[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 8 21:59:09 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7dcb9db by Salvatore Bonaccorso at 2024-05-08T22:58:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,35 +80,35 @@ CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbu
 	- libmodbus <unfixed>
 	NOTE: https://github.com/stephane/libmodbus/issues/743
 CVE-2024-33612 (An improper certificate validation vulnerability exists in BIG-IP Next ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-33608 (When IPsec is configured on a virtual server, undisclosed traffic can  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-33604 (A reflected cross-site scripting (XSS) vulnerability exist in undisclo ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-33574 (Missing Authorization vulnerability in appsbd Vitepos.This issue affec ...)
 	TODO: check
 CVE-2024-33573 (Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33382 (An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of se ...)
-	TODO: check
+	NOT-FOR-US: Open5GS
 CVE-2024-32980 (Spin is the developer tool for building and running serverless applica ...)
 	TODO: check
 CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
-	TODO: check
+	NOT-FOR-US: Vitess
 CVE-2024-32761 (Under certain conditions, a potential data leak may occur in the Traff ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-32113 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Apache OFBiz
 CVE-2024-32049 (BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote  ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-31961 (A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide bef ...)
-	TODO: check
+	NOT-FOR-US: Sonic Shopfloor
 CVE-2024-31270 (Missing Authorization vulnerability in Repute InfoSystems ARForms Form ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31156 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-30459 (Missing Authorization vulnerability in AIpost AI WP Writer.This issue  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-28971 (Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a P ...)
 	TODO: check
 CVE-2024-28889 (When an SSL profile with alert timeout is configured with a non-defaul ...)
@@ -366,25 +366,25 @@ CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusio
 CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of service a ...)
 	TODO: check
 CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows Local File ...)
-	TODO: check
+	NOT-FOR-US: Logpoint
 CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code sent throu ...)
-	TODO: check
+	NOT-FOR-US: Logpoint
 CVE-2024-33858 (An issue was discovered in Logpoint before 7.4.0. A path injection vul ...)
-	TODO: check
+	NOT-FOR-US: Logpoint
 CVE-2024-33857 (An issue was discovered in Logpoint before 7.4.0. Due to a lack of inp ...)
-	TODO: check
+	NOT-FOR-US: Logpoint
 CVE-2024-33856 (An issue was discovered in Logpoint before 7.4.0. An attacker can enum ...)
-	TODO: check
+	NOT-FOR-US: Logpoint
 CVE-2024-33783 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via  ...)
-	TODO: check
+	NOT-FOR-US: MP-SPDZ
 CVE-2024-33782 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...)
-	TODO: check
+	NOT-FOR-US: MP-SPDZ
 CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...)
-	TODO: check
+	NOT-FOR-US: MP-SPDZ
 CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via  ...)
-	TODO: check
+	NOT-FOR-US: MP-SPDZ
 CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mvn ...)
-	TODO: check
+	NOT-FOR-US: MvnRepository MS Basic
 CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...)
 	TODO: check
 CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...)
@@ -420,11 +420,11 @@ CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion Prev
 CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	TODO: check
 CVE-2024-32371 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...)
-	TODO: check
+	NOT-FOR-US: HSC Cybersecurity HC Mailinspector
 CVE-2024-32370 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...)
-	TODO: check
+	NOT-FOR-US: HSC Cybersecurity HC Mailinspector
 CVE-2024-32369 (SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2. ...)
-	TODO: check
+	NOT-FOR-US: HSC Cybersecurity HC Mailinspector
 CVE-2024-31456 (GLPI is a Free Asset and IT Management Software package. Prior to 10.0 ...)
 	TODO: check
 CVE-2024-29889 (GLPI is a Free Asset and IT Management Software package. Prior to 10.0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7dcb9dbb13295bcf5e89f4878cbe715e86463ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7dcb9dbb13295bcf5e89f4878cbe715e86463ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240508/b3e5bb4d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list