[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 10 08:45:57 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51741398 by Salvatore Bonaccorso at 2024-02-10T09:45:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Sp ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension
 CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an executables. Any ...)
 	TODO: check
 CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24717 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24713 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When PPv2 is en ...)
 	TODO: check
 CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy crashes i ...)
@@ -31,27 +31,27 @@ CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framewo
 CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...)
 	TODO: check
 CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been decl ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2024-1405 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been clas ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2024-1404 (A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2024-0596 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0595 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0594 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50349 (Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Sametime Proxy application
 CVE-2023-45718 (Sametime is impacted by a failure to invalidate sessions.  The applica ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-45716 (Sametime is impacted by sensitive information passed in URL.)
-	TODO: check
+	NOT-FOR-US: HCL / Sametime application
 CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in Outlook add ...)
-	TODO: check
+	NOT-FOR-US: HCL / Sametime application
 CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete enabled in  ...)
-	TODO: check
+	NOT-FOR-US: HCL / Sametime application
 CVE-2024-XXXX [potential information disclosure vulnerability]
 	- diffoscope 256
 	NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
@@ -139,11 +139,11 @@ CVE-2024-1246 (Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected
 CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS in file ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2023-6724 (Authorization Bypass Through User-Controlled Key vulnerability in Soft ...)
-	TODO: check
+	NOT-FOR-US: Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System
 CVE-2023-6716
 	REJECTED
 CVE-2023-6677 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Oduyo Financial Technology Online Collection
 CVE-2023-50386 (Improper Control of Dynamically-Managed Code Resources, Unrestricted U ...)
 	TODO: check
 CVE-2023-50298 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -53206,7 +53206,7 @@ CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure
 CVE-2023-28078
 	RESERVED
 CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 cont ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...)
 	NOT-FOR-US: Dell
 CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5174139895beed8852ddf4179efb3538f23bb85a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5174139895beed8852ddf4179efb3538f23bb85a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240210/a78f16b7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list