[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 9 10:03:39 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3318b31d by Moritz Muehlenhoff at 2024-02-09T11:03:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,101 +1,101 @@
 CVE-2024-25107 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension
 CVE-2024-25106 (OpenObserve is a observability platform built specifically for logs, m ...)
-	TODO: check
+	NOT-FOR-US: OpenObserve
 CVE-2024-25004 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...)
-	TODO: check
+	NOT-FOR-US: KiTTY
 CVE-2024-25003 (KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buf ...)
-	TODO: check
+	NOT-FOR-US: KiTTY
 CVE-2024-24830 (OpenObserve is a observability platform built specifically for logs, m ...)
-	TODO: check
+	NOT-FOR-US: OpenObserve
 CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform. Sentr ...)
-	TODO: check
+	NOT-FOR-US: Sentry
 CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...)
-	TODO: check
+	NOT-FOR-US: DIRAC
 CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...)
 	TODO: check
 CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...)
-	TODO: check
+	NOT-FOR-US: Icinga Director
 CVE-2024-24819 (icingaweb2-module-incubator is a working project of bleeding edge Icin ...)
-	TODO: check
+	NOT-FOR-US: icingaweb2-module-incubator
 CVE-2024-24499 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Employee Management System
 CVE-2024-24498 (Unrestricted File Upload vulnerability in Employee Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: Employee Management System
 CVE-2024-24497 (SQL Injection vulnerability in Employee Management System v.1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Employee Management System
 CVE-2024-24496 (An issue in Daily Habit Tracker v.1.0 allows a remote attacker to mani ...)
-	TODO: check
+	NOT-FOR-US: Daily Habit Tracker
 CVE-2024-24495 (SQL Injection vulnerability in delete-tracker.php in Daily Habit Track ...)
-	TODO: check
+	NOT-FOR-US: Daily Habit Tracker
 CVE-2024-24494 (Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Daily Habit Tracker
 CVE-2024-24393 (File Upload vulnerability index.php in Pichome v.1.1.01 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: Pichome
 CVE-2024-24308 (SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module f ...)
-	TODO: check
+	NOT-FOR-US: Boostmyshop
 CVE-2024-23756 (The HTTP PUT and DELETE methods are enabled in the Plone official Dock ...)
-	TODO: check
+	NOT-FOR-US: Plone Docker image
 CVE-2024-23749 (KiTTY versions 0.76.1.13 and before is vulnerable to command injection ...)
-	TODO: check
+	NOT-FOR-US: KiTTY
 CVE-2024-23639 (Micronaut Framework is a modern, JVM-based, full stack Java framework  ...)
-	TODO: check
+	NOT-FOR-US: Micronaut Framework
 CVE-2024-22332 (The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vul ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-22318 (IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 th ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-1353 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PHPEMS
 CVE-2024-1122 (The Event Manager, Events Calendar, Events Tickets for WooCommerce \u2 ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2024-0842 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0657 (The Internal Link Juicer: SEO Auto Linker for WordPress plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51761 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
-	TODO: check
+	NOT-FOR-US: Emerson Rosemount
 CVE-2023-51630 (Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypa ...)
-	TODO: check
+	NOT-FOR-US: Paessler PRTG Network Monitor
 CVE-2023-50026 (SQL injection vulnerability in Presta Monster "Multi Accessories Pro"  ...)
-	TODO: check
+	NOT-FOR-US: Presta
 CVE-2023-49716 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authe ...)
-	TODO: check
+	NOT-FOR-US: Emerson Rosemount
 CVE-2023-49101 (WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and ...)
-	TODO: check
+	NOT-FOR-US: Axigen
 CVE-2023-47132 (An issue discovered in N-able N-central before 2023.6 and earlier allo ...)
-	TODO: check
+	NOT-FOR-US: N-able
 CVE-2023-47131 (The N-able PassPortal extension before 3.29.2 for Chrome inserts sensi ...)
