Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c74ae1a by Salvatore Bonaccorso at 2024-01-09T21:56:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -120,7 +120,7 @@ CVE-2024-0228
CVE-2024-0226 (Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a
stored ...)
NOT-FOR-US: Synopsys
CVE-2024-0213 (A buffer overflow vulnerability in TA for Linux and TA for
MacOS prior ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-0206 (A symbolic link manipulation vulnerability in Trellix
Anti-Malware Eng ...)
NOT-FOR-US: Trellix
CVE-2024-0057 (NET, .NET Framework, and Visual Studio Security Feature Bypass
Vulnera ...)
@@ -146,59 +146,59 @@ CVE-2023-5376 (An Improper Authentication vulnerability
in Korenix JetNet TFTP a
CVE-2023-5347 (An Improper Verification of Cryptographic Signature
vulnerability in t ...)
NOT-FOR-US: Korenix JetNet Series
CVE-2023-51746 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.6 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-51745 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.6 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-51744 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.6 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-51439 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.6 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-51438 (A vulnerability has been identified in SIMATIC IPC1047E (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-50974 (In Appwrite CLI before 3.0.0, when using the login command,
the creden ...)
TODO: check
CVE-2023-50585 (Tenda A18 v15.13.07.09 was discovered to contain a stack
overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-49722 (Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50
product ...)
- TODO: check
+ NOT-FOR-US: WiFi firmware of BCC101/BCC102/BCC50 products
CVE-2023-49621 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49252 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49251 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49237 (An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714
devices. ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-49236 (A stack-based buffer overflow was discovered on TRENDnet
TV-IP1314PI 5 ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-49235 (An issue was discovered in libremote_dbg.so on TRENDnet
TV-IP1314PI 5. ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2023-49132 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49131 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49130 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49129 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49128 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49127 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49126 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49124 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49123 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49122 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49121 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-44120 (A vulnerability has been identified in Spectrum Power 7 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-42797 (A vulnerability has been identified in CP-8031 MASTER MODULE
(All vers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2022-48618 (The issue was addressed with improved checks. This issue is
fixed in m ...)
TODO: check
CVE-2023-41056 [Buffer overflow in certain payloads may lead to remote code
execution]
@@ -272,19 +272,19 @@ CVE-2023-50931 (An issue was discovered in savignano
S/Notify before 2.0.1 for B
CVE-2023-50930 (An issue was discovered in savignano S/Notify before 4.0.2 for
Jira. W ...)
TODO: check
CVE-2023-50643 (An issue in Evernote Evernote for MacOS v.10.68.2 allows a
remote atta ...)
- TODO: check
+ NOT-FOR-US: Evernote
CVE-2023-50162 (SQL injection vulnerability in EmpireCMS v7.5, allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: EmpireCMS
CVE-2023-49961 (WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access
Manager 3.x an ...)
- TODO: check
+ NOT-FOR-US: WALLIX Access Manager
CVE-2023-49238 (In Gradle Enterprise before 2023.1, a remote attacker may be
able to g ...)
TODO: check
CVE-2023-46906 (juzaweb <= 3.4 is vulnerable to Incorrect Access Control,
resulting in ...)
- TODO: check
+ NOT-FOR-US: juzaweb
CVE-2023-39336 (An unspecified SQL Injection vulnerability in Ivanti Endpoint
Manager ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-36629 (The ST ST54-android-packages-apps-Nfc package before
130-20230215-23W0 ...)
- TODO: check
+ NOT-FOR-US: ST ST54-android-packages-apps-Nfc package for Android
CVE-2024-21747 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-21745 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -43279,15 +43279,15 @@ CVE-2023-29054 (A vulnerability has been identified
in SCALANCE X200-4P IRT (All
CVE-2023-29053 (A vulnerability has been identified in JT Open (All versions <
V11.3.2 ...)
