[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 15 19:21:57 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
744ae13c by Salvatore Bonaccorso at 2024-07-15T20:21:21+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,7 +26,8 @@ CVE-2024-6732 (A vulnerability classified as critical was found in SourceCodeste
 CVE-2024-6731 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Student Study Center Desk Management System
 CVE-2024-6540 (Improper filtering of fields when using the export function in the tic ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
 CVE-2024-6345 (A vulnerability in the package_index module of pypa/setuptools version ...)
 	TODO: check
 CVE-2024-6289 (The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent r ...)
@@ -62,15 +63,16 @@ CVE-2024-39729 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 coul
 CVE-2024-39728 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnera ...)
 	NOT-FOR-US: IBM
 CVE-2024-23794 (An incorrect privilege assignment vulnerability in the inline editing  ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
 CVE-2024-21513 (Versions of the package langchain-experimental from 0.0.15 and before  ...)
-	TODO: check
+	NOT-FOR-US: langchain-experimental
 CVE-2023-49566 (In Apache Linkis <=1.5.0, due to the lack of effective filtering of pa ...)
-	TODO: check
+	NOT-FOR-US: Apache Linkis
 CVE-2023-46801 (In Apache Linkis <= 1.5.0, data source management module, when adding  ...)
-	TODO: check
+	NOT-FOR-US: Apache Linkis
 CVE-2023-41916 (In Apache Linkis =1.4.0, due to the lack of effective filtering of par ...)
-	TODO: check
+	NOT-FOR-US: Apache Linkis
 CVE-2024-39734 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not s ...)
 	NOT-FOR-US: IBM
 CVE-2024-39733 (IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 stores use ...)
@@ -922,7 +924,7 @@ CVE-2024-32753 (Under certain circumstances the camera may be susceptible to kno
 CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (' ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can obtain  ...)
-	TODO: check
+	NOT-FOR-US: Stork
 CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus up to 2 ...)
 	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-6666 (The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ...)
@@ -1129,7 +1131,7 @@ CVE-2024-37504 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 CVE-2024-37498 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-37310 (EVerest is an EV charging software stack. An integer overflow in the " ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2024-37270 (Insertion of Sensitive Information into Log File vulnerability in Trus ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-37205 (Insertion of Sensitive Information into Log File vulnerability in SERV ...)
@@ -1338,17 +1340,17 @@ CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are susceptible to a vulnerab
 CVE-2024-21832 (A potential JSON injection attack vector exists in PingFederate REST A ...)
 	NOT-FOR-US: PingIdentity
 CVE-2024-21526 (All versions of the package speaker are vulnerable to Denial of Servic ...)
-	TODO: check
+	NOT-FOR-US: speaker Node.js module
 CVE-2024-21525 (All versions of the package node-twain are vulnerable to Improper Chec ...)
-	TODO: check
+	NOT-FOR-US: node-twain
 CVE-2024-21524 (All versions of the package node-stringbuilder are vulnerable to Out-o ...)
-	TODO: check
+	NOT-FOR-US: node-stringbuilder
 CVE-2024-21523 (All versions of the package images are vulnerable to Denial of Service ...)
-	TODO: check
+	NOT-FOR-US: images Node.js module
 CVE-2024-21522 (All versions of the package audify are vulnerable to Improper Validati ...)
-	TODO: check
+	NOT-FOR-US: audify Node.js module
 CVE-2024-21521 (All versions of the package @discordjs/opus are vulnerable to Denial o ...)
-	TODO: check
+	NOT-FOR-US: @discordjs/opus
 CVE-2024-21417 (Windows Text Services Framework Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-7062 (The Advanced File Manager Shortcodes plugin for WordPress is vulnerabl ...)
@@ -1548,7 +1550,7 @@ CVE-2024-39866 (A vulnerability has been identified in SINEMA Remote Connect Ser
 CVE-2024-39865 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
 	NOT-FOR-US: Siemens
 CVE-2024-39698 (electron-updater allows for automatic updates for Electron apps. The f ...)
-	TODO: check
+	NOT-FOR-US: electron-updater
 CVE-2024-39697 (phonenumber is a library for parsing, formatting and validating intern ...)
 	NOT-FOR-US: Rust crate phonenumber
 CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...)
@@ -2311,7 +2313,7 @@ CVE-2024-39695 (Exiv2 is a command-line utility and C++ library for reading, wri
 	NOTE: Introduced after: https://github.com/Exiv2/exiv2/commit/cb7a48f84aeb30251caae909901555dffa4e9fcb (v0.28.0)
 	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387 (v0.28.3)
 CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET framework. A SQ ...)
-	TODO: check
+	NOT-FOR-US: NHibernate
 CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
 	- botan 2.19.5+dfsg-1
 	NOTE: https://github.com/randombit/botan/security/advisories/GHSA-jp24-56jm-gg86
@@ -2356,7 +2358,7 @@ CVE-2024-23562 (This vulnerability is being re-assessed. Vulnerability details w
 CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the configuration ...)
 	NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly  check  ...)
-	TODO: check
+	NOT-FOR-US: OpenVPN Windows TAP driver
 CVE-2023-50383 (Three os command injection vulnerabilities exist in the boa formWsc fu ...)
 	NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-50382 (Three os command injection vulnerabilities exist in the boa formWsc fu ...)
@@ -2890,7 +2892,7 @@ CVE-2024-39322 (aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for ad
 CVE-2024-38453 (The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows at ...)
 	NOT-FOR-US: Avalara for Salesforce CPQ app
 CVE-2024-37082 (When deploying Cloud Foundry together with the haproxy-boshrelease and ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung Open Sourc ...)
 	TODO: check
 CVE-2024-2376 (The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF chec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/744ae13ccaae06cf3256835e51f067d1ffd458ac

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/744ae13ccaae06cf3256835e51f067d1ffd458ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240715/506b4321/attachment.htm>

More information about the debian-security-tracker-commits mailing list