[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 23 Jan 2024 13:17:13 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
31822729 by Salvatore Bonaccorso at 2024-01-23T22:15:39+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14,58 +14,58 @@ CVE-2024-23848 (In the Linux kernel through 6.7.1, there is 
a use-after-free in
        - linux <unfixed>
        NOTE: 
https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952e5fd53e5%40xs4all.nl/
 CVE-2024-23636 (SOFARPC is a Java RPC framework. SOFARPC defaults to using the 
SOFA He ...)
-       TODO: check
+       NOT-FOR-US: SOFARPC
 CVE-2024-23348 (Improper input validation vulnerability in a-blog cms 
Ver.3.1.x series ...)
-       TODO: check
+       NOT-FOR-US: a-blog cms
 CVE-2024-23341 (TuiTse-TsuSin is a package for organizing the comparative 
corpus of Ta ...)
-       TODO: check
+       NOT-FOR-US: TuiTse-TsuSin
 CVE-2024-23330 (Tuta is an encrypted email service. In versions prior to 
119.10, an at ...)
-       TODO: check
+       NOT-FOR-US: Tuta
 CVE-2024-23183 (Cross-site scripting vulnerability in a-blog cms Ver.3.1.x 
series vers ...)
-       TODO: check
+       NOT-FOR-US: a-blog cms
 CVE-2024-23182 (Relative path traversal vulnerability in a-blog cms Ver.3.1.x 
series v ...)
-       TODO: check
+       NOT-FOR-US: a-blog cms
 CVE-2024-23181 (Cross-site scripting vulnerability in a-blog cms Ver.3.1.x 
series vers ...)
-       TODO: check
+       NOT-FOR-US: a-blog cms
 CVE-2024-23180 (Improper input validation vulnerability in a-blog cms 
Ver.3.1.x series ...)
-       TODO: check
+       NOT-FOR-US: a-blog cms
 CVE-2024-22705 (An issue was discovered in ksmbd in the Linux kernel before 
6.6.10. sm ...)
        - linux 6.6.11-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/d10c77873ba1e9e6b91905018e29e196fd5f863d (6.7-rc8)
 CVE-2024-22663 (TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-22662 (TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-22660 (TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-22497 (Cross Site Scripting (XSS) vulnerability in /admin/login 
password para ...)
-       TODO: check
+       NOT-FOR-US: JFinalcms
 CVE-2024-22496 (Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 
allows att ...)
-       TODO: check
+       NOT-FOR-US: JFinalcms
 CVE-2024-22490 (Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 
allows attac ...)
-       TODO: check
+       NOT-FOR-US: beetl-bbs
 CVE-2024-22417 (Whoogle Search is a self-hosted metasearch engine. In versions 
0.8.3 a ...)
-       TODO: check
+       NOT-FOR-US: Whoogle Search
 CVE-2024-22205 (Whoogle Search is a self-hosted metasearch engine. In versions 
0.8.3 a ...)
-       TODO: check
+       NOT-FOR-US: Whoogle Search
 CVE-2024-22204 (Whoogle Search is a self-hosted metasearch engine. Versions 
0.8.3 and  ...)
-       TODO: check
+       NOT-FOR-US: Whoogle Search
 CVE-2024-22203 (Whoogle Search is a self-hosted metasearch engine. In versions 
prior t ...)
-       TODO: check
+       NOT-FOR-US: Whoogle Search
 CVE-2024-22076 (MyQ Print Server before 8.2 patch 43 allows Unauthenticated 
Remote Cod ...)
-       TODO: check
+       NOT-FOR-US: MyQ Print Server
 CVE-2024-0703 (The Sticky Buttons \u2013 floating buttons builder plugin for 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-7238 (A XSS payload can be uploaded as a DICOM study and when a user 
tries t ...)
-       TODO: check
+       NOT-FOR-US: Osimis WebViewer
 CVE-2023-6926 (There is an OS command injection vulnerability in Crestron 
AM-300 firm ...)
-       TODO: check
+       NOT-FOR-US: Crestron
 CVE-2023-6573 (HPE OneView may have a missing passphrase during restore.)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2023-51210 (SQL injection vulnerability in Webkul Bundle Product 6.0.1 
allows a re ...)
-       TODO: check
+       NOT-FOR-US: Webkul Bundle Product
 CVE-2023-51043 (In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c 
has a u ...)
        - linux 6.4.11-1
        [bookworm] - linux 6.1.52-1
@@ -79,15 +79,15 @@ CVE-2023-51042 (In the Linux kernel before 6.4.12, 
amdgpu_cs_wait_all_fences in
        [buster] - linux 4.19.304-1
        NOTE: 
https://git.kernel.org/linus/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 (6.5-rc1)
 CVE-2023-50275 (HPE OneView may allow clusterService Authentication Bypass 
resulting i ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2023-50274 (HPE OneView may allow command injection with local privilege 
escalatio ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2023-49783 (Silverstripe Admin provides a basic management interface for 
the Silve ...)
-       TODO: check
+       NOT-FOR-US: Silverstripe Admin
 CVE-2023-49657 (A stored cross-site scripting (XSS) vulnerability exists in 
Apache Sup ...)
-       TODO: check
+       NOT-FOR-US: Apache Superset
 CVE-2023-48714 (Silverstripe Framework is the framework that forms the base of 
the Sil ...)
-       TODO: check
+       NOT-FOR-US: Silverstripe Framework
 CVE-2023-46343 (In the Linux kernel before 6.5.9, there is a NULL pointer 
dereference  ...)
        - linux 6.5.10-1
        [bookworm] - linux 6.1.64-1
@@ -95,11 +95,11 @@ CVE-2023-46343 (In the Linux kernel before 6.5.9, there is 
a NULL pointer derefe
        [buster] - linux 4.19.304-1
        NOTE: 
https://git.kernel.org/linus/7937609cd387246aed994e81aa4fa951358fba41 (6.6-rc7)
 CVE-2023-45889 (A Universal Cross Site Scripting (UXSS) vulnerability in 
ClassLink One ...)
-       TODO: check
+       NOT-FOR-US: ClassLink OneClick Extension
 CVE-2023-44401 (The Silverstripe CMS GraphQL Server serves Silverstripe data 
as GraphQ ...)
-       TODO: check
+       NOT-FOR-US: Silverstripe
 CVE-2023-42143 (Missing Integrity Check in Shelly TRV 
20220811-152343/v2.1.8@5afc928c  ...)
-       TODO: check
+       NOT-FOR-US: Shelly
 CVE-2024-0755 (Memory safety bugs present in Firefox 121, Firefox ESR 115.6, 
and Thun ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31822729fab3c0f6e716e31b4dbddaa00b54e554

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31822729fab3c0f6e716e31b4dbddaa00b54e554
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to