[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 8 20:40:27 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ce98f3e by Salvatore Bonaccorso at 2024-03-08T21:39:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a use ...)
- TODO: check
+ NOT-FOR-US: PostgreSQL Anonymizer
CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...)
- TODO: check
+ NOT-FOR-US: PostgreSQL Anonymizer
CVE-2024-2319 (Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX proje ...)
- TODO: check
+ NOT-FOR-US: Django MarkdownX
CVE-2024-2318 (A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1 ...)
- TODO: check
+ NOT-FOR-US: ZKTeco
CVE-2024-2317 (A vulnerability was found in Bdtask Hospital AutoManager up to 2024022 ...)
- TODO: check
+ NOT-FOR-US: Bdtask Hospital AutoManager
CVE-2024-2316 (A vulnerability has been found in Bdtask Hospital AutoManager up to 20 ...)
- TODO: check
+ NOT-FOR-US: Bdtask Hospital AutoManager
CVE-2024-21901 (A SQL injection vulnerability has been reported to affect myQNAPcloud. ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21900 (An injection vulnerability has been reported to affect several QNAP op ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21899 (An improper authentication vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47221 (A path traversal vulnerability has been reported to affect Photo Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-34980 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-32969 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-2298 (The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2285 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -65,7 +65,7 @@ CVE-2024-2044 (pgAdmin 4 uses a file-based session management approach. The sess
CVE-2024-28115 (FreeRTOS is a real-time operating system for microcontrollers. FreeRTO ...)
NOT-FOR-US: FreeRTOS kernel
CVE-2024-27707 (Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly ...)
- TODO: check
+ NOT-FOR-US: hcengineering Huly Platform
CVE-2024-27613 (Numbas editor before 7.3 mishandles reading of themes and extensions.)
NOT-FOR-US: Numbas editor
CVE-2024-27612 (Numbas editor before 7.3 mishandles editing of themes and extensions.)
@@ -293,21 +293,21 @@ CVE-2024-0203 (The Digits plugin for WordPress is vulnerable to Cross-Site Reque
CVE-2023-48725 (A stack-based buffer overflow vulnerability exists in the JSON Parsing ...)
NOT-FOR-US: Netgear
CVE-2023-47691 (Missing Authorization vulnerability in Podlove Podlove Web Player.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-42662 (JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2023-42661 (JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary F ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2023-42509 (JFrog Artifactory later than version 7.17.4 but prior to version 7.77. ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2023-41503 (Student Enrollment In PHP v1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Student Enrollment In PHP
CVE-2023-41015 (code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: code-projects.org Online Job Portal
CVE-2023-41014 (code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: code-projects.org Online Job Portal
CVE-2023-33676 (Sourcecodester Lost and Found Information System's Version 1.0 is vuln ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Lost and Found Information System
CVE-2024-XXXX [RUSTSEC-2024-0021]
- rust-eyre <not-affected> (Vulnerable code introduce in 0.6.9)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0021.html
@@ -405,7 +405,7 @@ CVE-2023-49987 (A cross-site scripting (XSS) vulnerability in the component /man
CVE-2023-49986 (A cross-site scripting (XSS) vulnerability in the component /admin/par ...)
NOT-FOR-US: School Fees Management System
CVE-2023-47415 (Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to cont ...)
- TODO: check
+ NOT-FOR-US: Cypress Solutions CTM-200
CVE-2024-2236 (A timing-based side-channel flaw was found in libgcrypt's RSA implemen ...)
- libgcrypt20 <unfixed>
[bookworm] - libgcrypt20 <no-dsa> (Minor issue)
@@ -510,7 +510,7 @@ CVE-2023-49978 (Incorrect access control in Customer Support System v1 allows no
CVE-2023-48703 (RobotsAndPencils go-saml, a SAML client library written in Go, contain ...)
TODO: check
CVE-2023-38825 (SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allow ...)
- TODO: check
+ NOT-FOR-US: Vanderbilt REDCap
CVE-2024-28160 (Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum p ...)
NOT-FOR-US: Jenkins plugin
CVE-2024-28159 (A missing permission check in Jenkins Subversion Partial Release Manag ...)
@@ -84814,11 +84814,11 @@ CVE-2022-46501 (Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was disc
CVE-2022-46500
RESERVED
CVE-2022-46499 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System
CVE-2022-46498 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System
CVE-2022-46497 (Hospital Management System 1.0 was discovered to contain a SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Hospital Management System
CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missin ...)
NOT-FOR-US: BTicino Door Entry HOMETOUCH
CVE-2022-46495
@@ -86394,7 +86394,7 @@ CVE-2022-46093 (Hospital Management System v1.0 is vulnerable to SQL Injection.
CVE-2022-46092
RESERVED
CVE-2022-46091 (Cross Site Scripting (XSS) vulnerability in the feedback form of Onlin ...)
- TODO: check
+ NOT-FOR-US: Online Flight Booking Management System
CVE-2022-46090
RESERVED
CVE-2022-46089 (Cross Site Scripting (XSS) vulnerability in the add-airline form of On ...)
@@ -95471,7 +95471,7 @@ CVE-2022-43857 (IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticate
CVE-2022-43856
RESERVED
CVE-2022-43855 (IBM SPSS Statistics 26.0, 27.0.1, and 28.0 could allow a local user to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-43854
RESERVED
CVE-2022-43853
@@ -353552,7 +353552,7 @@ CVE-2019-6270
CVE-2019-6269
RESERVED
CVE-2019-6268 (RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Bo ...)
- TODO: check
+ NOT-FOR-US: RAD SecFlow-2 devices
CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPre ...)
NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress
CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affe ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ce98f3e3538b262a1b63d35d69f7f30071e8c71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ce98f3e3538b262a1b63d35d69f7f30071e8c71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240308/64c4ea5a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list