[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 9 10:18:45 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2e94be4 by Salvatore Bonaccorso at 2024-05-09T11:18:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,11 +27,11 @@ CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	TODO: check
 CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind River VxWo ...)
-	TODO: check
+	NOT-FOR-US: Wind River
 CVE-2024-27793 (The issue was addressed with improved checks. This issue is fixed in i ...)
 	TODO: check
 CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0 allows a remo ...)
-	TODO: check
+	NOT-FOR-US: School Task Manager
 CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	TODO: check
 CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -171,59 +171,59 @@ CVE-2024-31156 (A stored cross-site scripting (XSS) vulnerability exists in an u
 CVE-2024-30459 (Missing Authorization vulnerability in AIpost AI WP Writer.This issue  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-28971 (Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a P ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-28889 (When an SSL profile with alert timeout is configured with a non-defaul ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-28883 (An origin validation vulnerability exists in   BIG-IP APM browser netw ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-28132 (Exposure of Sensitive Information vulnerability exists in the GSLB con ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-27202 (A DOM-based cross-site scripting (XSS) vulnerability exists in an undi ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-26579 (Deserialization of Untrusted Data vulnerability in Apache InLong.This  ...)
 	TODO: check
 CVE-2024-26026 (An SQL injection vulnerability exists in the BIG-IP Next Central Manag ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-25560 (When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic c ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2024-25533 (Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25532 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25531 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25530 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25529 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25528 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25527 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25526 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25525 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25524 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25523 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25522 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25521 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25520 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25519 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25518 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25517 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25515 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-24908 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitra ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-24833 (Missing Authorization vulnerability in Leevio Happy Addons for Element ...)
 	TODO: check
 CVE-2024-22460 (Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecu ...)
@@ -515,37 +515,37 @@ CVE-2024-29889 (GLPI is a Free Asset and IT Management Software package. Prior t
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g
 	NOTE: https://github.com/glpi-project/glpi/commit/0a6b28be4c0f848106c60b554c703ec2e178d6c7
 CVE-2024-29210 (A local privilege escalation (LPE) vulnerability has been identified i ...)
-	TODO: check
+	NOT-FOR-US: Phish Alert Button for Outlook (PAB)
 CVE-2024-29209 (A medium severity vulnerability has been identified in the update mech ...)
-	TODO: check
+	NOT-FOR-US: Phish Alert Button for Outlook (PAB)
 CVE-2024-29208 (An Unverified Password Change could allow a malicious actor with API a ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2024-29207 (An Improper Certificate Validation could allow a malicious actor with  ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2024-29206 (An Improper Access Control could allow a malicious actor authenticated ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2024-29150 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 8 ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent ALE NOE deskphones
 CVE-2024-29149 (An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 8 ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent ALE NOE deskphones
 CVE-2024-28148 (An authenticated user could potentially access metadata for a datasour ...)
 	TODO: check
 CVE-2024-25514 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25513 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25512 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25511 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25510 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25509 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25508 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2024-25507 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: RuvarOA
 CVE-2023-7240 (An improper authorization level has been detected in the login panel.  ...)
 	TODO: check
 CVE-2023-6810 (The ClickCease Click Fraud Protection plugin for WordPress is vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2e94be4581a13b4da63d36e39dd9b07b3c995a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2e94be4581a13b4da63d36e39dd9b07b3c995a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240509/10718be1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list