[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 12 Mar 2024 13:40:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
31bd1304 by Salvatore Bonaccorso at 2024-03-12T21:38:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,11 +7,11 @@ CVE-2024-2391 (A vulnerability was found in EVE-NG 5.0.1-13 
and classified as pr
 CVE-2024-2371 (Information exposure vulnerability in Korenix JetI/O 6550 
affecting fi ...)
        NOT-FOR-US: Korenix JetI/O 6550
 CVE-2024-2130 (The CWW Companion plugin for WordPress is vulnerable to Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-2049 (Server-Side Request Forgery (SSRF) in Citrix SD-WAN 
Standard/Premium E ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2024-2031 (The Video Conferencing with Zoom plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-28553 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in 
the entr ...)
        NOT-FOR-US: Tenda
 CVE-2024-28535 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in 
the mitI ...)
@@ -25,7 +25,7 @@ CVE-2024-28338 (A login bypass in TOTOLINK A8000RU 
V7.1cu.643_B20200521 allows a
 CVE-2024-28186 (FreeScout is an open source help desk and shared inbox built 
with PHP. ...)
        NOT-FOR-US: FreeScout
 CVE-2024-28121 (stimulus_reflex is a system to extend the capabilities of both 
Rails a ...)
-       TODO: check
+       NOT-FOR-US: stimulus_reflex
 CVE-2024-28114 (Peering Manager is a BGP session management tool. There is a 
Server Si ...)
        NOT-FOR-US: Peering Manager
 CVE-2024-28113 (Peering Manager is a BGP session management tool. In Peering 
Manager < ...)
@@ -205,75 +205,75 @@ CVE-2024-21334 (Open Management Infrastructure (OMI) 
Remote Code Execution Vulne
 CVE-2024-21330 (Open Management Infrastructure (OMI) Elevation of Privilege 
Vulnerabil ...)
        NOT-FOR-US: Microsoft
 CVE-2024-20671 (Microsoft Defender Security Feature Bypass Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-1765 (Cloudflare Quiche (through version 0.19.1/0.20.0) was affected 
by an u ...)
        TODO: check
 CVE-2024-1618 (A search path or unquoted item vulnerability in Faronics Deep 
Freeze S ...)
-       TODO: check
+       NOT-FOR-US: Faronics Deep Freeze Server Standard
 CVE-2024-1529 (Vulnerability in CMS Made Simple 2.2.14, which does not 
sufficiently e ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2024-1528 (CMS Made Simple version 2.2.14, does not sufficiently encode 
user-cont ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2024-1527 (Unrestricted file upload vulnerability in CMS Made Simple, 
affecting v ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2024-1410 (Cloudflare quiche was discovered to be vulnerable to unbounded 
storage ...)
-       TODO: check
+       NOT-FOR-US: Cloudflare quiche
 CVE-2024-1328 (The Newsletter2Go plugin for WordPress is vulnerable to Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1304 (Cross-site scripting vulnerability in Badger Meter Monitool 
that affec ...)
-       TODO: check
+       NOT-FOR-US: Badger Meter Monitool
 CVE-2024-1303 (Incorrectly limiting the path to a restricted directory 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Badger Meter Monitool
 CVE-2024-1302 (Information exposure vulnerability in Badger Meter Monitool 
affecting  ...)
-       TODO: check
+       NOT-FOR-US: Badger Meter Monitool
 CVE-2024-1301 (SQL injection vulnerability in Badger Meter Monitool affecting 
version ...)
-       TODO: check
+       NOT-FOR-US: Badger Meter Monitool
 CVE-2024-1227 (An open redirect vulnerability, the exploitation of which could 
allow  ...)
        TODO: check
 CVE-2024-1226 (The software does not neutralize or incorrectly neutralizes 
certain ch ...)
