[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 31 20:49:37 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f361a9bd by Salvatore Bonaccorso at 2024-01-31T21:42:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,97 +5,97 @@ CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis,
 CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...)
 	TODO: check
 CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22310 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22305 (Authorization Bypass Through User-Controlled Key vulnerability in ali  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22304 (Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshM ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22302 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22295 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22293 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22291 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browse ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22290 (Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,Uni ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22287 (Cross-Site Request Forgery (CSRF) vulnerability in Lud\u011bk Melichar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22286 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22285 (Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22282 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22161 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22158 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22146 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22143 (Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22140 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22136 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-21917 (A vulnerability exists in Rockwell Automation FactoryTalk\xae Service  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-21916 (A denial-of-service vulnerability exists in specific Rockwell Automati ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-21893 (A server-side request forgery vulnerability in the SAML component of I ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-21888 (A privilege escalation vulnerability in web component of Ivanti Connec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-1116 (A vulnerability was found in openBI up to 1.0.8. It has been classifie ...)
-	TODO: check
+	NOT-FOR-US: openBI
 CVE-2024-1115 (A vulnerability was found in openBI up to 1.0.8 and classified as crit ...)
-	TODO: check
+	NOT-FOR-US: openBI
 CVE-2024-1114 (A vulnerability has been found in openBI up to 1.0.8 and classified as ...)
-	TODO: check
+	NOT-FOR-US: openBI
 CVE-2024-1113 (A vulnerability, which was classified as critical, was found in openBI ...)
-	TODO: check
+	NOT-FOR-US: openBI
 CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker, developed ...)
 	TODO: check
 CVE-2024-1111 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester QR Code Login System
 CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
 	TODO: check
 CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been classifi ...)
-	TODO: check
+	NOT-FOR-US: Rebuild
 CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified as pro ...)
-	TODO: check
+	NOT-FOR-US: Rebuild
 CVE-2024-1087
 	REJECTED
 CVE-2024-1086 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
@@ -109,25 +109,25 @@ CVE-2024-1085 (A use-after-free vulnerability in the Linux kernel's netfilter: n
 	NOTE: https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
 	NOTE: https://git.kernel.org/linus/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 (6.8-rc1)
 CVE-2024-0833 (In Telerik Test Studio versions prior to   v2023.3.1330, a privilege e ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2024-0832 (In Telerik Reporting versions prior to 2024 R1, a privilege elevation  ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2024-0589 (Cross-site scripting (XSS) vulnerability in the entry overview tab in  ...)
-	TODO: check
+	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2024-0219 (In Telerik JustDecompile versions prior to 2024 R1, a privilege elevat ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2023-7043 (Unquoted service path in ESET products allows to   drop a prepared pro ...)
 	TODO: check
 CVE-2023-5390 (An attacker could potentially exploit this vulnerability, leading to f ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP webs ...)
-	TODO: check
+	NOT-FOR-US: AREAL SAS Websrv1 ASP website
 CVE-2023-50356 (SSL connections to NOVELL and Synology LDAP server are vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: AREAL Topkapi Vision (Server)
 CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an  ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Gen ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The vulnerab ...)
 	TODO: check
 CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f361a9bdd74d44b234db2d08293a160734b0750d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f361a9bdd74d44b234db2d08293a160734b0750d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240131/03e13f1d/attachment.htm>


More information about the debian-security-tracker-commits mailing list