[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 7 21:06:21 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f2700b7 by Salvatore Bonaccorso at 2024-02-07T21:36:51+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2024-25201 (Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bou ...)
-	TODO: check
+	NOT-FOR-US: Espruino
 CVE-2024-25200 (Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overf ...)
-	TODO: check
+	NOT-FOR-US: Espruino
 CVE-2024-25145 (Stored cross-site scripting (XSS) vulnerability in the Portal Search m ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2024-25143 (The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, a ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2024-24824 (Graylog is a free and open log management platform. Starting in versio ...)
 	TODO: check
 CVE-2024-24823 (Graylog is a free and open log management platform. Starting in versio ...)
 	TODO: check
 CVE-2024-24822 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...)
-	TODO: check
+	NOT-FOR-US: Pimcore's Admin Classic Bundle
 CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	TODO: check
 CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
 	TODO: check
 CVE-2024-24812 (Frappe is a full-stack web application framework that uses Python and  ...)
-	TODO: check
+	NOT-FOR-US: Frappe Framework
 CVE-2024-24811 (SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnera ...)
 	TODO: check
 CVE-2024-24771 (Open Forms allows users create and publish smart forms. Versions prior ...)
@@ -25,27 +25,27 @@ CVE-2024-24771 (Open Forms allows users create and publish smart forms. Versions
 CVE-2024-24706 (Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp ...)
 	TODO: check
 CVE-2024-24563 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-24488 (An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allo ...)
-	TODO: check
+	NOT-FOR-US: Shenzen Tenda Technology
 CVE-2024-24311 (Path Traversal vulnerability in Linea Grafica "Multilingual and Multis ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-24304 (In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before v ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-24303 (SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvance ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-24189 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-fr ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2024-24188 (Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2024-24186 (Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overfl ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2024-24133 (Atmail v6.6.0 was discovered to contain a SQL injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Atmail
 CVE-2024-24131 (SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cro ...)
-	TODO: check
+	NOT-FOR-US: SuperWebMailer
 CVE-2024-24130 (Mail2World v12 Business Control Center was discovered to contain a ref ...)
-	TODO: check
+	NOT-FOR-US: Mail2World v12 Business Control Center
 CVE-2024-23806 (Sensitive data can be extracted from HID iCLASS SE reader configuratio ...)
 	TODO: check
 CVE-2024-23769 (Improper privilege control for the named pipe in Samsung Magician PC S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2700b72c6e5b81250ebef284772df5dd9e9921

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2700b72c6e5b81250ebef284772df5dd9e9921
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240207/ff4f99ea/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list