[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 9 08:46:38 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0bc3e86d by Salvatore Bonaccorso at 2024-03-09T09:46:16+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2024-2329 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
-	TODO: check
+	NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
 CVE-2024-28754 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to ca ...)
-	TODO: check
+	NOT-FOR-US: RaspAP
 CVE-2024-28753 (RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to re ...)
-	TODO: check
+	NOT-FOR-US: RaspAP
 CVE-2024-28184 (WeasyPrint helps web developers to create PDF documents. Since version ...)
-	TODO: check
+	NOT-FOR-US: WeasyPrint
 CVE-2024-28180 (Package jose aims to provide an implementation of the Javascript Objec ...)
 	TODO: check
 CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and Encryption, prov ...)
@@ -15,27 +15,27 @@ CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter wi
 CVE-2024-28122 (JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherw ...)
 	TODO: check
 CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...)
-	TODO: check
+	NOT-FOR-US: Hitron CODA-4582 2AHKM-CODA4589
 CVE-2024-25951 (A command injection vulnerability exists in local RACADM. A malicious  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-25501 (An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: WinMail
 CVE-2024-1767 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-1320 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1125 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1124 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1123 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50015 (An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Grandstream
 CVE-2023-49341 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...)
-	TODO: check
+	NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk
 CVE-2023-49340 (An issue was discovered in Newland Nquire 1000 Interactive Kiosk versi ...)
-	TODO: check
+	NOT-FOR-US: Newland Nquire 1000 Interactive Kiosk
 CVE-2023-46427 (An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-mast ...)
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/2641
@@ -45,7 +45,7 @@ CVE-2023-46426 (Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV
 	NOTE: https://github.com/gpac/gpac/issues/2642
 	NOTE: https://github.com/gpac/gpac/commit/14ec709a1ffae23ad777c37320290caa0a754341
 CVE-2023-32264 (CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16. ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-2339 (PostgreSQL Anonymizer v1.2 contains a vulnerability  that allows a use ...)
 	NOT-FOR-US: PostgreSQL Anonymizer
 CVE-2024-2338 (PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that ...)
@@ -633,7 +633,7 @@ CVE-2024-24276 (Cross Site Scripting (XSS) vulnerability in Teamwire Windows des
 CVE-2024-24275 (Cross Site Scripting vulnerability in Teamwire Windows desktop client  ...)
 	NOT-FOR-US: Teamwire Windows desktop client
 CVE-2024-22889 (Due to incorrect access control in Plone version v6.0.9, remote attack ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2024-1989 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1901 (Denial of service in PAM password rotation during the check-in process ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc3e86d4e64005cf35ac26956d7a89f1eadc4c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc3e86d4e64005cf35ac26956d7a89f1eadc4c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240309/161b86cc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list