[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 20 20:50:56 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99121d70 by Salvatore Bonaccorso at 2024-02-20T21:50:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2024-26270 (The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-26268 (User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.2 ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-26267 (In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versio ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-26265 (The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, an ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-26135 (MeshCentral is a full computer management web site. Versions prior to  ...)
-	TODO: check
+	NOT-FOR-US: MeshCentral
 CVE-2024-26132 (Element Android is an Android Matrix Client. A third-party malicious a ...)
 	TODO: check
 CVE-2024-26131 (Element Android is an Android Matrix Client. Element Android version 1 ...)
@@ -17,23 +17,23 @@ CVE-2024-25631 (Cilium is a networking, observability, and security solution wit
 CVE-2024-25630 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
 CVE-2024-25610 (In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versio ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25609 (HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25608 (HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25607 (The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay P ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25606 (XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older u ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25605 (The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25604 (Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions,  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25366 (Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0  ...)
 	TODO: check
 CVE-2024-25274 (An arbitrary file upload vulnerability in the component /sysFile/uploa ...)
-	TODO: check
+	NOT-FOR-US: Novel-Plus
 CVE-2024-25262 (texlive-bin commit c515e was discovered to contain heap buffer overflo ...)
 	TODO: check
 CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer dereference v ...)
@@ -47,13 +47,13 @@ CVE-2024-25197 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble
 CVE-2024-25196 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...)
 	TODO: check
 CVE-2024-25150 (Information disclosure vulnerability in the Control Panel in Liferay P ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-24794 (A use-after-free vulnerability exists in the DICOM Element Parsing as  ...)
 	TODO: check
 CVE-2024-24793 (A use-after-free vulnerability exists in the DICOM Element Parsing as  ...)
 	TODO: check
 CVE-2024-24763 (JumpServer is an open source bastion host and an operation and mainten ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2024-24475 (An issue in Qemu before v.8.2.0 allows a remote attacker to execute ar ...)
 	TODO: check
 CVE-2024-24474 (Buffer Overflow vulnerability in Qemu before v.8.2.0 allows a remote a ...)
@@ -69,11 +69,11 @@ CVE-2024-23310 (A use-after-free vulnerability exists in the sopen_FAMOS_read fu
 CVE-2024-23305 (An out-of-bounds write vulnerability exists in the BrainVisionMarker P ...)
 	TODO: check
 CVE-2024-22824 (An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Timo
 CVE-2024-22250 (Session Hijack vulnerability in Deprecated VMware Enhanced Authenticat ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-22245 (Arbitrary Authentication Relay and Session Hijack vulnerabilities in t ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-22097 (A double-free vulnerability exists in the BrainVision Header Parsing f ...)
 	TODO: check
 CVE-2024-22054 (A malformed discovery packet sent by a malicious actor with preexistin ...)
@@ -83,21 +83,21 @@ CVE-2024-21812 (An integer overflow vulnerability exists in the sopen_FAMOS_read
 CVE-2024-21795 (A heap-based buffer overflow vulnerability exists in the .egi parsing  ...)
 	TODO: check
 CVE-2024-21726 (Inadequate content filtering leads to XSS vulnerabilities in various c ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2024-21725 (Inadequate escaping of mail addresses lead to XSS vulnerabilities in v ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2024-21724 (Inadequate input validation for media selection fields lead to XSS vul ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2024-21723 (Inadequate parsing of URLs could result into an open redirect.)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2024-21722 (The MFA management features did not properly terminate existing user s ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2024-21682 (This High severity Injection vulnerability was introduced in Assets Di ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2024-21678 (This High severity Stored XSS vulnerability was introduced in version  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2024-1661 (A vulnerability classified as problematic was found in Totolink X6000R ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2024-1608 (In OPPO Usercenter Credit SDK, there's a possible escalation of privil ...)
 	TODO: check
 CVE-2024-1586 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99121d704558a0d91586836fcc5c03d2c8cef49e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99121d704558a0d91586836fcc5c03d2c8cef49e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240220/e8ff0484/attachment.htm>

More information about the debian-security-tracker-commits mailing list