[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sat, 20 Jan 2024 00:37:58 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
daabfe61 by Salvatore Bonaccorso at 2024-01-20T09:37:14+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,71 +1,71 @@
 CVE-2024-23689 (Exposure of sensitive information in exceptions in 
ClichHouse's clickh ...)
        TODO: check
 CVE-2024-23688 (Consensys Discovery versions less than 0.4.5 uses the same 
AES/GCM non ...)
-       TODO: check
+       NOT-FOR-US: Consensys Discovery
 CVE-2024-23687 (Hard-coded credentials in FOLIO mod-data-export-spring 
versions before ...)
-       TODO: check
+       NOT-FOR-US: FOLIO mod-data-export-spring
 CVE-2024-23686 (DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 
9.0.0 to 9.0 ...)
        TODO: check
 CVE-2024-23685 (Hard-coded credentials in mod-remote-storage versions under 
1.7.2 and  ...)
-       TODO: check
+       NOT-FOR-US: mod-remote-storage
 CVE-2024-23684 (Inefficient algorithmic complexity in DecodeFromBytes function 
in com. ...)
        TODO: check
 CVE-2024-23683 (Artemis Java Test Sandbox versions less than 1.7.6 are 
vulnerable to a ...)
-       TODO: check
+       NOT-FOR-US: Artemis Java Test Sandbox
 CVE-2024-23682 (Artemis Java Test Sandbox versions before 1.8.0 are vulnerable 
to a sa ...)
-       TODO: check
+       NOT-FOR-US: Artemis Java Test Sandbox
 CVE-2024-23681 (Artemis Java Test Sandbox versions before 1.11.2 are 
vulnerable to a s ...)
-       TODO: check
+       NOT-FOR-US: Artemis Java Test Sandbox
 CVE-2024-23680 (AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less 
than 1.9. ...)
        TODO: check
 CVE-2024-23679 (Enonic XP versions less than 7.7.4 are vulnerable to a session 
fixatio ...)
-       TODO: check
+       NOT-FOR-US: Enonic XP
 CVE-2024-23332 (The Notary Project is a set of specifications and tools 
intended to pr ...)
-       TODO: check
+       NOT-FOR-US: Notary Project
 CVE-2024-22421 (JupyterLab is an extensible environment for interactive and 
reproducib ...)
        TODO: check
 CVE-2024-22420 (JupyterLab is an extensible environment for interactive and 
reproducib ...)
        TODO: check
 CVE-2024-0758 (MolecularFaces before 0.3.0 is vulnerable to cross site 
scripting. A r ...)
-       TODO: check
+       NOT-FOR-US: MolecularFaces
 CVE-2024-0739 (A vulnerability, which was classified as critical, was found in 
Hechen ...)
-       TODO: check
+       NOT-FOR-US: Hecheng Leadshop
 CVE-2024-0738 (A vulnerability, which was classified as critical, has been 
found in \ ...)
-       TODO: check
+       NOT-FOR-US: mldong
 CVE-2024-0737 (A vulnerability classified as problematic was found in 
Xlightftpd Xlig ...)
-       TODO: check
+       NOT-FOR-US: Xlightftpd Xlight FTP Server
 CVE-2024-0736 (A vulnerability classified as problematic has been found in EFS 
Easy F ...)
-       TODO: check
+       NOT-FOR-US: EFS Easy File Sharing FTP
 CVE-2024-0735 (A vulnerability was found in SourceCodester Online Tours & 
Travels Man ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Online Tours & Travels Management System
 CVE-2024-0734 (A vulnerability was found in Smsot up to 2.12. It has been 
declared as ...)
-       TODO: check
+       NOT-FOR-US: Smsot
 CVE-2024-0733 (A vulnerability was found in Smsot up to 2.12. It has been 
classified  ...)
-       TODO: check
+       NOT-FOR-US: Smsot
 CVE-2024-0679 (The ColorMag theme for WordPress is vulnerable to unauthorized 
access  ...)
-       TODO: check
+       NOT-FOR-US: WordPress theme
 CVE-2024-0623 (The VK Block Patterns plugin for WordPress is vulnerable to 
Cross-Site ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51928 (An arbitrary file upload vulnerability in the 
nccloud.web.arcp.taskmon ...)
-       TODO: check
+       NOT-FOR-US: YonBIP
 CVE-2023-51927 (YonBIP v3_23.05 was discovered to contain a SQL injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: YonBIP
 CVE-2023-51926 (YonBIP v3_23.05 was discovered to contain an arbitrary file 
read vulne ...)
-       TODO: check
+       NOT-FOR-US: YonBIP
 CVE-2023-51925 (An arbitrary file upload vulnerability in the 
nccloud.web.arcp.taskmon ...)
-       TODO: check
+       NOT-FOR-US: YonBIP
 CVE-2023-51924 (An arbitrary file upload vulnerability in the 
uap.framework.rc.itf.IRe ...)
-       TODO: check
+       NOT-FOR-US: YonBIP
 CVE-2023-51906 (An issue in yonyou YonBIP v3_23.05 allows a remote attacker to 
execute ...)
-       TODO: check
+       NOT-FOR-US: YonBIP
 CVE-2023-51892 (An issue in weaver e-cology v.10.0.2310.01 allows a remote 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: weaver e-cology
 CVE-2023-49329 (Anomali Match before 4.6.2 allows OS Command Injection. An 
authenticat ...)
-       TODO: check
+       NOT-FOR-US: Anomali Match
 CVE-2023-47024 (Cross Site Request Forgery vulnerability in NCR Terminal 
Handler v.1.5 ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-46447 (The POPS! Rebel application 5.0 for Android, in POPS! Rebel 
Bluetooth  ...)
-       TODO: check
+       NOT-FOR-US: POPS! Rebel
 CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite 
dev serv ...)
        TODO: check
 CVE-2024-23329 (changedetection.io is an open source tool designed to monitor 
websites ...)
@@ -101,9 +101,9 @@ CVE-2024-22911 (A stack-buffer-underflow vulnerability was 
found in SWFTools v0.
        - swftools <removed>
        NOTE: https://github.com/matthiaskramm/swftools/issues/216
 CVE-2024-22877 (StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site 
Scriptin ...)
-       TODO: check
+       NOT-FOR-US: StrangeBee TheHive
 CVE-2024-22876 (StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: StrangeBee TheHive
 CVE-2024-22563 (openvswitch 2.17.8 was discovered to contain a memory leak via 
the fun ...)
        - openvswitch <undetermined>
        NOTE: https://github.com/openvswitch/ovs-issues/issues/315
@@ -191407,7 +191407,7 @@ CVE-2021-31315 (Telegram Android <7.1.0 (2090), 
Telegram iOS <7.1, and Telegram
        - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, 
bug #988885)
        NOTE: 
https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/
 CVE-2021-31314 (File upload vulnerability in ejinshan v8+ terminal security 
system all ...)
-       TODO: check
+       NOT-FOR-US: ejinshan v8+ terminal security system
 CVE-2021-31313
        RESERVED
 CVE-2021-31312



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daabfe618448a1ea2541fdba6fb4c010e47229f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daabfe618448a1ea2541fdba6fb4c010e47229f1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to