[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 8 21:33:38 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
831fa063 by Salvatore Bonaccorso at 2024-04-08T22:33:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application Securit
 CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management System  ...)
 	NOT-FOR-US: SourceCodester Laundry Management System
 CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It  ...)
-	TODO: check
+	NOT-FOR-US: Wangshen SecGate 3600
 CVE-2024-3443 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Prison Management System
 CVE-2024-3442 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -67,7 +67,7 @@ CVE-2024-31205 (Saleor is an e-commerce platform. Starting in version 3.10.0 and
 CVE-2024-30269 (DataEase, an open source data visualization and analysis tool, has a d ...)
 	NOT-FOR-US: DataEase
 CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified  ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu ver ...)
 	NOT-FOR-US: Faucet SDN Ryu
 CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...)
@@ -87,69 +87,69 @@ CVE-2024-26574 (Insecure Permissions vulnerability in Wondershare Filmora v.13.0
 CVE-2024-24279 (An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint  ...)
 	TODO: check
 CVE-2024-23192 (RSS feeds that contain malicious data- attributes could be abused to i ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange
 CVE-2024-23191 (Upsell advertisement information of an account can be manipulated to e ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange
 CVE-2024-23190 (Upsell shop information of an account can be manipulated to execute sc ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange
 CVE-2024-23189 (Embedded content references at tasks could be used to temporarily exec ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange
 CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via the com ...)
-	TODO: check
+	NOT-FOR-US: Apfloat
 CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a NullPointerException via t ...)
-	TODO: check
+	NOT-FOR-US: Apfloat
 CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer overflow ...)
-	TODO: check
+	NOT-FOR-US: ThreeTen Backport
 CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...)
-	TODO: check
+	NOT-FOR-US: JGraphT Core
 CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent visitors f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. Impact: Succ ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52553 (Race condition vulnerability in the Wi-Fi module. Impact: Successful e ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52552 (Input verification vulnerability in the power module. Impact: Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52551 (Vulnerability of data verification errors in the kernel module. Impact ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52550 (Vulnerability of data verification errors in the kernel module. Impact ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52549 (Vulnerability of data verification errors in the kernel module. Impact ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52546 (Vulnerability of package name verification being bypassed in the Calen ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52545 (Vulnerability of undefined permissions in the Calendar app. Impact: Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52544 (Vulnerability of file path verification being bypassed in the email mo ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52543 (Permission verification vulnerability in the system module. Impact: Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52542 (Permission verification vulnerability in the system module. Impact: Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52541 (Authentication vulnerability in the API for app pre-loading. Impact: S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52540 (Vulnerability of improper authentication in the Iaware module. Impact: ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52539 (Permission verification vulnerability in the Settings module. Impact:  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52538 (Vulnerability of package name verification being bypassed in the HwIms ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52537 (Vulnerability of package name verification being bypassed in the HwIms ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52388 (Permission control vulnerability in the clock module. Impact: Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52386 (Out-of-bounds write vulnerability in the RSMC module. Impact: Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52385 (Out-of-bounds write vulnerability in the RSMC module. Impact: Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52364 (Vulnerability of input parameters being not strictly verified in the R ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52359 (Vulnerability of permission verification in some APIs in the ActivityT ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2014-125111 (A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and c ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
@@ -106069,7 +106069,7 @@ CVE-2022-43218
 CVE-2022-43217
 	RESERVED
 CVE-2022-43216 (AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a ...)
-	TODO: check
+	NOT-FOR-US: AbrhilSoft Employee's Portal
 CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL injection  ...)
 	NOT-FOR-US: Billing System Project
 CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL injection  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/831fa0635506b41d0adb1266a2032ab317479072

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/831fa0635506b41d0adb1266a2032ab317479072
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240408/9b421cf7/attachment.htm>

More information about the debian-security-tracker-commits mailing list