[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 4 06:20:00 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17234bc7 by Salvatore Bonaccorso at 2024-07-04T07:19:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,9 +26,9 @@ CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
 CVE-2024-5821 (Improper Access Control in stitionai/devika)
 	NOT-FOR-US: stitionai/devika
 CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system commands ...)
-	TODO: check
+	NOT-FOR-US: Red Lion Europe GmbH
 CVE-2024-3332 (A malicious BLE device can send a specific order of packet sequence to ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-39830 (Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-39807 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0fail to properly sanitize  ...)
@@ -111,19 +111,19 @@ CVE-2024-37082 (Security check loophole in HAProxy release (in combination with
 CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung Open Sourc ...)
 	TODO: check
 CVE-2024-2376 (The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2375 (The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2235 (The Himer WordPress theme before 2.1.1 does not have CSRF checks in so ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-2234 (The Himer WordPress theme before 2.1.1 does not sanitise and escape so ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-2233 (The Himer WordPress theme before 2.1.1 does not have CSRF checks in so ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-2231 (The  allows any authenticated user to join a private group due to a mi ...)
 	TODO: check
 CVE-2024-2040 (The Himer WordPress theme before 2.1.1 does not have CSRF checks in so ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-24791 (The net/http HTTP/1.1 client mishandled the case where a server respon ...)
 	TODO: check
 CVE-2024-6452 (A vulnerability classified as critical was found in linlinjava litemal ...)
@@ -182,7 +182,7 @@ CVE-2024-39323 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interfac
 CVE-2024-39316 (Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...)
 	TODO: check
 CVE-2024-39315 (Pomerium is an identity and context-aware access proxy. Prior to versi ...)
-	TODO: check
+	NOT-FOR-US: Pomerium
 CVE-2024-39206 (An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 all ...)
 	NOT-FOR-US: MSP360 Backup Agent
 CVE-2024-39143 (A stored cross-site scripting (XSS) vulnerability exists in ResidenceC ...)
@@ -206,7 +206,7 @@ CVE-2024-37077 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker
 CVE-2024-37030 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2024-36404 (GeoTools is an open source Java library that provides tools for geospa ...)
-	TODO: check
+	NOT-FOR-US: GeoTools
 CVE-2024-36278 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2024-36260 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
@@ -252,67 +252,67 @@ CVE-2024-34583 (Improper access control in system property prior to SMR Jul-2024
 CVE-2024-34122 (Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an ...)
 	NOT-FOR-US: Acrobat for Edge
 CVE-2024-32932 (Under certain circumstances the web interface users credentials may be ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2024-32757 (Under certain circumstances unnecessary user details are provided with ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2024-32756 (Under certain circumstances the Linux users credentials may be recover ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2024-32755 (Under certain circumstances the web interface will accept characters u ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2024-31071 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2024-26314 (Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0  ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-25088 (Improper privilege management in Jungo WinDriver before 12.5.1 allows  ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-25087 (Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-25086 (Improper privilege management in Jungo WinDriver before 12.2.0 allows  ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-22106 (Improper privilege management in Jungo WinDriver before 12.5.1 allows  ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-22105 (Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-22104 (Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 all ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-22103 (Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 all ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-22102 (Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2024-20901 (Improper input validation in copying data to buffer cache in libsaped  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20900 (Improper authentication in MTP application prior to SMR Jul-2024 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20899 (Use of implicit intent for sensitive communication in RCS function in  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20898 (Use of implicit intent for sensitive communication in SoftphoneClient  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20897 (Use of implicit intent for sensitive communication in FCM function in  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20896 (Use of implicit intent for sensitive communication in Configuration me ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20895 (Improper access control in Dar service prior to SMR Jul-2024 Release 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20894 (Improper handling of exceptional conditions in Secure Folder prior to  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20893 (Improper input validation in libmediaextractorservice.so prior to SMR  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20892 (Improper verification of signature in FilterProvider prior to SMR Jul- ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20891 (Improper access control in launchFullscreenIntent of SystemUI prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20890 (Improper input validation in BLE prior to SMR Jul-2024 Release 1 allow ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20889 (Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20888 (Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 a ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-51778 (Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 all ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2023-51777 (Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2023-51776 (Improper privilege management in Jungo WinDriver before 12.1.0 allows  ...)
-	TODO: check
+	NOT-FOR-US: Jungo WinDriver
 CVE-2023-39324
 	REJECTED
 CVE-2024-32498 [OSSA-2024-001: Arbitrary file access through custom QCOW2 external data]
@@ -185646,13 +185646,13 @@ CVE-2022-25482
 CVE-2022-25481 (ThinkPHP Framework v5.0.24 was discovered to be configured without the ...)
 	NOT-FOR-US: ThinkPHP Framework
 CVE-2022-25480 (Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sy ...)
-	TODO: check
+	NOT-FOR-US: Realtek RtsPer driver for PCIe Card Reader
 CVE-2022-25479 (Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sy ...)
-	TODO: check
+	NOT-FOR-US: Realtek RtsPer driver for PCIe Card Reader
 CVE-2022-25478 (Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sy ...)
-	TODO: check
+	NOT-FOR-US: Realtek RtsPer driver for PCIe Card Reader
 CVE-2022-25477 (Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sy ...)
-	TODO: check
+	NOT-FOR-US: Realtek RtsPer driver for PCIe Card Reader
 CVE-2022-25476
 	RESERVED
 CVE-2022-25475



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17234bc71705d830977d8cad835035c4691a5961

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17234bc71705d830977d8cad835035c4691a5961
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240704/acf7bcd1/attachment.htm>

More information about the debian-security-tracker-commits mailing list