[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 15 Mar 2024 13:37:25 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3cc6066e by Salvatore Bonaccorso at 2024-03-15T21:35:37+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Logitech Logi Tune
 CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and 
classified ...)
-       TODO: check
+       NOT-FOR-US: RaspAP raspap-webgui
 CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt 
firmware af ...)
-       TODO: check
+       NOT-FOR-US: riendlyWrt firmware
 CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18 
15.03.0 ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda 
AC18 15 ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has 
been rated ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has 
been decla ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 
9.3.x bef ...)
        TODO: check
 CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 
9.3.x bef ...)
@@ -23,77 +23,77 @@ CVE-2024-28854 (tls-listener is a rust lang wrapper around 
a connection listener
 CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to 
query H ...)
        TODO: check
 CVE-2024-28848 (OpenMetadata is a unified platform for discovery, 
observability, and g ...)
-       TODO: check
+       NOT-FOR-US: OpenMetadata
 CVE-2024-28847 (OpenMetadata is a unified platform for discovery, 
observability, and g ...)
-       TODO: check
+       NOT-FOR-US: OpenMetadata
 CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored 
Cross-s ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to 
Cross Si ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store 
Cross-si ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to 
contain an out ...)
        TODO: check
 CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to 
contain a out  ...)
        TODO: check
 CVE-2024-28255 (OpenMetadata is a unified platform for discovery, 
observability, and g ...)
-       TODO: check
+       NOT-FOR-US: OpenMetadata
 CVE-2024-28254 (OpenMetadata is a unified platform for discovery, 
observability, and g ...)
-       TODO: check
+       NOT-FOR-US: OpenMetadata
 CVE-2024-28253 (OpenMetadata is a unified platform for discovery, 
observability, and g ...)
-       TODO: check
+       NOT-FOR-US: OpenMetadata
 CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication 
Foundat ...)
-       TODO: check
+       NOT-FOR-US: CoreWCF
 CVE-2024-28242 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 
8.1.10  ...)
        TODO: check
 CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable 
vulnerability scann ...)
-       TODO: check
+       NOT-FOR-US: projectdiscovery/nuclei
 CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes 
postMash \u20 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-27100 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-27085 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25934 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25921 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25919 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25916 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25598 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25597 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25596 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25593 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25592 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24975 (Uncontrolled Resource Consumption in Mattermost Mobile 
versions before ...)
-       TODO: check
+       NOT-FOR-US: Mattermost Mobile
 CVE-2024-24827 (Discourse is an open source platform for community discussion. 
Without ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-24748 (Discourse is an open source platform for community discussion. 
In affe ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2023-7248 (Certain functionality in OpenText Vertica Management console 
might be  ...)
-       TODO: check
+       NOT-FOR-US: OpenText Vertica Management console
 CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets 
arrivin ...)
-       TODO: check
+       NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or 
valida ...)
        TODO: check
 CVE-2023-7009 (Some Sciener-based locks support plaintext message processing 
over Blu ...)
@@ -113,17 +113,17 @@ CVE-2023-6725 (An access-control flaw was found in the 
OpenStack Designate compo
 CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset 
Orchestr ...)
        TODO: check
 CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, 
Roland Murg ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs 
Paid Mem ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51369 (Cross-Site Request Forgery (CSRF) vulnerability in SysBasics 
Customize ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-50898 (Missing Authorization vulnerability in sirv.Com Sirv.This 
issue affect ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-50886 (Cross-Site Request Forgery (CSRF), Incorrect Authorization 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-50861 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 
HUSKY \u ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47699 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to 
cross-site  ...)
        NOT-FOR-US: IBM
 CVE-2023-47162 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to 
cross-site  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc6066e0d4c1f4ded5dad1e4ad4ea116da8d885

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc6066e0d4c1f4ded5dad1e4ad4ea116da8d885
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to