[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 19 Apr 2024 13:42:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
466a96da by Salvatore Bonaccorso at 2024-04-19T22:41:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2024-3741 (Electrolink transmitters are vulnerable to an 
authentication bypa
 CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is 
vulnerabl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-3684 (A server side request forgery vulnerability was identified in 
GitHub E ...)
-       TODO: check
+       NOT-FOR-US: GitHub Enterprise Server
 CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo, 
version  ...)
        NOT-FOR-US: Teimas Global's Teixo
 CVE-2024-3646 (A command injection vulnerability was identified in GitHub 
Enterprise  ...)
@@ -89,39 +89,39 @@ CVE-2024-30920 (Cross Site Scripting vulnerability in 
DerbyNet v9.0 and below al
 CVE-2024-30107 (HCL Connections contains a broken access control vulnerability 
that ma ...)
        NOT-FOR-US: HCL
 CVE-2024-2761 (The Genesis Blocks WordPress plugin before 3.1.3 does not 
properly esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-2440 (A race condition in GitHub Enterprise Server allowed an 
existing admin ...)
-       TODO: check
+       NOT-FOR-US: GitHub Enterprise Server
 CVE-2024-29991 (Microsoft Edge (Chromium-based) Security Feature Bypass 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-29969 (When a Brocade SANnav installation is upgraded from Brocade 
SANnav v2. ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29968 (An information disclosure vulnerability exists in Brocade 
SANnav befor ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29967 (In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it 
was obse ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29966 (Brocade SANnav OVA before v2.3.1 and v2.3.0a contain 
hard-coded creden ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible 
to back u ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29964 (Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a 
have an i ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain 
hardcoded keys  ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure 
file per ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and 
v2.3.0a. It a ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29960 (In the Brocade SANnav server versions before v2.3.1 and 
v2.3.0a, the S ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a 
prints Bro ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29958 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a 
prints the ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29957 (When Brocade SANnav before v2.3.1 and v2.3.0a servers are 
configured i ...)
-       TODO: check
+       NOT-FOR-US: Brocade SANnav
 CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component 
of Ivant ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its 
protection en ...)
        TODO: check
 CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In 
memos 0. ...)
@@ -131,69 +131,69 @@ CVE-2024-29029 (memos is a privacy-first, lightweight 
note-taking service. In me
 CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In 
memos 0. ...)
        TODO: check
 CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService 
compone ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-27977 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-27976 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-27975 (An Use-after-free vulnerability in WLAvalancheService 
component of Iva ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-27752 (Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a 
remote  ...)
-       TODO: check
+       NOT-FOR-US: CSZ CMS
 CVE-2024-25000 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24999 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24998 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24997 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24996 (A Heap overflow vulnerability in WLInfoRailService component 
of Ivanti ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24995 (A Race Condition (TOCTOU) vulnerability in web component of 
Ivanti Ava ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24994 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24993 (A Race Condition (TOCTOU) vulnerability in web component of 
Ivanti Ava ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24992 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-24991 (A Null Pointer Dereference vulnerability in WLAvalancheService 
compone ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23535 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23534 (An Unrestricted File-upload vulnerability in web component of 
Ivanti A ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23533 (An out-of-bounds read vulnerability in WLAvalancheService 
component of ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23532 (An out-of-bounds Read vulnerability in WLAvalancheService 
component of ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23531 (An Integer Overflow vulnerability in WLInfoRailService 
component of Iv ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23530 (An out-of-bounds read vulnerability in WLAvalancheService 
component of ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23529 (An out-of-bounds read vulnerability in WLAvalancheService 
component of ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23528 (An out-of-bounds read vulnerability in WLAvalancheService 
component of ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-23526 (An out-of-bounds read vulnerability in WLAvalancheService 
component of ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-22186 (The application suffers from a privilege escalation 
vulnerability. An  ...)
-       TODO: check
+       NOT-FOR-US: Electrolink
 CVE-2024-22179 (The application is vulnerable to an unauthenticated parameter  
manipul ...)
-       TODO: check
+       NOT-FOR-US: Electrolink
 CVE-2024-22061 (A Heap Overflow vulnerability in WLInfoRailService component 
of Ivanti ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2024-21872 (The device allows an unauthenticated attacker to bypass 
authentication ...)
-       TODO: check
+       NOT-FOR-US: Electrolink
 CVE-2024-21846 (An unauthenticated attacker can reset the board and stop 
transmitter   ...)
-       TODO: check
+       NOT-FOR-US: Electrolink
 CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the 
log lev ...)
        TODO: check
 CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows 
MPFS   ...)
-       TODO: check
+       NOT-FOR-US: Electrolink
 CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel 
Driver, Arm ...)
        TODO: check
 CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel 
Driver, Arm ...)
@@ -223,7 +223,7 @@ CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg 
v.n6.1-3-g466799d4f5 all
 CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 
allows a  ...)
        TODO: check
 CVE-2023-49963 (DYMO LabelWriter Print Server through 2.366 contains a 
backdoor hard-c ...)
-       TODO: check
+       NOT-FOR-US: DYMO LabelWriter Print Server
 CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 
allows a  ...)
        TODO: check
 CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 
allows a  ...)
@@ -82866,7 +82866,7 @@ CVE-2023-25045 (Improper Neutralization of Special 
Elements used in an SQL Comma
 CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Sumo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25043 (Incorrect Authorization vulnerability in Supsystic Data Tables 
Generat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25042 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Liam ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Cththeme ...)
@@ -96301,7 +96301,7 @@ CVE-2022-47153 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC 
ClickFu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47151 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47150
        RESERVED
 CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty 
Links plugin ...)
@@ -109980,7 +109980,7 @@ CVE-2022-41785 (Auth. (contributor+) Stored 
Cross-Site Scripting vulnerability i
 CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite 
plugin < ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-41698 (Missing Authorization vulnerability in Layered If Menu.This 
issue affe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-41695 (Missing Authorization vulnerability in SedLex Traffic 
Manager.This iss ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour 
Booking plugin ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/466a96da80859537421264a92d2a2031a07e3a23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/466a96da80859537421264a92d2a2031a07e3a23
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to