NOT-FOR-US: Siemens
CVE-2023-29052 (Users were able to define disclaimer texts for an upsell shop
dialog t ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2023-29051 (User-defined OXMF templates could be used to access a limited
part of ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2023-29050 (The optional "LDAP contacts provider" could be abused by
privileged us ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2023-29049 (The "upsell" widget at the portal page could be abused to
inject arbit ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2023-29048 (A component for parsing OXMF templates could be abused to
execute arbi ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2023-29047 (Imageconverter API endpoints provided methods that were not
sufficient ...)
NOT-FOR-US: Open-Xchange
CVE-2023-29046 (Connections to external data sources, like e-mail
autoconfiguration, w ...)
@@ -48046,7 +48046,7 @@ CVE-2023-27741
CVE-2023-27740
RESERVED
CVE-2023-27739 (easyXDM 2.5 allows XSS via the xdm_e parameter.)
- TODO: check
+ NOT-FOR-US: easyXDM
CVE-2023-27738
RESERVED
CVE-2023-27737
@@ -49865,7 +49865,7 @@ CVE-2023-27100 (Improper restriction of excessive
authentication attempts in the
CVE-2023-27099
RESERVED
CVE-2023-27098 (TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials
for access ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2023-27097
RESERVED
CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j
v.1.4.3 ...)
@@ -50072,11 +50072,11 @@ CVE-2023-27002
CVE-2023-27001
RESERVED
CVE-2023-27000 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne
v.6.3.4 ...)
- TODO: check
+ NOT-FOR-US: NetScoutnGeniusOne
CVE-2023-26999 (An issue found in NetScout nGeniusOne v.6.3.4 allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: NetScoutnGeniusOne
CVE-2023-26998 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne
v.6.3.4 ...)
- TODO: check
+ NOT-FOR-US: NetScoutnGeniusOne
CVE-2023-26997
RESERVED
CVE-2023-26996
@@ -75014,7 +75014,7 @@ CVE-2022-45356
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress
WP Pipe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45354 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45353 (Broken Access Control inBetheme theme <= 26.6.1 on WordPress.)
NOT-FOR-US: WordPress theme
CVE-2022-45352
@@ -90673,7 +90673,7 @@ CVE-2022-40706
CVE-2022-40705 (An Improper Restriction of XML External Entity Reference
vulnerability ...)
NOT-FOR-US: Apache SOAP
CVE-2022-40696 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40684 (An authentication bypass using an alternate path or channel
[CWE-288] ...)
NOT-FOR-US: FortiGuard
CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3
may all ...)
@@ -98048,7 +98048,7 @@ CVE-2022-36358 (Cross-Site Request Forgery (CSRF)
vulnerability in SEO Scout plu
CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36352 (Missing Authorization vulnerability in Profilegrid ProfileGrid
\u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36345 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss
Download ...)
@@ -102388,7 +102388,7 @@ CVE-2022-34656 (Authenticated (admin+) Cross-Site
Scripting (XSS) vulnerability
CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34344 (Missing Authorization vulnerability in Rymera Web Co Wholesale
Suite \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-34154 (Authenticated (author or higher user role) Arbitrary File
Upload vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33970 (Authenticated WordPress Options Change vulnerability in
Biplob018 Shor ...)
@@ -123655,7 +123655,7 @@ CVE-2022-28977 (HtmlUtil.escapeRedirect in Liferay
Portal 7.3.1 through 7.4.2, a
CVE-2022-28976
RESERVED
CVE-2022-28975 (A stored cross-site scripting (XSS) vulnerability in Infoblox
NIOS v8. ...)
- TODO: check
+ NOT-FOR-US: Infoblox NIOS
CVE-2022-28974
RESERVED
CVE-2022-28973 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack
overflow via t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c74ae1a58dd1b7e2ab3a6d4b86172ba30b9fed6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c74ae1a58dd1b7e2ab3a6d4b86172ba30b9fed6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
