[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 03 Jan 2024 00:29:05 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a92b819c by Salvatore Bonaccorso at 2024-01-03T09:28:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth 
strategy for the M
 CVE-2024-21629 (Rust EVM is an Ethereum Virtual Machine interpreter. In 
`rust-evm`, a  ...)
        TODO: check
 CVE-2024-21628 (PrestaShop is an open-source e-commerce platform. Prior to 
version 8.1 ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to 
versions 8. ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to 
commit db ...)
        TODO: check
 CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of 
service via ...)
@@ -23,43 +23,43 @@ CVE-2024-0196 (A vulnerability has been found in Magic-Api 
up to 2.0.1 and class
 CVE-2024-0195 (A vulnerability, which was classified as critical, was found in 
spider ...)
        TODO: check
 CVE-2024-0194 (A vulnerability, which was classified as critical, has been 
found in C ...)
-       TODO: check
+       NOT-FOR-US: CodeAstro Internet Banking System
 CVE-2023-7027 (The POST SMTP Mailer \u2013 Email log, Delivery Failure 
Notifications  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6986 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, 
Wistia V ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6981 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, 
WooComme ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6980 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, 
WooComme ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6629 (The POST SMTP Mailer \u2013 Email log, Delivery Failure 
Notifications  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6600 (The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. 
plugin for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6524 (The MapPress Maps for WordPress plugin for WordPress is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6339 (Google Nest WiFi Pro root code-execution & user-data compromise)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-50922 (An issue was discovered on GL.iNet devices through 4.5.0. 
Attackers wh ...)
-       TODO: check
+       NOT-FOR-US: GL.iNet devices
 CVE-2023-50351 (HCL DRYiCE MyXalytics is impacted by the use of an insecure 
key rotati ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50350 (HCL DRYiCE MyXalytics is impacted by the use of a broken 
cryptographic ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50348 (HCL DRYiCE MyXalytics is impacted by an improper error 
handling vulner ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50346 (HCL DRYiCE MyXalytics is impacted by an information disclosure 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50345 (HCL DRYiCE MyXalytics is impacted by an Open Redirect 
vulnerability wh ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50344 (HCL DRYiCE MyXalytics is impacted by improper access control 
(Unauthen ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50343 (HCL DRYiCE MyXalytics is impacted by an Improper Access 
Control (Contr ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object 
Referen ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control 
(Obsolete ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used 
to cras ...)
        TODO: check
 CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, 
Registrat ...)
@@ -89,9 +89,9 @@ CVE-2023-49549 (An issue in Cesanta mjs 2.20.0 allows a 
remote attacker to cause
 CVE-2023-48418 (In checkDebuggingDisallowed of DeviceVersionFragment.java, 
there is a  ...)
        TODO: check
 CVE-2023-47473 (Directory Traversal vulnerability in fuwushe.org iFair 
versions 23.8_a ...)
-       TODO: check
+       NOT-FOR-US: fuwushe.org iFair
 CVE-2023-47458 (An issue in SpringBlade v.3.7.0 and before allows a remote 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: SpringBlade
 CVE-2023-46308 (In Plotly plotly.js before 2.25.2, plot API calls have a risk 
of __pro ...)
        TODO: check
 CVE-2023-45893 (An indirect Object Reference (IDOR) in the Order and Invoice 
pages in  ...)
@@ -99,23 +99,23 @@ CVE-2023-45893 (An indirect Object Reference (IDOR) in the 
Order and Invoice pag
 CVE-2023-45892 (An issue discovered in the Order and Invoice pages in 
Floorsight Insig ...)
        TODO: check
 CVE-2023-45724 (HCL DRYiCE MyXalytics product is impacted by unauthenticated 
file uplo ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-45723 (HCL DRYiCE MyXalytics is impacted by path traversal 
vulnerability whic ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-45722 (HCL DRYiCE MyXalytics is impacted by path traversal arbitrary 
file rea ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2023-45561 (An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows 
attackers ...)
-       TODO: check
+       NOT-FOR-US: A-WORLD OIRASE BEER_waiting Line
 CVE-2023-42358 (An issue was discovered in O-RAN Software Community 
ric-plt-e2mgr in t ...)
        TODO: check
 CVE-2023-41783 (There is a command injection vulnerability of ZTE's ZXCLOUD 
iRAI. Due  ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2023-41780 (There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD 
iRAI. Due  ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2023-41779 (There is an illegal memory access vulnerability of ZTE's 
ZXCLOUD iRAI  ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2023-41776 (There is a local privilege escalation vulnerability of ZTE's 
ZXCLOUD i ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2024-0193 (A use-after-free flaw was found in the netfilter subsystem of 
the Linu ...)
        - linux <unfixed>
        [bookworm] - linux 6.1.69-1
@@ -231742,11 +231742,11 @@ CVE-2020-26627
 CVE-2020-26626
        RESERVED
 CVE-2020-26625 (A SQL injection vulnerability was discovered in Gila CMS 
1.15.4 and ea ...)
-       TODO: check
+       NOT-FOR-US: Gila CMS
 CVE-2020-26624 (A SQL injection vulnerability was discovered in Gila CMS 
1.15.4 and ea ...)
-       TODO: check
+       NOT-FOR-US: Gila CMS
 CVE-2020-26623 (SQL Injection vulnerability discovered in Gila CMS 1.15.4 and 
earlier  ...)
-       TODO: check
+       NOT-FOR-US: Gila CMS
 CVE-2020-26622
        RESERVED
 CVE-2020-26621



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92b819cde2e3f47be498a5899a5f3ad402425f5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a92b819cde2e3f47be498a5899a5f3ad402425f5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to