[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu, 08 Feb 2024 12:29:52 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a1e71b9b by Salvatore Bonaccorso at 2024-02-08T21:28:48+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,75 +5,75 @@ CVE-2024-25190 (l8w8jwt 2.2.1 uses memcmp (which is not 
constant time) to verify
 CVE-2024-25189 (libjwt 1.15.3 uses strcmp (which is not constant time) to 
verify authe ...)
        TODO: check
 CVE-2024-24886 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24885 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24881 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24880 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24879 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24878 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24877 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24871 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24836 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24834 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24321 (An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote 
attacker to ex ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-24215 (An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx 
NVT Web ...)
-       TODO: check
+       NOT-FOR-US: Cellinx NVT Web Server
 CVE-2024-24213 (Supabase PostgreSQL v15.1 was discovered to contain a SQL 
injection vu ...)
        TODO: check
 CVE-2024-24115 (A stored cross-site scripting (XSS) vulnerability in the Edit 
Page fun ...)
-       TODO: check
+       NOT-FOR-US: Cotonti CMS
 CVE-2024-24113 (xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: XXL-Job
 CVE-2024-24034 (Setor Informatica S.I.L version 3.0 is vulnerable to Open 
Redirect via ...)
-       TODO: check
+       NOT-FOR-US: Setor Informatica S.I.L
 CVE-2024-23764 (Certain WithSecure products allow Local Privilege Escalation. 
This aff ...)
-       TODO: check
+       NOT-FOR-US: WithSecure Client Security
 CVE-2024-23660 (The Binance Trust Wallet app for iOS in commit 
3cd6e8f647fbba8b5d8844f ...)
-       TODO: check
+       NOT-FOR-US: Binance Trust Wallet app for iOS
 CVE-2024-23452 (Request smuggling vulnerability in HTTP server in Apache bRPC 
0.9.5~1. ...)
        TODO: check
 CVE-2024-22836 (An OS command injection vulnerability exists in Akaunting 
v3.1.3 and e ...)
-       TODO: check
+       NOT-FOR-US: Akaunting
 CVE-2024-22795 (Insecure Permissions vulnerability in Forescout 
SecureConnector v.11.3 ...)
-       TODO: check
+       NOT-FOR-US: Forescout SecureConnector
 CVE-2024-22464 (Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including 
all Servi ...)
-       TODO: check
+       NOT-FOR-US: Dell EMC AppSync
 CVE-2024-1329 (HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 
1.7.3 tem ...)
        TODO: check
 CVE-2024-1207 (The WP Booking Calendar plugin for WordPress is vulnerable to 
SQL Inje ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1150 (Improper Verification of Cryptographic Signature vulnerability 
in Snow ...)
-       TODO: check
+       NOT-FOR-US: Snow Software Inventory Agent
 CVE-2024-1149 (Improper Verification of Cryptographic Signature vulnerability 
in Snow ...)
-       TODO: check
+       NOT-FOR-US: Snow Software Inventory Agent
 CVE-2024-0965 (The Simple Page Access Restriction plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0242 (Under certain circumstances IQ Panel4 and IQ4 Hub panel 
software prior ...)
        TODO: check
 CVE-2023-7169 (Authentication Bypass by Spoofing vulnerability in Snow 
Software Snow  ...)
-       TODO: check
+       NOT-FOR-US: Snow Software Snow Inventory Agent
 CVE-2023-6519 (Exposure of Data Element to Wrong Session vulnerability in Mia 
Technol ...)
-       TODO: check
+       NOT-FOR-US: Mia Technology Inc. MIA-MED
 CVE-2023-6518 (Plaintext Storage of a Password vulnerability in Mia Technology 
Inc. M ...)
-       TODO: check
+       NOT-FOR-US: Mia Technology Inc. MIA-MED
 CVE-2023-6517 (Exposure of Sensitive Information Due to Incompatible Policies 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Mia Technology Inc. MIA-MED
 CVE-2023-6515 (Authorization Bypass Through User-Controlled Key vulnerability 
in Mia  ...)
-       TODO: check
+       NOT-FOR-US: Mia Technology Inc. MIA-MED
 CVE-2023-50061 (PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-47020 (Multiple Cross-Site Request Forgery (CSRF) chaining in NCR 
Terminal Ha ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-42282 (An issue in NPM IP Package v.1.1.8 and before allows an 
attacker to ex ...)
        TODO: check
 CVE-2024-0985 (Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY 
in Postg ...)
@@ -137,11 +137,11 @@ CVE-2024-0511 (The Royal Elementor Addons and Templates 
plugin for WordPress is
 CVE-2023-6736 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        TODO: check
 CVE-2023-5665 (The Payment Forms for Paystack plugin for WordPress is 
vulnerable to S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-48974 (Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 
and befo ...)
-       TODO: check
+       NOT-FOR-US: Axigen WebMail
 CVE-2023-47798 (Account lockout in Liferay Portal 7.2.0 through 7.3.0, and 
older unsup ...)
-       TODO: check
+       NOT-FOR-US: Liferay Portal
 CVE-2024-1312 (A use-after-free flaw was found in the Linux kernel's Memory 
Managemen ...)
        - linux 6.4.11-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1e71b9b8d243026795037413c0cc99c5f4eceeb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1e71b9b8d243026795037413c0cc99c5f4eceeb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to