Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a268088 by Salvatore Bonaccorso at 2024-05-21T15:42:55+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2024-4289 (The Sailthru Triggermail WordPress plugin
through 1.1 does not sa
CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks,
Post Block ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making
requests thro ...)
- requests <unfixed>
NOTE:
https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
@@ -39,9 +39,9 @@ CVE-2024-33901 (Issue in KeePassXC 2.7.7 allows an attacker
to recover some pass
CVE-2024-33900 (KeePassXC 2.7.7 allows attackers to recover cleartext
credentials.)
TODO: check
CVE-2024-2189 (The Social Icons Widget & Block by WPZOOM WordPress plugin
before 4.2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0816 (The buffer overflow vulnerability in the DX3300-T1 firmware
version V5 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2023-37929 (The buffer overflow vulnerability in the CGI program of the
VMG3625-T5 ...)
TODO: check
CVE-2024-5137 (A vulnerability classified as problematic was found in
PHPGurukul Dire ...)
@@ -83,15 +83,15 @@ CVE-2024-34947 (Quanxun Huiju Network Technology (Beijing)
Co.,Ltd IK-Q3000 3.7.
CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get
file fl ...)
NOT-FOR-US: smanga
CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before
allows ...)
- TODO: check
+ NOT-FOR-US: Waxlab wax
CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
TODO: check
CVE-2024-29651 (A Prototype Pollution issue in API Dev Tools
json-schema-ref-parser v. ...)
TODO: check
CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a
reflected c ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-27312 (Zoho ManageEngine PAM360 version 6601 is vulnerable to
authorization v ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine
v.0.9.0 a ...)
TODO: check
CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader
v.10.0.3 all ...)
@@ -99,19 +99,19 @@ CVE-2024-24293 (A Prototype Pollution issue in
MiguelCastillo @bit/loader v.10.0
CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the
Authorization head ...)
TODO: check
CVE-2024-0401 (ASUS routers supporting custom OpenVPN profiles are vulnerable
to a co ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2023-49335 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49334 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49333 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49332 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49331 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2023-49330 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2024-36009 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.8.9-1
[bookworm] - linux 6.1.90-1
@@ -1024,7 +1024,7 @@ CVE-2024-5064 (A vulnerability was found in PHPGurukul
Online Course Registratio
CVE-2024-5063 (A vulnerability was found in PHPGurukul Online Course
Registration Sys ...)
NOT-FOR-US: PHPGurukul Online Course Registration System
CVE-2024-5055 (Uncontrolled resource consumption vulnerability in XAMPP
Windows, vers ...)
- TODO: check
+ NOT-FOR-US: XAMPP Windows
CVE-2024-5052 (Denial of Service (DoS) vulnerability for Cerberus Enterprise
8.0.10.3 ...)
NOT-FOR-US: Cerberus Enterprise
CVE-2024-5051 (A vulnerability has been found in SourceCodester Gas Agency
Management ...)
@@ -1803,7 +1803,7 @@ CVE-2024-22120 (Zabbix server can perform command
execution for configured scrip
CVE-2024-21746 (Authentication Bypass by Spoofing vulnerability in Wpmet Wp
Ultimate R ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5597 (A stored Cross-site Scripting (XSS) vulnerability affecting
3DDashboar ...)
- TODO: check
+ NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x
CVE-2023-52698 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.6.15-1
[bookworm] - linux 6.1.76-1
@@ -2061,17 +2061,17 @@ CVE-2023-47679 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2023-47178 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2023-46784 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46205 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46197 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46145 (Improper Privilege Management vulnerability in Themify Themify
Ultra a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45652 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44478 (Cross-Site Request Forgery (CSRF) vulnerability in WP Hive
Events Rich ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for
WooCommerce plu ...)
@@ -2173,83 +2173,83 @@ CVE-2023-48368 (Improper input validation in Intel(R)
Media SDK software all ver
CVE-2023-47859 (Improper access control for some Intel(R) Wireless Bluetooth
products ...)
NOT-FOR-US: Intel
CVE-2023-47282 (Out-of-bounds write in Intel(R) Media SDK all versions and
some Intel( ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-47210 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi softw ...)
TODO: check
CVE-2023-47169 (Improper buffer restrictions in Intel(R) Media SDK software
all versio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-47165 (Improper conditions check in the Intel(R) Data Center GPU Max
Series 1 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-46691 (Use after free in Intel(R) Power Gadget software for Windows
all versi ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-46689 (Improper neutralization in Intel(R) Power Gadget software for
macOS al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45846 (Incomplete cleanup in Intel(R) Power Gadget software for macOS
all ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45845 (Improper conditions check for some Intel(R) Wireless
Bluetooth(R) prod ...)
TODO: check
CVE-2023-45743 (Uncontrolled search path in some Intel(R) DSA software
uninstallers be ...)
