[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 10 14:55:09 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8e1c0cd by Salvatore Bonaccorso at 2024-07-10T15:54:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,7 @@ CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 befo
 CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contains an  ...)
 	NOT-FOR-US: Dell Alienware Command Center
 CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allo ...)
-	TODO: check
+	NOT-FOR-US: S3Browser
 CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a session h ...)
 	TODO: check
 CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows attackers ...)
@@ -161,11 +161,11 @@ CVE-2024-23695 (In CacheOpPMRExec of cache_km.c, there is a possible out of boun
 CVE-2024-22477 (A cross-site scripting vulnerability exists in the admin console OIDC  ...)
 	TODO: check
 CVE-2024-22377 (The deploy directory in PingFederate runtime nodes is reachable to una ...)
-	TODO: check
+	NOT-FOR-US: PingIdentity
 CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability  ...)
 	NOT-FOR-US: NetAPP
 CVE-2024-21832 (A potential JSON injection attack vector exists in PingFederate REST A ...)
-	TODO: check
+	NOT-FOR-US: PingIdentity
 CVE-2024-21526 (All versions of the package speaker are vulnerable to Denial of Servic ...)
 	TODO: check
 CVE-2024-21525 (All versions of the package node-twain are vulnerable to Improper Chec ...)
@@ -179,17 +179,17 @@ CVE-2024-21522 (All versions of the package audify are vulnerable to Improper Va
 CVE-2024-21521 (All versions of the package @discordjs/opus are vulnerable to Denial o ...)
 	TODO: check
 CVE-2024-21417 (Windows Text Services Framework Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-7062 (The Advanced File Manager Shortcodes plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7061 (The Advanced File Manager Shortcodes plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6813 (The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32472 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-32467 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-39493 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.9.7-1
 	[bookworm] - linux 6.1.94-1
@@ -430,7 +430,7 @@ CVE-2024-38095 (.NET and Visual Studio Denial of Service Vulnerability)
 CVE-2024-38094 (Microsoft SharePoint Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-38092 (Azure CycleCloud Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38091 (Microsoft WS-Discovery Denial of Service Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-38089 (Microsoft Defender for IoT Elevation of Privilege Vulnerability)
@@ -440,7 +440,7 @@ CVE-2024-38088 (SQL Server Native Client OLE DB Provider Remote Code Execution V
 CVE-2024-38087 (SQL Server Native Client OLE DB Provider Remote Code Execution Vulnera ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-38086 (Azure Kinect SDK Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38085 (Windows Graphics Component Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-38081 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...)
@@ -130879,9 +130879,9 @@ CVE-2023-21116 (In verifyReplacingVersionCode of InstallPackageHelper.java, ther
 CVE-2023-21115 (In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to do ...)
 	NOT-FOR-US: Android
 CVE-2023-21114 (In multiple locations, there is a possible permission bypass due to a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-21113 (In multiple locations, there is a possible permission bypass due to a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-21112 (In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bound ...)
 	NOT-FOR-US: Android
 CVE-2023-21111 (In several functions of PhoneAccountRegistrar.java, there is a possibl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8e1c0cdecaac117e7d4f7c61997661bdbe62e9b

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8e1c0cdecaac117e7d4f7c61997661bdbe62e9b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240710/91ede445/attachment.htm>

More information about the debian-security-tracker-commits mailing list