[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 30 20:35:58 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
756177dc by Salvatore Bonaccorso at 2024-01-30T21:35:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,107 +1,107 @@
CVE-2024-24565 (CrateDB is a distributed SQL database that makes it simple to store an ...)
TODO: check
CVE-2024-24558 (TanStack Query supplies asynchronous state management, server-state ut ...)
- TODO: check
+ NOT-FOR-US: TanStack Query
CVE-2024-24556 (urql is a GraphQL client that exposes a set of helpers for several fra ...)
TODO: check
CVE-2024-24333 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24332 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24331 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24330 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24329 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24328 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24327 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24326 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24325 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-24324 (TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hard ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-23841 (apollo-client-nextjs is the Apollo Client support for the Next.js App ...)
TODO: check
CVE-2024-23840 (GoReleaser builds Go binaries for several platforms, creates a GitHub ...)
TODO: check
CVE-2024-23838 (TrueLayer.NET is the .Net client for TrueLayer. The vulnerability cou ...)
- TODO: check
+ NOT-FOR-US: TrueLayer.NET
CVE-2024-23825 (TablePress is a table plugin for Wordpress. For importing tables, Tabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23647 (Authentik is an open-source Identity Provider. There is a bug in our i ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2024-22894 (An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-90 ...)
- TODO: check
+ NOT-FOR-US: AIT-Deutschland Alpha Innotec Heatpumps
CVE-2024-22523 (Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and b ...)
- TODO: check
+ NOT-FOR-US: Qiyu iFair
CVE-2024-22200 (vantage6-UI is the User Interface for vantage6. The docker image used ...)
- TODO: check
+ NOT-FOR-US: vantage6-UI
CVE-2024-22193 (The vantage6 technology enables to manage and deploy privacy enhancing ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-21671 (The vantage6 technology enables to manage and deploy privacy enhancing ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-21653 (The vantage6 technology enables to manage and deploy privacy enhancing ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-21649 (The vantage6 technology enables to manage and deploy privacy enhancing ...)
- TODO: check
+ NOT-FOR-US: vantage6
CVE-2024-21388 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-1063 (Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF ...)
TODO: check
CVE-2024-1061 (The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1036 (A vulnerability was found in openBI up to 1.0.8 and classified as crit ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1035 (A vulnerability has been found in openBI up to 1.0.8 and classified as ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1034 (A vulnerability, which was classified as critical, was found in openBI ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1033 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1032 (A vulnerability classified as critical was found in openBI up to 1.0.8 ...)
- TODO: check
+ NOT-FOR-US: openBI
CVE-2024-1031 (A vulnerability was found in CodeAstro Expense Management System 1.0. ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Expense Management System
CVE-2024-1030 (A vulnerability was found in Cogites eReserv 7.7.58. It has been class ...)
- TODO: check
+ NOT-FOR-US: Cogites eReserv
CVE-2024-1019 (ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypa ...)
TODO: check
CVE-2024-0676 (Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro ...)
- TODO: check
+ NOT-FOR-US: Lamassu Bitcoin ATM Douro machines
CVE-2024-0675 (Vulnerability of improper checking for unusual or exceptional conditio ...)
- TODO: check
+ NOT-FOR-US: Lamassu Bitcoin ATM Douro machines
CVE-2024-0674 (Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machin ...)
- TODO: check
+ NOT-FOR-US: Lamassu Bitcoin ATM Douro machines
CVE-2024-0564 (A flaw was found in the Linux kernel's memory deduplication mechanism. ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2258514
CVE-2023-6943 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe ...)
TODO: check
CVE-2023-6942 (Missing Authentication for Critical Function vulnerability in Mitsubis ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-6374 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-6258 (A security vulnerability has been identified in the pkcs11-provider, w ...)
- pkcs11-provider 0.3-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2251062
NOTE: https://github.com/latchset/pkcs11-provider/pull/308
NOTE: https://github.com/latchset/pkcs11-provider/commit/de52d24c1b4b0bdc3a49a23db0f3231e209c3c68 (v0.3)
CVE-2023-5389 (An attacker could potentially exploit this vulnerability, leading to t ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2023-46231 (In Splunk Add-on Builder versions below 4.1.4, the application writes ...)
- TODO: check
+ NOT-FOR-US: Splunk Add-on Builder
CVE-2023-46230 (In Splunk Add-on Builder versions below 4.1.4, the app writes sensitiv ...)
- TODO: check
+ NOT-FOR-US: Splunk Add-on Builder
CVE-2023-37518 (HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A ma ...)
- TODO: check
+ NOT-FOR-US: HCL BigFix ServiceNow
CVE-2023-36260 (An issue discovered in Craft CMS version 4.6.1. allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2023-36259 (Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin bef ...)
- TODO: check
+ NOT-FOR-US: Craft CMS Audit Plugin
CVE-2023-6246 [syslog: Fix heap buffer overflow in __vsyslog_internal]
{DSA-5611-1}
- glibc 2.37-15
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/756177dc313bbd76ebf11cd91236b25451e102fe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/756177dc313bbd76ebf11cd91236b25451e102fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240130/6709e1a9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list