[Git][security-tracker-team/security-tracker][master] NFUs

Wed, 10 Jan 2024 08:26:30 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
28ec6493 by Moritz Muehlenhoff at 2024-01-10T17:25:46+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,7 @@
+CVE-2023-49619
+       NOT-FOR-US: Apache Answer
 CVE-2024-21643 (IdentityModel Extensions for .NET provide assemblies for web 
developer ...)
-       TODO: check
+       NOT-FOR-US: IdentityModel Extensions for .NET
 CVE-2024-0364 (A vulnerability, which was classified as critical, was found in 
PHPGur ...)
        NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2024-0363 (A vulnerability, which was classified as critical, has been 
found in P ...)
@@ -111,7 +113,7 @@ CVE-2024-22165 (In Splunk Enterprise Security (ES) versions 
lower than 7.1.2, an
 CVE-2024-22164 (In Splunk Enterprise Security (ES) versions below 7.1.2, an 
attacker c ...)
        NOT-FOR-US: Splunk Enterprise Security (ES)
 CVE-2024-21668 (react-native-mmkv is a library that allows easy use of MMKV 
inside Rea ...)
-       TODO: check
+       NOT-FOR-US: react-native-mmkv
 CVE-2024-21664 (jwx is a Go module implementing various JWx 
(JWA/JWE/JWK/JWS/JWT, othe ...)
        TODO: check
 CVE-2024-21325 (Microsoft Printer Metadata Troubleshooter Tool Remote Code 
Execution V ...)
@@ -179,7 +181,7 @@ CVE-2024-20676 (Azure Storage Mover Remote Code Execution 
Vulnerability)
 CVE-2024-20674 (Windows Kerberos Security Feature Bypass Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-20672 (.NET Core and Visual Studio Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft .NET
 CVE-2024-20666 (BitLocker Security Feature Bypass Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-20664 (Microsoft Message Queuing Information Disclosure Vulnerability)
@@ -224,7 +226,7 @@ CVE-2024-0213 (A buffer overflow vulnerability in TA for 
Linux and TA for MacOS
 CVE-2024-0206 (A symbolic link manipulation vulnerability in Trellix 
Anti-Malware Eng ...)
        NOT-FOR-US: Trellix
 CVE-2024-0057 (NET, .NET Framework, and Visual Studio Security Feature Bypass 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Microsoft .NET
 CVE-2024-0056 (Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data 
Provider S ...)
        NOT-FOR-US: Microsoft
 CVE-2023-7223 (A vulnerability classified as problematic has been found in 
Totolink T ...)
@@ -300,7 +302,7 @@ CVE-2023-44120 (A vulnerability has been identified in 
Spectrum Power 7 (All ver
 CVE-2023-42797 (A vulnerability has been identified in CP-8031 MASTER MODULE 
(All vers ...)
        NOT-FOR-US: Siemens
 CVE-2022-48618 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2023-41056 [Buffer overflow in certain payloads may lead to remote code 
execution]
        - redis 5:7.0.15-1 (bug #1060316)
        [bullseye] - redis <not-affected> (Vulnerable code not present)
@@ -329,7 +331,7 @@ CVE-2024-21651 (XWiki Platform is a generic wiki platform 
offering runtime servi
 CVE-2024-21648 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
        NOT-FOR-US: XWiki
 CVE-2024-21646 (Azure uAMQP is a general purpose C library for AMQP 1.0. The 
UAMQP lib ...)
-       TODO: check
+       NOT-FOR-US: Azure uAMQP
 CVE-2023-7220 (A vulnerability was found in Totolink NR1800X 
9.1.0u.6279_B20210910 an ...)
        NOT-FOR-US: Totolink
 CVE-2023-7219 (A vulnerability has been found in Totolink N350RT 
9.3.5u.6139_B202012  ...)
@@ -463,7 +465,7 @@ CVE-2023-5911 (The WP Custom Cursors | WordPress Cursor 
Plugin WordPress plugin
 CVE-2023-5235 (The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does 
not li ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-5091 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel 
Driver allo ...)
-       TODO: check
+       NOT-FOR-US: Arm
 CVE-2023-52271 (The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud 
allows low-pr ...)
        NOT-FOR-US: Topaz Antifraud
 CVE-2023-52225 (Deserialization of Untrusted Data vulnerability in Tagbox 
Tagbox \u201 ...)
@@ -499,13 +501,13 @@ CVE-2023-52200 (Cross-Site Request Forgery (CSRF), 
Deserialization of Untrusted
 CVE-2023-52190 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-51701 (fastify-reply-from is a Fastify plugin to forward the current 
HTTP req ...)
-       TODO: check
+       NOT-FOR-US: fastify-reply-from
 CVE-2023-51508 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-51246 (A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 
3.3.16 exi ...)
        NOT-FOR-US: GetSimple CMS
 CVE-2023-50982 (Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of 
executab ...)
-       TODO: check
+       NOT-FOR-US: Stud.IP
 CVE-2023-47890 (pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.)
        - pyload <itp> (bug #1001980)
 CVE-2023-47211 (A directory traversal vulnerability exists in the uploadMib 
functional ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28ec649336befdbfde626289f8a856ffeb5c36d8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28ec649336befdbfde626289f8a856ffeb5c36d8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to