[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 30 12:13:59 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e720f78 by Salvatore Bonaccorso at 2024-01-30T13:13:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,54 +3,54 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyn
 CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
 	TODO: check
 CVE-2024-22938 (Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local a ...)
-	TODO: check
+	NOT-FOR-US: BossCMS
 CVE-2024-22682 (DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: DuckDB
 CVE-2024-22648 (A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionali ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2024-22647 (An user enumeration vulnerability was found in SEO Panel 4.10.0. This  ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2024-22646 (An email address enumeration vulnerability exists in the password rese ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2024-22643 (A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version ...)
-	TODO: check
+	NOT-FOR-US: SEO Panel
 CVE-2024-21840 (Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-21803 (Use After Free vulnerability in Linux Linux kernel kernel on Linux, x8 ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8081
 CVE-2024-21488 (Versions of the package network before 0.7.0 are vulnerable to Arbitra ...)
 	TODO: check
 CVE-2024-1029 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as  ...)
-	TODO: check
+	NOT-FOR-US: Cogites eReserv
 CVE-2024-1028 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Facebook News Feed Like
 CVE-2024-1027 (A vulnerability, which was classified as critical, was found in Source ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Facebook News Feed Like
 CVE-2024-1026 (A vulnerability was found in Cogites eReserv 7.7.58 and classified as  ...)
-	TODO: check
+	NOT-FOR-US: Cogites eReserv
 CVE-2024-1024 (A vulnerability has been found in SourceCodester Facebook News Feed Li ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Facebook News Feed Like
 CVE-2024-1022 (A vulnerability, which was classified as problematic, was found in Cod ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Simple Student Result Management System
 CVE-2024-1021 (A vulnerability, which was classified as critical, has been found in R ...)
 	TODO: check
 CVE-2024-1020 (A vulnerability classified as problematic was found in Rebuild up to 3 ...)
 	TODO: check
 CVE-2023-7225 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-5372 (The post-authentication command injection vulnerability in Zyxel NAS32 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2023-52071 (tiny-curl-8_4_0 , curl-8_4_0 and curl-8_5_0 were discovered to contain ...)
 	TODO: check
 CVE-2023-51982 (CrateDB 5.5.1 is contains an authentication bypass vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: CrateDB
 CVE-2023-51843 (react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as h ...)
 	TODO: check
 CVE-2023-51837 (Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Va ...)
-	TODO: check
+	NOT-FOR-US: Ylianst MeshCentral
 CVE-2023-51813 (Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source In ...)
-	TODO: check
+	NOT-FOR-US: Free Open-Source Inventory Management System
 CVE-2023-4554 (Improper Restriction of XML External Entity Reference vulnerability in ...)
 	TODO: check
 CVE-2023-4553 (Improper Input Validation vulnerability in OpenText AppBuilder on Wind ...)
@@ -62,7 +62,7 @@ CVE-2023-4551 (Improper Input Validation vulnerability in OpenText AppBuilder on
 CVE-2023-4550 (Improper Input Validation, Files or Directories Accessible to External ...)
 	TODO: check
 CVE-2023-49038 (Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allo ...)
-	TODO: check
+	NOT-FOR-US: Buffalo
 CVE-2023-45930
 	REJECTED
 CVE-2023-45928
@@ -190,7 +190,7 @@ CVE-2023-5956 (The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise
 CVE-2023-5943 (The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5378 (Improper Input Validation vulnerability in  MegaBIP and already unsupp ...)
-	TODO: check
+	NOT-FOR-US: MegaBIPMegaBIP (and SmodBIP) software
 CVE-2023-5124 (The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prev ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51842 (An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1 ...)
@@ -198,7 +198,7 @@ CVE-2023-51842 (An algorithm-downgrade issue was discovered in Ylianst MeshCentr
 CVE-2023-51840 (DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.)
 	NOT-FOR-US: DoraCMS
 CVE-2023-51839 (DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptogr ...)
-	TODO: check
+	NOT-FOR-US: DeviceFarmer stf
 CVE-2023-46050
 	REJECTED
 CVE-2023-45932



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e720f780da4b2ef53d8fafd3d05fd196764719f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e720f780da4b2ef53d8fafd3d05fd196764719f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240130/2423623e/attachment.htm>

More information about the debian-security-tracker-commits mailing list