[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 19 06:33:51 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98146075 by Salvatore Bonaccorso at 2024-02-19T07:33:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2024-25628 (Alf.io is a free and open source event attendance management system. I ...)
-	TODO: check
+	NOT-FOR-US: Alf.io
 CVE-2024-25627 (Alf.io is a free and open source event attendance management system. A ...)
-	TODO: check
+	NOT-FOR-US: Alf.io
 CVE-2024-25468 (An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote at ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2024-25298 (An issue was discovered in REDAXO version 5.15.1, allows attackers to  ...)
@@ -30,11 +30,11 @@ CVE-2024-22336 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak f
 CVE-2024-22335 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...)
 	NOT-FOR-US: IBM
 CVE-2024-21987 (SnapCenter versions 4.8 prior to 5.0 are susceptible to a  vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2024-21984 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8  ar ...)
-	TODO: check
+	NOT-FOR-US: StorageGRID
 CVE-2024-21983 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8  ar ...)
-	TODO: check
+	NOT-FOR-US: StorageGRID
 CVE-2024-21500 (All versions of the package github.com/greenpau/caddy-security are vul ...)
 	TODO: check
 CVE-2024-21499 (All versions of the package github.com/greenpau/caddy-security are vul ...)
@@ -54,59 +54,59 @@ CVE-2024-21493 (All versions of the package github.com/greenpau/caddy-security a
 CVE-2024-21492 (All versions of the package github.com/greenpau/caddy-security are vul ...)
 	TODO: check
 CVE-2024-20986 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20980 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20958 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20956 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20953 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20951 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20949 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20947 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20943 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20941 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20939 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20937 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20935 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20933 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20929 (Vulnerability in the Oracle Application Object Library product of Orac ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20927 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20917 (Vulnerability in the Oracle Enterprise Manager Base Platform product o ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20915 (Vulnerability in the Oracle Application Object Library product of Orac ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20913 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20911 (Vulnerability in Oracle Audit Vault and Database Firewall (component:  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20909 (Vulnerability in Oracle Audit Vault and Database Firewall (component:  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20907 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20905 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-20903 (Vulnerability in the Java VM component of Oracle Database Server.  Sup ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2024-1512 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Edu ...)
-	TODO: check
+	NOT-FOR-US: WordPress Plugin
 CVE-2024-0610 (The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress Plugin
 CVE-2023-6749 (Unchecked length coming from user input in settings shell)
 	TODO: check
 CVE-2023-6249 (Signed to unsigned conversion esp32_ipm_send)
@@ -114,63 +114,63 @@ CVE-2023-6249 (Signed to unsigned conversion esp32_ipm_send)
 CVE-2023-5779 (can: out of bounds in remove_rx_filter function)
 	TODO: check
 CVE-2023-52387 (Resource reuse vulnerability in the GPU module. Successful exploitatio ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52381 (Script injection vulnerability in the email module.Successful exploita ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52380 (Vulnerability of improper access control in the email module.Successfu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52379 (Permission control vulnerability in the calendarProvider module.Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52378 (Vulnerability of incorrect service logic in the WindowManagerServices  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52377 (Vulnerability of input data not being verified in the cellular data mo ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52376 (Information management vulnerability in the Gallery module.Successful  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52375 (Permission control vulnerability in the WindowManagerServices module.S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52374 (Permission control vulnerability in the package management module.Succ ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52373 (Vulnerability of permission verification in the content sharing pop-up ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52372 (Vulnerability of input parameter verification in the motor module.Succ ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52371 (Vulnerability of null references in the motor module.Successful exploi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52370 (Stack overflow vulnerability in the network acceleration module.Succes ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52369 (Stack overflow vulnerability in the NFC module.Successful exploitation ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52368 (Input verification vulnerability in the account module.Successful expl ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52367 (Vulnerability of improper access control in the media library module.S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52366 (Out-of-bounds read vulnerability in the smart activity recognition mod ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52365 (Out-of-bounds read vulnerability in the smart activity recognition mod ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52363 (Vulnerability of defects introduced in the design process in the Contr ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52362 (Permission management vulnerability in the lock screen module.Successf ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52361 (The VerifiedBoot module has a vulnerability that may cause authenticat ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52360 (Logic vulnerabilities in the baseband.Successful exploitation of this  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52358 (Vulnerability of configuration defects in some APIs of the audio modul ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52357 (Vulnerability of serialization/deserialization mismatch in the vibrati ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-52097 (Vulnerability of foreground service restrictions being bypassed in the ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-50951 (IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Sec ...)
 	NOT-FOR-US: IBM
 CVE-2023-45918 (ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinf ...)
 	TODO: check
 CVE-2023-31728 (Teltonika RUT240 devices with firmware before 07.04.2, when bridge mod ...)
-	TODO: check
+	NOT-FOR-US: Teltonika RUT240 devices
 CVE-2022-48621 (Vulnerability of missing authentication for critical functions in the  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-25466 (Directory Traversal vulnerability in React Native Document Picker befo ...)
 	NOT-FOR-US: React Native Document Picker
 CVE-2024-25320 (Tongda OA v2017 and up to v11.9 was discovered to contain a SQL inject ...)
@@ -75762,7 +75762,7 @@ CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
 CVE-2023-21834 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...)
 	NOT-FOR-US: Oracle
 CVE-2023-21833 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2023-21832 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
 	NOT-FOR-US: Oracle
 CVE-2023-21831 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/981460756a021965a34276d147ccb8710941392d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/981460756a021965a34276d147ccb8710941392d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240219/c6ad8eb3/attachment.htm>

More information about the debian-security-tracker-commits mailing list