-	TODO: check
+	NOT-FOR-US: N-able
 CVE-2023-46687 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
-	TODO: check
+	NOT-FOR-US: Emerson Rosemount
 CVE-2023-46350 (SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier  ...)
-	TODO: check
+	NOT-FOR-US: InnovaDeluxe
 CVE-2023-45191 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequ ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-45190 (IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-45187 (IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 do ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-43609 (In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unaut ...)
-	TODO: check
+	NOT-FOR-US: Emerson Rosemount
 CVE-2023-42016 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-40266 (An issue was discovered in Atos Unify OpenScape Xpressions WebAssistan ...)
-	TODO: check
+	NOT-FOR-US: Atos Unify
 CVE-2023-40265 (An issue was discovered in Atos Unify OpenScape Xpressions WebAssistan ...)
-	TODO: check
+	NOT-FOR-US: Atos Unify
 CVE-2023-40264 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
-	TODO: check
+	NOT-FOR-US: Atos Unify
 CVE-2023-40263 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
-	TODO: check
+	NOT-FOR-US: Atos Unify
 CVE-2023-40262 (An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 ...)
-	TODO: check
+	NOT-FOR-US: Atos Unify
 CVE-2023-39683 (Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and bef ...)
-	TODO: check
+	NOT-FOR-US: EasyEmail
 CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 throug ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2023-4639 [Cookie Smuggling/Spoofing]
 	- undertow <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
@@ -109,9 +109,9 @@ CVE-2023-3966 [Invalid memory access in Geneve with HW offload]
 	NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/b8657dada9641fbd2bd3a3f882e0862448d60910 (v2.17.9)
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html
 CVE-2024-25191 (php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authe ...)
-	TODO: check
+	- php-jwt <removed>
 CVE-2024-25190 (l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authe ...)
-	TODO: check
+	NOT-FOR-US: l8w8jwt
 CVE-2024-25189 (libjwt 1.15.3 uses strcmp (which is not constant time) to verify authe ...)
 	TODO: check
 CVE-2024-24886 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -139,7 +139,7 @@ CVE-2024-24321 (An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker
 CVE-2024-24215 (An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web ...)
 	NOT-FOR-US: Cellinx NVT Web Server
 CVE-2024-24213 (Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: Supabase
 CVE-2024-24115 (A stored cross-site scripting (XSS) vulnerability in the Edit Page fun ...)
 	NOT-FOR-US: Cotonti CMS
 CVE-2024-24113 (xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerabilit ...)
@@ -151,7 +151,7 @@ CVE-2024-23764 (Certain WithSecure products allow Local Privilege Escalation. Th
 CVE-2024-23660 (The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844f ...)
 	NOT-FOR-US: Binance Trust Wallet app for iOS
 CVE-2024-23452 (Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1. ...)
-	TODO: check
+	NOT-FOR-US: Apache bRPC
 CVE-2024-22836 (An OS command injection vulnerability exists in Akaunting v3.1.3 and e ...)
 	NOT-FOR-US: Akaunting
 CVE-2024-22795 (Insecure Permissions vulnerability in Forescout SecureConnector v.11.3 ...)
@@ -240,7 +240,7 @@ CVE-2024-24014 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 an
 CVE-2024-24003 (jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller ...)
 	NOT-FOR-US: jshERP
 CVE-2024-23448 (An issue was discovered whereby APM Server could log at ERROR level, a ...)
-	TODO: check
+	NOT-FOR-US: Elastic
 CVE-2024-22394 (An improper authentication vulnerability has been identified in SonicW ...)
 	NOT-FOR-US: SonicWall
 CVE-2024-0511 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318b31d4e27e13f283affe53f96fce7b0684427

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3318b31d4e27e13f283affe53f96fce7b0684427
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240209/ec7f26f8/attachment.htm>


More information about the debian-security-tracker-commits mailing list