[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 29 21:34:04 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77c38f97 by Salvatore Bonaccorso at 2024-05-29T22:31:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2024-5039 (The HUSKY \u2013 Products Filter Professional for WooCommerce plu
 CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...)
 	NOT-FOR-US: Progress Telerik Report Server
 CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...)
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...)
@@ -58,13 +58,13 @@ CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset
 CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...)
 	TODO: check
 CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact Center Busi ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
 	TODO: check
 CVE-2024-34715 (Fides is an open-source privacy engineering platform. The Fides webser ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
 	TODO: check
 CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
@@ -72,11 +72,11 @@ CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QU
 CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...)
 	TODO: check
 CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequat ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-28826 (Improper restriction of local upload and download paths in check_sftp  ...)
 	TODO: check
 CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. Th ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-25977 (The application does not change the session token when using the login ...)
 	TODO: check
 CVE-2024-25976 (When LDAP authentication is activated in the configuration it is possi ...)
@@ -306,7 +306,7 @@ CVE-2024-23948 (Multiple improper array index validation vulnerabilities exist i
 CVE-2024-23947 (Multiple improper array index validation vulnerabilities exist in the  ...)
 	TODO: check
 CVE-2024-23601 (A code injection vulnerability exists in the scan_lib.bin functionalit ...)
-	TODO: check
+	NOT-FOR-US: AutomationDirect
 CVE-2024-23315 (A read-what-where vulnerability exists in the Programming Software Con ...)
 	TODO: check
 CVE-2024-22590 (The TLS engine in Kwik commit 745fd4e2 does not track the current stat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77c38f97ab77842a7e609b1d962159eb77b48014

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77c38f97ab77842a7e609b1d962159eb77b48014
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240529/25e1ebc2/attachment.htm>


More information about the debian-security-tracker-commits mailing list