        TODO: check
 CVE-2024-1138 (The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - 
Enterpri ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2024-1137 (The Proxy and Client components of TIBCO Software Inc.'s TIBCO 
ActiveS ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2024-0906 (The f(x) Private Site plugin for WordPress is vulnerable to 
Sensitive  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5410 (A potential security vulnerability has been reported in the 
system BIO ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2023-4780
        REJECTED
 CVE-2023-4731 (The LadiApp plugn for WordPress is vulnerable to Cross-Site 
Request Fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4729 (The LadiApp plugin for WordPress is vulnerable to Cross-Site 
Request F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4728 (The LadiApp plugin for WordPress is vulnerable to unauthorized 
modific ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4629 (The LadiApp plugin for WordPress is vulnerable to Cross-Site 
Request F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4628 (The LadiApp plugin for WordPress is vulnerable to Cross-Site 
Request F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4627 (The LadiApp plugin for WordPress is vulnerable to unauthorized 
modific ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4626 (The LadiApp plugin for WordPress is vulnerable to unauthorized 
modific ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-48788 (A improper neutralization of special elements used in an sql 
command ( ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-47534 (A improper neutralization of formula elements in a csv file in 
Fortine ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-46717 (An improper authentication vulnerability [CWE-287] in FortiOS 
versions ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-45793 (A vulnerability has been identified in Siveillance Control 
(All versio ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2023-42790 (A stack-based buffer overflow in Fortinet FortiOS 7.4.0 
through 7.4.1, ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-42789 (A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 
7.2.0 t ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-41842 (A use of externally-controlled format string vulnerability 
[CWE-134] i ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2023-41313 (The authentication method in Apache Doris versions before 
2.0.0 was vu ...)
-       TODO: check
+       NOT-FOR-US: Apache Doris
 CVE-2023-36554 (A improper access control in Fortinet FortiManager version 
7.4.0, vers ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-2182 (A flaw was found in the Open Virtual Network (OVN). In OVN 
clusters wh ...)
        - ovn 24.03.1-1
        NOTE: https://bugs.launchpad.net/bugs/2053113
@@ -339,7 +339,7 @@ CVE-2024-27297 (Nix is a package manager for Linux and 
other Unix systems. A fix
        - guix <unfixed> (bug #1066113)
        NOTE: 
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143
 CVE-2024-27121 (Path traversal vulnerability exists in Machine Automation 
Controller N ...)
-       TODO: check
+       NOT-FOR-US: Machine Automation Controller
 CVE-2024-26521 (HTML Injection vulnerability in CE Phoenix v1.0.8.20 and 
before allows ...)
        NOT-FOR-US: CE Phoenix
 CVE-2024-25854 (Cross Site Scripting (XSS) vulnerability in Sourcecodester 
Insurance M ...)
@@ -122702,7 +122702,7 @@ CVE-2022-34323 (Multiple XSS issues were discovered 
in Sage XRT Business Exchang
 CVE-2022-34322 (Multiple XSS issues were discovered in Sage Enterprise 
Intelligence 20 ...)
        NOT-FOR-US: Sage
 CVE-2022-34321 (Improper Authentication vulnerability in Apache Pulsar Proxy 
allows an ...)
-       TODO: check
+       NOT-FOR-US: Apache Pulsar
 CVE-2022-34320 (IBM CICS TX 11.1 uses weaker than expected cryptographic 
algorithms th ...)
        NOT-FOR-US: IBM
 CVE-2022-34319 (IBM CICS TX 11.7 uses weaker than expected cryptographic 
algorithms th ...)
@@ -128010,7 +128010,7 @@ CVE-2022-32259 (A vulnerability has been identified 
in SINEMA Remote Connect Ser
 CVE-2022-32258 (A vulnerability has been identified in SINEMA Remote Connect 
Server (A ...)
        NOT-FOR-US: Siemens
 CVE-2022-32257 (A vulnerability has been identified in SINEMA Remote Connect 
Server (A ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2022-32256 (A vulnerability has been identified in SINEMA Remote Connect 
Server (A ...)
        NOT-FOR-US: Siemens
 CVE-2022-32255 (A vulnerability has been identified in SINEMA Remote Connect 
Server (A ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31bd1304e948b5fdd3bf17855b9df21dce6915c3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31bd1304e948b5fdd3bf17855b9df21dce6915c3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to