[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 21 12:50:50 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3d9a732 by Moritz Muehlenhoff at 2024-02-21T13:50:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,11 +5,11 @@ CVE-2024-26266 (Multiple stored cross-site scripting (XSS) vulnerabilities in Li
 CVE-2024-26140 (com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to v ...)
 	NOT-FOR-US: Yet Analytics Core LRS Library
 CVE-2024-26136 (kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4 ...)
-	TODO: check
+	NOT-FOR-US: kedi ElectronCord
 CVE-2024-25905 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi  ...)
 	NOT-FOR-US: Mondula GmbH Multi Step Form
 CVE-2024-25904 (Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMC ...)
-	TODO: check
+	NOT-FOR-US: TinyMCE addon
 CVE-2024-25603 (Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Ma ...)
 	NOT-FOR-US: Liferay
 CVE-2024-25602 (Stored cross-site scripting (XSS) vulnerability in Users Admin module' ...)
@@ -47,17 +47,17 @@ CVE-2024-23758 (An issue discovered in Unisys Stealth 5.3.062.0 allows attackers
 CVE-2024-22235 (VMware Aria Operations contains a local privilege escalation vulnerabi ...)
 	NOT-FOR-US: VMware
 CVE-2024-1631 (Impact: The library offers a function to generate an ed25519 key pair  ...)
-	TODO: check
+	NOT-FOR-US: agent-js
 CVE-2024-1562 (The WooCommerce Google Sheet Connector plugin for WordPress is vulnera ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1501 (The Database Reset plugin for WordPress is vulnerable to Cross-Site Re ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1108 (The Plugin Groups plugin for WordPress is vulnerable to unauthorized m ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1081 (The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0593 (The Simple Job Board plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52442 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.5.3-1
 	[bookworm] - linux 6.1.55-1
@@ -79,69 +79,69 @@ CVE-2023-52440 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2023-50923 (In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) ...)
 	TODO: check
 CVE-2023-49034 (Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a  ...)
-	TODO: check
+	NOT-FOR-US: ProjeQtOr
 CVE-2023-47422 (An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.5 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-46967 (Cross Site Scripting vulnerability in the sanitize function in Enhance ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2023-42953 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42952 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42951 (The issue was addressed with improved handling of caches. This issue i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42946 (This issue was addressed with improved redaction of sensitive informat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42945 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42942 (This issue was addressed with improved handling of symlinks. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42939 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42928 (The issue was addressed with improved bounds checks. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42889 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42878 (A privacy issue was addressed with improved private data redaction for ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42877 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42873 (The issue was addressed with improved bounds checks. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42860 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42859 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42858 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42855 (This issue was addressed with improved state management. This issue is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42853 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42848 (The issue was addressed with improved bounds checks. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42843 (An inconsistent user interface issue was addressed with improved state ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42840 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42839 (This issue was addressed with improved state management. This issue is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42838 (An access issue was addressed with improvements to the sandbox. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42836 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42835 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42834 (A privacy issue was addressed with improved handling of files. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42823 (The issue was resolved by sanitizing logging This issue is fixed in wa ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2023-42498 (Reflected cross-site scripting (XSS) vulnerability in the Language Ove ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2023-42496 (Reflected cross-site scripting (XSS) vulnerability on the add assignee ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2023-40191 (Reflected cross-site scripting (XSS) vulnerability in the instance set ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-1676 (Inappropriate implementation in Navigation in Google Chrome prior to 1 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -189,9 +189,9 @@ CVE-2024-26265 (The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.
 CVE-2024-26135 (MeshCentral is a full computer management web site. Versions prior to  ...)
 	NOT-FOR-US: MeshCentral
 CVE-2024-26132 (Element Android is an Android Matrix Client. A third-party malicious a ...)
-	TODO: check
+	NOT-FOR-US: Element Android
 CVE-2024-26131 (Element Android is an Android Matrix Client. Element Android version 1 ...)
-	TODO: check
+	NOT-FOR-US: Element Android
 CVE-2024-25631 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
 CVE-2024-25630 (Cilium is a networking, observability, and security solution with an e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3d9a7322b1800470c0174dfa7a6d43e64b058c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3d9a7322b1800470c0174dfa7a6d43e64b058c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240221/f04fc110/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list