[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 15 21:15:24 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83db5455 by Salvatore Bonaccorso at 2024-03-15T22:14:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116,7 +116,7 @@ CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.
 CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...)
-	TODO: check
+	NOT-FOR-US: tls-listener
 CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...)
 	NOT-FOR-US: Snowflake Hive metastore connector
 CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...)
@@ -192,23 +192,23 @@ CVE-2023-7248 (Certain functionality in OpenText Vertica Management console migh
 CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets arrivin ...)
 	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or valida ...)
-	TODO: check
+	NOT-FOR-US: Sciener locks' firmware
 CVE-2023-7009 (Some Sciener-based locks support plaintext message processing over Blu ...)
-	TODO: check
+	NOT-FOR-US: Sciener-based locks
 CVE-2023-7007 (Sciener server does not validate connection requests from the GatewayG ...)
-	TODO: check
+	NOT-FOR-US: Sciener server
 CVE-2023-7006 (The unlockKey character in a lock using Sciener firmware can be brute  ...)
-	TODO: check
+	NOT-FOR-US: Sciener firmware
 CVE-2023-7004 (The TTLock App does not employ proper verification procedures to ensur ...)
-	TODO: check
+	NOT-FOR-US: TTLock App
 CVE-2023-7003 (The AES key utilized in the pairing process between a lock using Scien ...)
-	TODO: check
+	NOT-FOR-US: Sciener firmware
 CVE-2023-6960 (TTLock App virtual keys and settings are only deleted client side, and ...)
-	TODO: check
+	NOT-FOR-US: TTLock App
 CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate component  ...)
 	TODO: check
 CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset Orchestr ...)
-	TODO: check
+	NOT-FOR-US: Fluid
 CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...)
@@ -299,7 +299,7 @@ CVE-2024-1795 (The HUSKY \u2013 Products Filter for WooCommerce Professional plu
 CVE-2024-1713 (A user who can create objects in a database with plv8 3.2.1 installed  ...)
 	TODO: check
 CVE-2024-0860 (The affected product is vulnerable to a cleartext transmission of sens ...)
-	TODO: check
+	NOT-FOR-US: Softing
 CVE-2024-0803 (Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Co ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corpora ...)
@@ -307,7 +307,7 @@ CVE-2024-0802 (Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Co
 CVE-2023-50677 (An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attac ...)
 	NOT-FOR-US: NETGEAR
 CVE-2023-42286 (There is a PHP file inclusion vulnerability in the template configurat ...)
-	TODO: check
+	NOT-FOR-US: eyoucms
 CVE-2024-28054
 	- amavisd-new 1:2.13.0-5
 	[bookworm] - amavisd-new <no-dsa> (Minor issue; will be fixed via point release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83db5455f2305449b7fd0817332ba7f29dd38b83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83db5455f2305449b7fd0817332ba7f29dd38b83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240315/e3de81f4/attachment.htm>

More information about the debian-security-tracker-commits mailing list