TODO: check
CVE-2023-45736 (Insecure inherited permissions in Intel(R) Power Gadget
software for W ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45320 (Uncontrolled search path element in some Intel(R) VTune(TM)
Profiler s ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45315 (Improper initialization in some Intel(R) Power Gadget software
for Win ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45221 (Improper buffer restrictions in Intel(R) Media SDK all
versions may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-45217 (Improper access control in Intel(R) Power Gadget software for
Windows ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43751 (Uncontrolled search path in Intel(R) Graphics Command Center
Service b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43748 (Improper access control in some Intel(R) GPA Framework
software instal ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43745 (Improper input validation in some Intel(R) CBI software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43629 (Incorrect default permissions in some Intel(R) GPA software
installers ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-43487 (Improper access control in some Intel(R) CST before version
2.1.10300 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42773 (Improper neutralization in Intel(R) Power Gadget software for
Windows ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42668 (Incorrect default permissions in some onboard video driver
software be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-42433 (Incorrect default permissions in some Endurance Gaming Mode
software i ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41961 (Uncontrolled search path in some Intel(R) GPA software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41957 (Improper Privilege Management vulnerability in smp7,
wp.Insider Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41956 (Improper Authentication vulnerability in smp7, wp.Insider
Simple Membe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41955 (Improper Privilege Management vulnerability in WPDeveloper
Essential A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41954 (Improper Privilege Management vulnerability in ProfilePress
Membership ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41665 (Improper Privilege Management vulnerability in GiveWP allows
Privilege ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41243 (Improper Privilege Management vulnerability in WPvivid Team
WPvivid Ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41234 (NULL pointer dereference in Intel(R) Power Gadget software for
Windows ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41092 (Unchecked return value in SDM firmware for Intel(R) Stratix 10
and Int ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-41082 (Null pointer dereference for some Intel(R) CST software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40536 (Race condition for some some Intel(R) PROSet/Wireless WiFi
software fo ...)
TODO: check
CVE-2023-40155 (Uncontrolled search path for some Intel(R) CST software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40071 (Improper access control in some Intel(R) GPA software
installers befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-40070 (Improper access control in some Intel(R) Power Gadget software
for mac ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39929 (Uncontrolled search path in some Libva software maintained by
Intel(R) ...)
TODO: check
CVE-2023-39433 (Improper access control for some Intel(R) CST software before
version ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2023-39163 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38654 (Improper input validation for some some Intel(R)
PROSet/Wireless WiFi ...)
TODO: check
CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows
all vers ...)
@@ -2797,7 +2797,7 @@ CVE-2023-5936 (On Unix systems (Linux, MacOS), Arc uses a
temporary file with un
CVE-2023-5935 (When configuring Arc (e.g. during the first setup), a local web
interf ...)
NOT-FOR-US: Nozomi Networks
CVE-2023-40297 (Stakater Forecastle 1.0.139 and before allows %5C../ directory
travers ...)
- TODO: check
+ NOT-FOR-US: Stakater Forecastle
CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL
parameter, ...)
NOT-FOR-US: ITPison OMICARD EDM
CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input
parameters, a ...)
@@ -3309,17 +3309,17 @@ CVE-2024-0762 (Potential buffer overflow in unsafe
UEFI variable handling in
CVE-2023-50180 (An exposure of sensitive system information to an unauthorized
control ...)
NOT-FOR-US: ForiGuard
CVE-2023-46714 (A stack-based buffer overflow [CWE-121] vulnerability in
Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-46280 (A vulnerability has been identified in S7-PCT (All versions),
Security ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-45586 (An insufficient verification of data authenticity
vulnerability [CWE-3 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-45583 (A use of externally-controlled format string in Fortinet
FortiProxy ve ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-44247 (A double free vulnerability [CWE-415] in Fortinet FortiOS
before 7.0.0 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-40720 (An authorization bypass through user-controlled key
vulnerability [CWE ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-36640 (A use of externally-controlled format string in Fortinet
FortiProxy ve ...)
TODO: check
CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix
WinFlash Dri ...)
@@ -3747,7 +3747,7 @@ CVE-2024-27082 (Cacti provides an operational monitoring
and fault management fr
- cacti 1.2.27+ds1-1
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h
CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content
Fusion v6.1 ...)
- TODO: check
+ NOT-FOR-US: Oxygen XML Web Author and Oxygen Content Fusion
CVE-2024-25641 (Cacti provides an operational monitoring and fault management
framewor ...)
- cacti 1.2.27+ds1-1
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
@@ -3762,7 +3762,7 @@ CVE-2023-50717 (NocoDB is software for building databases
as spreadsheets. Start
CVE-2023-49781 (NocoDB is software for building databases as spreadsheets.
Prior to 0. ...)
NOT-FOR-US: NocoDB
CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh,
extcap/SnifferAP ...)
- TODO: check
+ NOT-FOR-US: Nordic Semiconductor nRF Sniffer for Bluetooth
CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by
authorization ...)
TODO: check
CVE-2024-27401 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2680882ddd3a1abf6e58c4308c4a94623c44d7
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2680882ddd3a1abf6e58c4308c4a94623c44d7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
