[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 06 Mar 2024 12:55:34 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3fc56f07 by Salvatore Bonaccorso at 2024-03-06T21:53:50+01:00
Process some NFUs

- - - - -
15b87118 by Salvatore Bonaccorso at 2024-03-06T21:53:52+01:00
Add CVE-2024-27289/golang-github-jackc-pgx

- - - - -
4a40a821 by Salvatore Bonaccorso at 2024-03-06T21:53:54+01:00
Add CVE-2024-24761/galette

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-2211 (Cross-Site Scripting stored vulnerability in Gophish affecting 
version ...)
-       TODO: check
+       NOT-FOR-US: Gophish
 CVE-2024-28174 (In JetBrains TeamCity before 2023.11.4 presigned URL 
generation reques ...)
        NOT-FOR-US: JetBrains TeamCity
 CVE-2024-28173 (In JetBrains TeamCity between 2023.11 and 2023.11.4 custom 
build param ...)
@@ -23,41 +23,43 @@ CVE-2024-27303 (electron-builder is a solution to package 
and build a ready for
 CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to 
specify a C ...)
        TODO: check
 CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to 
version 4.18.2 ...)
-       TODO: check
+       - golang-github-jackc-pgx <unfixed>
+       NOTE: 
https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
+       NOTE: 
https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c 
(v4.18.2)
 CVE-2024-27288 (1Panel is an open source Linux server operation and 
maintenance manage ...)
        NOT-FOR-US: 1Panel
 CVE-2024-27287 (ESPHome is a system to control your ESP8266/ESP32 for Home 
Automation  ...)
        NOT-FOR-US: ESPHome
 CVE-2024-25359 (An issue in zuoxingdong lagom v.0.1.2 allows a local attacker 
to execu ...)
-       TODO: check
+       NOT-FOR-US: zuoxingdong lagom
 CVE-2024-25103 (This vulnerability exists in AppSamvid software due to the 
usage of vu ...)
-       TODO: check
+       NOT-FOR-US: AppSamvid software
 CVE-2024-25102 (This vulnerability exists in AppSamvid software due to the 
usage of a  ...)
-       TODO: check
+       NOT-FOR-US: AppSamvid software
 CVE-2024-24767 (CasaOS-UserService provides user management functionalities to 
CasaOS. ...)
-       TODO: check
+       NOT-FOR-US: CasaOS
 CVE-2024-24766 (CasaOS-UserService provides user management functionalities to 
CasaOS. ...)
-       TODO: check
+       NOT-FOR-US: CasaOS
 CVE-2024-24765 (CasaOS-UserService provides user management functionalities to 
CasaOS. ...)
-       TODO: check
+       NOT-FOR-US: CasaOS
 CVE-2024-24761 (Galette is a membership management web application for non 
profit orga ...)
-       TODO: check
+       - galette <removed>
 CVE-2024-20346 (A vulnerability in the web-based management interface of Cisco 
AppDyna ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20345 (A vulnerability in the file upload functionality of Cisco 
AppDynamics  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20338 (A vulnerability in the ISE Posture (System Scan) module of 
Cisco Secur ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20337 (A vulnerability in the SAML authentication process of Cisco 
Secure Cli ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20336 (A vulnerability in the web-based user interface of Cisco Small 
Busines ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20335 (A vulnerability in the web-based management interface of Cisco 
Small B ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20301 (A vulnerability in Cisco Duo Authentication for Windows Logon 
and RDP  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20292 (A vulnerability in the logging component of Cisco Duo 
Authentication f ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-1224 (This vulnerability exists in USB Pratirodh due to the usage of 
a weake ...)
        TODO: check
 CVE-2024-1142 (Path Traversal in Sonatype IQ Server from version 143 allows 
remote au ...)
@@ -4152,7 +4154,7 @@ CVE-2024-22220 (An issue was discovered in Terminalfour 
7.4 through 7.4.0004 QP3
 CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified 
Intelligence  ...)
        NOT-FOR-US: Cisco
 CVE-2024-1714 (An issue exists in all supported versions of IdentityIQ 
Lifecycle Mana ...)
-       TODO: check
+       NOT-FOR-US: IdentityIQ Lifecycle Manager
 CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an 
Authenti ...)
        NOT-FOR-US: ConnectWise ScreenConnect
 CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by 
path-traver ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/73dedb18d9cf68d1327125f6c252a37a4cb0d846...4a40a82117256760ce6a04c471294c059cefc53c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/73dedb18d9cf68d1327125f6c252a37a4cb0d846...4a40a82117256760ce6a04c471294c059cefc53c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Reply via email to