[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sun Feb 11 20:21:56 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
daef7225 by Salvatore Bonaccorso at 2024-02-11T21:21:15+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2024-25722 (qanything_kernel/connector/database/mysql/mysql_client.py in qanything ...)
-	TODO: check
+	NOT-FOR-US: qanything.ai QAnything
 CVE-2024-25718 (In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_as ...)
-	TODO: check
+	NOT-FOR-US: Samly
 CVE-2024-25715 (Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redi ...)
 	TODO: check
 CVE-2024-25714 (In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp  ...)
@@ -11,21 +11,21 @@ CVE-2024-25713 (yyjson through 0.8.0 has a double free, leading to remote code e
 CVE-2024-25712 (http-swagger before 1.2.6 allows XSS via PUT requests, because a file  ...)
 	TODO: check
 CVE-2024-23724 (Ghost through 5.76.0 allows stored XSS, and resultant privilege escala ...)
-	TODO: check
+	NOT-FOR-US: Ghost CMS
 CVE-2024-21875 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Team Hacker Hotel Badge
 CVE-2024-1432 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceL ...)
-	TODO: check
+	NOT-FOR-US: DeepFaceLab
 CVE-2024-1431 (A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and cla ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-1430 (A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 an ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-1151 (A vulnerability was reported in the Open vSwitch sub-component in the  ...)
 	TODO: check
 CVE-2023-52428 (In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a d ...)
-	TODO: check
+	NOT-FOR-US: Connect2id Nimbus JOSE+JWT
 CVE-2023-52427 (In OpenDDS through 3.27, there is a segmentation fault for a DataWrite ...)
-	TODO: check
+	NOT-FOR-US: OpenDDS
 CVE-2024-23517 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-23516 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daef72252b811b1fb1224f9946d9dc16488b3525

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daef72252b811b1fb1224f9946d9dc16488b3525
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240211/94243fc7/attachment-0001.htm>
