[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 30 22:43:06 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f241123 by Salvatore Bonaccorso at 2024-04-30T23:42:31+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -56,15 +56,15 @@ CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the compone
 CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the component /ac ...)
 	NOT-FOR-US: ThinkSAAS
 CVE-2024-2877 (Vault Enterprise, when configured with performance standby nodes and a ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2617 (A vulnerability exists in the RTU500 that allows for authenticated and ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-2378 (A vulnerability exists in the web-authentication component of the SDM6 ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header web  ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...)
 	NOT-FOR-US: CSS Exfil Protection
 CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...)
@@ -72,9 +72,9 @@ CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the cate
 CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...)
 	TODO: check
 CVE-2024-28269 (ReCrystallize Server 5.10.0.0 allows administrators to upload files to ...)
-	TODO: check
+	NOT-FOR-US: ReCrystallize Server
 CVE-2024-26331 (ReCrystallize Server 5.10.0.0 uses a authorization mechanism that reli ...)
-	TODO: check
+	NOT-FOR-US: ReCrystallize Server
 CVE-2024-25938 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0 ...)
@@ -82,31 +82,31 @@ CVE-2024-25648 (A use-after-free vulnerability exists in the way Foxit Reader 20
 CVE-2024-25575 (A type confusion vulnerability vulnerability exists in the way Foxit R ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2024-23774 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Agent
 CVE-2024-23773 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Agent
 CVE-2024-23772 (An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13 ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE Agent
 CVE-2024-23463 (Anti-tampering protection of the Zscaler Client Connector can be bypas ...)
-	TODO: check
+	NOT-FOR-US: Zscaler
 CVE-2024-22546 (TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet TEW-815DAP
 CVE-2024-22405 (XADMaster is an objective-C library for archive and file unarchiving a ...)
 	TODO: check
 CVE-2024-1895 (The Event Monster \u2013 Event Management, Tickets Booking, Upcoming E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50915 (An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67 ...)
-	TODO: check
+	NOT-FOR-US: GOG Galaxy
 CVE-2023-50914 (A Privilege Escalation issue in the inter-process communication proced ...)
-	TODO: check
+	NOT-FOR-US: GOG Galaxy
 CVE-2023-50059 (An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to ob ...)
-	TODO: check
+	NOT-FOR-US: ingalxe.com Galxe
 CVE-2023-50053 (An issue in Foundation.app Foundation platform 1.0 allows a remote att ...)
-	TODO: check
+	NOT-FOR-US: Foundation.app Foundation platform
 CVE-2023-49473 (Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware
 CVE-2023-46304 (modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote au ...)
-	TODO: check
+	NOT-FOR-US: Vtiger CRM
 CVE-2023-45385 (ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Dire ...)
 	TODO: check
 CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2411235e63e394a1ab6e7cb7ee0576ca9aee9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2411235e63e394a1ab6e7cb7ee0576ca9aee9e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240430/723199b4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list