49123 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49122 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-49121 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-44120 (A vulnerability has been identified in Spectrum Power 7 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-42797 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) - TODO: check + NOT-FOR-US: Siemens CVE-2022-48618 (The issue was addressed with improved checks. This issue is fixed in m ...) TODO: check CVE-2023-41056 [Buffer overflow in certain payloads may lead to remote code execution] @@ -272,19 +272,19 @@ CVE-2023-50931 (An issue was discovered in savignano S/Notify before 2.0.1 for B CVE-2023-50930 (An issue was discovered in savignano S/Notify before 4.0.2 for Jira. W ...) TODO: check CVE-2023-50643 (An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote atta ...) - TODO: check + NOT-FOR-US: Evernote CVE-2023-50162 (SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers ...) - TODO: check + NOT-FOR-US: EmpireCMS CVE-2023-49961 (WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x an ...) - TODO: check + NOT-FOR-US: WALLIX Access Manager CVE-2023-49238 (In Gradle Enterprise before 2023.1, a remote attacker may be able to g ...) TODO: check CVE-2023-46906 (juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in ...) - TODO: check + NOT-FOR-US: juzaweb CVE-2023-39336 (An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2023-36629 (The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W0 ...) - TODO: check + NOT-FOR-US: ST ST54-android-packages-apps-Nfc package for Android CVE-2024-21747 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: WordPress plugin CVE-2024-21745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -43279,15 +43279,15 @@ CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT (All CVE-2023-29053 (A vulnerability has been identified in JT Open (All versions < V11.3.2 ...) NOT-FOR-US: Siemens CVE-2023-29052 (Users were able to define disclaimer texts for an upsell shop dialog t ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2023-29051 (User-defined OXMF templates could be used to access a limited part of ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2023-29050 (The optional "LDAP contacts provider" could be abused by privileged us ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2023-29049 (The "upsell" widget at the portal page could be abused to inject arbit ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2023-29048 (A component for parsing OXMF templates could be abused to execute arbi ...) - TODO: check + NOT-FOR-US: Open-Xchange CVE-2023-29047 (Imageconverter API endpoints provided methods that were not sufficient ...) NOT-FOR-US: Open-Xchange CVE-2023-29046 (Connections to external data sources, like e-mail autoconfiguration, w ...) @@ -48046,7 +48046,7 @@ CVE-2023-27741 CVE-2023-27740 RESERVED CVE-2023-27739 (easyXDM 2.5 allows XSS via the xdm_e parameter.) - TODO: check + NOT-FOR-US: easyXDM CVE-2023-27738 RESERVED CVE-2023-27737 @@ -49865,7 +49865,7 @@ CVE-2023-27100 (Improper restriction of excessive authentication attempts in the CVE-2023-27099 RESERVED CVE-2023-27098 (TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2023-27097 RESERVED CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) @@ -50072,11 +50072,11 @@ CVE-2023-27002 CVE-2023-27001 RESERVED CVE-2023-27000 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...) - TODO: check + NOT-FOR-US: NetScoutnGeniusOne CVE-2023-26999 (An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker ...) - TODO: check + NOT-FOR-US: NetScoutnGeniusOne CVE-2023-26998 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...) - TODO: check + NOT-FOR-US: NetScoutnGeniusOne CVE-2023-26997 RESERVED CVE-2023-26996 @@ -75014,7 +75014,7 @@ CVE-2022-45356 CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...) NOT-FOR-US: WordPress plugin CVE-2022-45354 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45353 (Broken Access Control inBetheme theme <= 26.6.1 on WordPress.) NOT-FOR-US: WordPress theme CVE-2022-45352 @@ -90673,7 +90673,7 @@ CVE-2022-40706 CVE-2022-40705 (An Improper Restriction of XML External Entity Reference vulnerability ...) NOT-FOR-US: Apache SOAP CVE-2022-40696 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288] ...) NOT-FOR-US: FortiGuard CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...) @@ -98048,7 +98048,7 @@ CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plu CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: WordPress plugin CVE-2022-36352 (Missing Authorization vulnerability in Profilegrid ProfileGrid \u2013 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-36345 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download ...) @@ -102388,7 +102388,7 @@ CVE-2022-34656 (Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) NOT-FOR-US: WordPress plugin CVE-2022-34344 (Missing Authorization vulnerability in Rymera Web Co Wholesale Suite \ ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-34154 (Authenticated (author or higher user role) Arbitrary File Upload vulne ...) NOT-FOR-US: WordPress plugin CVE-2022-33970 (Authenticated WordPress Options Change vulnerability in Biplob018 Shor ...) @@ -123655,7 +123655,7 @@ CVE-2022-28977 (HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, a CVE-2022-28976 RESERVED CVE-2022-28975 (A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8. ...) - TODO: check + NOT-FOR-US: Infoblox NIOS CVE-2022-28974 RESERVED CVE-2022-28973 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c74ae1a58dd1b7e2ab3a6d4b86172ba30b9fed6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c74ae1a58dd1b7e2ab3a6d4b86172ba30b9fed6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits