[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 3 08:28:57 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a92b819c by Salvatore Bonaccorso at 2024-01-03T09:28:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the M
 CVE-2024-21629 (Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a  ...)
 	TODO: check
 CVE-2024-21628 (PrestaShop is an open-source e-commerce platform. Prior to version 8.1 ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versions 8. ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...)
 	TODO: check
 CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...)
@@ -23,43 +23,43 @@ CVE-2024-0196 (A vulnerability has been found in Magic-Api up to 2.0.1 and class
 CVE-2024-0195 (A vulnerability, which was classified as critical, was found in spider ...)
 	TODO: check
 CVE-2024-0194 (A vulnerability, which was classified as critical, has been found in C ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Internet Banking System
 CVE-2023-7027 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6986 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6981 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6980 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6629 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6600 (The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6524 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6339 (Google Nest WiFi Pro root code-execution & user-data compromise)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50922 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers wh ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet devices
 CVE-2023-50351 (HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotati ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50350 (HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50348 (HCL DRYiCE MyXalytics is impacted by an improper error handling vulner ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50346 (HCL DRYiCE MyXalytics is impacted by an information disclosure vulnera ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50345 (HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability wh ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50344 (HCL DRYiCE MyXalytics is impacted by improper access control (Unauthen ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50343 (HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Contr ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Referen ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to cras ...)
 	TODO: check
 CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registrat ...)
@@ -89,9 +89,9 @@ CVE-2023-49549 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause
 CVE-2023-48418 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a  ...)
 	TODO: check
 CVE-2023-47473 (Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_a ...)
-	TODO: check
+	NOT-FOR-US: fuwushe.org iFair
 CVE-2023-47458 (An issue in SpringBlade v.3.7.0 and before allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: SpringBlade
 CVE-2023-46308 (In Plotly plotly.js before 2.25.2, plot API calls have a risk of __pro ...)
 	TODO: check
 CVE-2023-45893 (An indirect Object Reference (IDOR) in the Order and Invoice pages in  ...)
@@ -99,23 +99,23 @@ CVE-2023-45893 (An indirect Object Reference (IDOR) in the Order and Invoice pag
 CVE-2023-45892 (An issue discovered in the Order and Invoice pages in Floorsight Insig ...)
 	TODO: check
 CVE-2023-45724 (HCL DRYiCE MyXalytics product is impacted by unauthenticated file uplo ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-45723 (HCL DRYiCE MyXalytics is impacted by path traversal vulnerability whic ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-45722 (HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file rea ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-45561 (An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: A-WORLD OIRASE BEER_waiting Line
 CVE-2023-42358 (An issue was discovered in O-RAN Software Community ric-plt-e2mgr in t ...)
 	TODO: check
 CVE-2023-41783 (There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-41780 (There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-41779 (There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI  ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2023-41776 (There is a local privilege escalation vulnerability of ZTE's ZXCLOUD i ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2024-0193 (A use-after-free flaw was found in the netfilter subsystem of the Linu ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.69-1
@@ -231742,11 +231742,11 @@ CVE-2020-26627
 CVE-2020-26626
 	RESERVED
 CVE-2020-26625 (A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and ea ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2020-26624 (A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and ea ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2020-26623 (SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2020-26622
 	RESERVED
 CVE-2020-26621



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92b819cde2e3f47be498a5899a5f3ad402425f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92b819cde2e3f47be498a5899a5f3ad402425f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240103/03701bd7/attachment.htm>

More information about the debian-security-tracker-commits mailing list