[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 11 21:43:12 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72c876ba by Salvatore Bonaccorso at 2024-06-11T22:42:38+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -231,11 +231,11 @@ CVE-2024-2462 (Allow attackers to intercept or falsify data exchanges between th
 CVE-2024-2461 (If exploited an attacker could traverse the file system to access  fil ...)
 	NOT-FOR-US: Hitachi
 CVE-2024-2013 (An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM se ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-2012 (vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that i ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-2011 (A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNE ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-29060 (Visual Studio Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-28024 (A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive inform ...)
@@ -269,39 +269,39 @@ CVE-2024-23110 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0
 CVE-2024-21754 (A use of password hash with insufficient computational effort vulnerab ...)
 	NOT-FOR-US: FortiGuard
 CVE-2023-52233 (Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Emai ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52227 (Missing Authorization vulnerability in MailerLite MailerLite \u2013 Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52224 (Missing Authorization vulnerability in Revolut Revolut Gateway for Woo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52217 (Missing Authorization vulnerability in weDevs WooCommerce Conversion T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52199 (Missing Authorization vulnerability in Matthias Pfefferle & Automattic ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52186 (Missing Authorization vulnerability in Woo WooCommerce Product Vendors ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52183 (Missing Authorization vulnerability in WebToffee WordPress Backup & Mi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52179 (Missing Authorization vulnerability in WebCodingPlace Product Expiry f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51682 (Missing Authorization vulnerability in ibericode MC4WP.This issue affe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51519 (Missing Authorization vulnerability in Soliloquy Team Slider by Solilo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51498 (Missing Authorization vulnerability in Woo WooCommerce Canada Post Shi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50763 (A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6U ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-4727 (A flaw was found in dogtag-pki and pki-core. The token authentication  ...)
 	TODO: check
 CVE-2023-48273 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-46720 (A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 throug ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-38533 (A vulnerability has been identified in TIA Administrator (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-33922 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5702 (Memory corruption in the networking stack could have led to a potentia ...)
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702
@@ -90099,7 +90099,7 @@ CVE-2023-28777 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
 	NOT-FOR-US: Lightbox plugin
 CVE-2023-28775 (Missing Authorization vulnerability in Yoast Yoast SEO Premium.This is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grad ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -99170,7 +99170,7 @@ CVE-2023-25801 (TensorFlow is an open source machine learning platform. Prior to
 CVE-2023-25800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25799 (Missing Authorization vulnerability in Themeum Tutor LMS.This issue af ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25797 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlid ...)
@@ -105404,7 +105404,7 @@ CVE-2023-23777 (An improper neutralization of special elements used in an OS com
 CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
 	NOT-FOR-US: Fortinet
 CVE-2023-23775 (Multiple improper neutralization of special elements used inSQL comman ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39  ...)
 	- check-mk <removed>
 CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...)
@@ -121354,7 +121354,7 @@ CVE-2022-45178 (An issue was discovered in LIVEBOX Collaboration vDesk through v
 CVE-2022-45177 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
 	NOT-FOR-US: LIVEBOX Collaboration vDesk
 CVE-2022-45176 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. S ...)
-	TODO: check
+	NOT-FOR-US: LIVEBOX Collaboration vDesk
 CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
 	NOT-FOR-US: LIVEBOX
 CVE-2022-45174 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
@@ -121370,7 +121370,7 @@ CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through v
 CVE-2022-45169 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
 	NOT-FOR-US: LIVEBOX Collaboration vDesk
 CVE-2022-45168 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
-	TODO: check
+	NOT-FOR-US: LIVEBOX Collaboration vDesk
 CVE-2022-3962 (A content spoofing vulnerability was found in Kiali. It was discovered ...)
 	NOT-FOR-US: Kiali
 CVE-2022-3961 (The Directorist WordPress plugin before 7.4.4 does not prevent users w ...)
@@ -137762,7 +137762,7 @@ CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panel
 CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...)
 	NOT-FOR-US: Siemens
 CVE-2022-40225 (A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1M ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Foru ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech Tera ...)
@@ -146789,9 +146789,9 @@ CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memor
 CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn may call ...)
 	NOT-FOR-US: btcsuite
 CVE-2022-37020 (Potential vulnerabilities have been identified in the system BIOS for  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-37019 (Potential vulnerabilities have been identified in the system BIOS for  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-37018 (A potential vulnerability has been identified in the system BIOS for c ...)
 	NOT-FOR-US: HPE
 CVE-2022-37017 (Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 R ...)
@@ -314856,7 +314856,7 @@ CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manage
 CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-11843 (This allows the information exposure to unauthorized users.This issue  ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Access Manager
 CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c876baa01f12035d64bd6c2b0fcd7426efcd08

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c876baa01f12035d64bd6c2b0fcd7426efcd08
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240611/2587f2d3/attachment.htm>


More information about the debian-security-tracker-commits mailing list