[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 16 21:21:03 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e915d062 by Salvatore Bonaccorso at 2024-01-16T22:20:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2024-22626 (Complete Supplier Management System v1.0 is vulnerable to SQL In
 CVE-2024-22625 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...)
 	NOT-FOR-US: Complete Supplier Management System
 CVE-2024-22491 (A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 all ...)
-	TODO: check
+	NOT-FOR-US: beetl-bbs
 CVE-2024-0599 (A vulnerability was found in Jspxcms 10.2.0. It has been declared as p ...)
 	NOT-FOR-US: Jspxcms
 CVE-2024-0584 (A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp. ...)
@@ -69,7 +69,7 @@ CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malfor
 	NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html
 	NOTE: Issue exists because of incomplete fix for CVE-2023-5981
 CVE-2024-0507 (An attacker with access to a Management Console user account with the  ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2024-0239 (The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0238 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
@@ -83,7 +83,7 @@ CVE-2024-0235 (The EventON WordPress plugin before 4.5.5, EventON WordPress plug
 CVE-2024-0233 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0200 (An unsafe reflection vulnerability was identified in GitHub Enterprise ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2024-0187 (The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7234 (OPCUAServerToolkit will write a log message once an OPC UA client has  ...)
@@ -109,7 +109,7 @@ CVE-2023-6592 (The FastDup WordPress plugin before 2.2 does not prevent director
 CVE-2023-6373 (The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6336 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
-	TODO: check
+	NOT-FOR-US: HYPR
 CVE-2023-6335 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
 	NOT-FOR-US: HYPR
 CVE-2023-6334 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
@@ -157,7 +157,7 @@ CVE-2023-52098 (Denial of Service (DoS) vulnerability in the DMS module. Success
 CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows a ...)
 	NOT-FOR-US: Totolink
 CVE-2023-51381 (Cross-site Scripting in thetag name pattern field in the tag protectio ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel (even fro ...)
 	TODO: check
 CVE-2023-4797 (The Newsletters WordPress plugin before 4.9.3 does not properly escape ...)
@@ -283,7 +283,7 @@ CVE-2024-21673 (This High severity Remote Code Execution (RCE) vulnerability was
 CVE-2024-21672 (This High severity Remote Code Execution (RCE) vulnerability was intro ...)
 	NOT-FOR-US: Atlassian Confluence Data Center and Server
 CVE-2023-7206 (In Horner Automation Cscape versions 9.90 SP10 and prior, local attack ...)
-	TODO: check
+	NOT-FOR-US: Horner Automation
 CVE-2023-6457 (Incorrect Default Permissions vulnerability in Hitachi Tuning Manager  ...)
 	NOT-FOR-US: Hitachi
 CVE-2023-52113 (launchAnyWhere vulnerability in the ActivityManagerService module. Suc ...)
@@ -482,7 +482,7 @@ CVE-2024-0522 (A vulnerability was found in Allegro RomPager 4.01. It has been c
 CVE-2023-48383 (NetVision  Information    airPASS has a path traversal vulnerability w ...)
 	NOT-FOR-US: NetVision
 CVE-2020-36770 (pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessar ...)
-	TODO: check
+	NOT-FOR-US: Gentoo (ebuild for Slurm)
 CVE-2024-0510 (A vulnerability, which was classified as critical, has been found in H ...)
 	NOT-FOR-US: HaoKeKeJi YiQiNiu
 CVE-2024-0505 (A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e915d062b5028a47be8c29aae1a6be46d48b0201

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e915d062b5028a47be8c29aae1a6be46d48b0201
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240116/9b4e94cb/attachment.htm>

More information about the debian-security-tracker-commits mailing list