[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 3 21:43:27 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd2955a9 by Salvatore Bonaccorso at 2024-06-03T22:42:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-5404 (An unauthenticated remote attackercan change the admin password in amo ...)
-	TODO: check
+	NOT-FOR-US: ifm electronic GmbH
 CVE-2024-5388
 	REJECTED
 CVE-2024-5387
@@ -13,27 +13,27 @@ CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to 1.
 	- libvpx 1.14.1-1
 	NOTE: https://issues.chromium.org/issues/332382766
 CVE-2024-4540 (A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Request ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2024-4332 (An authentication bypass vulnerability has been identified in the REST ...)
-	TODO: check
+	NOT-FOR-US: Tripwire Enterprise
 CVE-2024-3829 (qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read a ...)
-	TODO: check
+	NOT-FOR-US: qdrant
 CVE-2024-37019 (Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 ha ...)
-	TODO: check
+	NOT-FOR-US: Northern.tech Mender Enterprise
 CVE-2024-36783 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-36729 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-36728 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-36674 (LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via adm ...)
-	TODO: check
+	NOT-FOR-US: LyLme_spage
 CVE-2024-36569 (Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbi ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Gas Agency Management System
 CVE-2024-36568 (Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL  ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Gas Agency Management System
 CVE-2024-36128 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2024-36127 (apko is an apk-based OCI image builder. apko exposures HTTP basic auth ...)
 	TODO: check
 CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When uncompressing ...)
@@ -41,77 +41,77 @@ CVE-2024-36124 (iq80 Snappy is a compression/decompression library. When uncompr
 CVE-2024-36123 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
 	TODO: check
 CVE-2024-35639 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35638 (Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. Act ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35637 (Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35635 (Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35633 (Server-Side Request Forgery (SSRF) vulnerability in CreativeThemes Blo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35632 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integrat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35631 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35630 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34987 (A SQL Injection vulnerability exists in the `ofrs/admin/index.php` scr ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Online Fire Reporting System
 CVE-2024-34803 (Missing Authorization vulnerability in Fastly.This issue affects Fastl ...)
 	TODO: check
 CVE-2024-34801 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34798 (Insertion of Sensitive Information into Log File vulnerability in Lukm ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34797 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34796 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34795 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34794 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34793 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34791 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34790 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34789 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34770 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34769 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34767 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34766 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34764 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34754 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34385 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34051 (A Reflected Cross-site scripting (XSS) vulnerability located in htdocs ...)
 	TODO: check
 CVE-2024-32983 (Misskey is an open source, decentralized microblogging platform. Missk ...)
 	TODO: check
 CVE-2024-31684 (Incorrect access control in the fingerprint authentication mechanism o ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender Mobile Security
 CVE-2024-31682 (Incorrect access control in the fingerprint authentication mechanism o ...)
 	TODO: check
 CVE-2024-23670 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2024-23668 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2024-23667 (An improper authorization in Fortinet FortiWebManager version 7.2.0 an ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb  ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2024-23664 (A URL redirection to untrusted site ('open redirect') in Fortinet Fort ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2024-23363 (Transient DOS while processing an improperly formatted Fine Time Measu ...)
 	TODO: check
 CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine was allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2955a970c70ca4695f76cc302cb267cc9d0691

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd2955a970c70ca4695f76cc302cb267cc9d0691
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240603/a7f37dcc/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list