[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 15 20:36:22 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3cc6066e by Salvatore Bonaccorso at 2024-03-15T21:35:37+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Logitech Logi Tune
CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified ...)
- TODO: check
+ NOT-FOR-US: RaspAP raspap-webgui
CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt firmware af ...)
- TODO: check
+ NOT-FOR-US: riendlyWrt firmware
CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda AC18 15 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...)
TODO: check
CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...)
@@ -23,77 +23,77 @@ CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener
CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...)
TODO: check
CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28847 (OpenMetadata is a unified platform for discovery, observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Si ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...)
TODO: check
CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out ...)
TODO: check
CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28254 (OpenMetadata is a unified platform for discovery, observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28253 (OpenMetadata is a unified platform for discovery, observability, and g ...)
- TODO: check
+ NOT-FOR-US: OpenMetadata
CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2024-28242 (Discourse is an open source platform for community discussion. In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 ...)
TODO: check
CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable vulnerability scann ...)
- TODO: check
+ NOT-FOR-US: projectdiscovery/nuclei
CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27100 (Discourse is an open source platform for community discussion. In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-27085 (Discourse is an open source platform for community discussion. In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25916 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24975 (Uncontrolled Resource Consumption in Mattermost Mobile versions before ...)
- TODO: check
+ NOT-FOR-US: Mattermost Mobile
CVE-2024-24827 (Discourse is an open source platform for community discussion. Without ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-24748 (Discourse is an open source platform for community discussion. In affe ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-7248 (Certain functionality in OpenText Vertica Management console might be ...)
- TODO: check
+ NOT-FOR-US: OpenText Vertica Management console
CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets arrivin ...)
- TODO: check
+ NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or valida ...)
TODO: check
CVE-2023-7009 (Some Sciener-based locks support plaintext message processing over Blu ...)
@@ -113,17 +113,17 @@ CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate compo
CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset Orchestr ...)
TODO: check
CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51369 (Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50898 (Missing Authorization vulnerability in sirv.Com Sirv.This issue affect ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50886 (Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50861 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY \u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47699 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2023-47162 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc6066e0d4c1f4ded5dad1e4ad4ea116da8d885
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc6066e0d4c1f4ded5dad1e4ad4ea116da8d885
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240315/de7eb7a7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list