Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51741398 by Salvatore Bonaccorso at 2024-02-10T09:45:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Sp ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension
CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an
executables. Any ...)
TODO: check
CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24801 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24717 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24713 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When
PPv2 is en ...)
TODO: check
CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy
crashes i ...)
@@ -31,27 +31,27 @@ CVE-2024-21624 (nonebot2 is a cross-platform Python
asynchronous chatbot framewo
CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
TODO: check
CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been decl ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-1405 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been clas ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-1404 (A vulnerability was found in Linksys WRT54GL 4.30.18 and
classified as ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-0596 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0595 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0594 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50349 (Sametime is impacted by a Cross Site Request Forgery (CSRF)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Sametime Proxy application
CVE-2023-45718 (Sametime is impacted by a failure to invalidate sessions. The
applica ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-45716 (Sametime is impacted by sensitive information passed in URL.)
- TODO: check
+ NOT-FOR-US: HCL / Sametime application
CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in
Outlook add ...)
- TODO: check
+ NOT-FOR-US: HCL / Sametime application
CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete
enabled in ...)
- TODO: check
+ NOT-FOR-US: HCL / Sametime application
CVE-2024-XXXX [potential information disclosure vulnerability]
- diffoscope 256
NOTE:
https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
@@ -139,11 +139,11 @@ CVE-2024-1246 (Concrete CMS in version 9 before 9.2.5 is
vulnerable to reflected
CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS
in file ...)
NOT-FOR-US: Concrete CMS
CVE-2023-6724 (Authorization Bypass Through User-Controlled Key vulnerability
in Soft ...)
- TODO: check
+ NOT-FOR-US: Software Engineering Consultancy Machine Equipment Limited
Company Hearing Tracking System
CVE-2023-6716
REJECTED
CVE-2023-6677 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Oduyo Financial Technology Online Collection
CVE-2023-50386 (Improper Control of Dynamically-Managed Code Resources,
Unrestricted U ...)
TODO: check
CVE-2023-50298 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
@@ -53206,7 +53206,7 @@ CVE-2023-28079 (PowerPath for Windows, versions 7.0,
7.1 & 7.2 contains Insecure
CVE-2023-28078
RESERVED
CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and
7.1 cont ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or
risky crypt ...)
NOT-FOR-US: Dell
CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in
BIOS. A ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5174139895beed8852ddf4179efb3538f23bb85a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5174139895beed8852ddf4179efb3538f23bb85a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
