[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 10 Jul 2024 06:55:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e8e1c0cd by Salvatore Bonaccorso at 2024-07-10T15:54:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,7 @@ CVE-2024-38875 (An issue was discovered in Django 4.2 before 
4.2.14 and 5.0 befo
 CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, 
contains an  ...)
        NOT-FOR-US: Dell Alienware Command Center
 CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in 
v.11.5.7 allo ...)
-       TODO: check
+       NOT-FOR-US: S3Browser
 CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a 
session h ...)
        TODO: check
 CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows 
attackers ...)
@@ -161,11 +161,11 @@ CVE-2024-23695 (In CacheOpPMRExec of cache_km.c, there is 
a possible out of boun
 CVE-2024-22477 (A cross-site scripting vulnerability exists in the admin 
console OIDC  ...)
        TODO: check
 CVE-2024-22377 (The deploy directory in PingFederate runtime nodes is 
reachable to una ...)
-       TODO: check
+       NOT-FOR-US: PingIdentity
 CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are susceptible to a 
vulnerability  ...)
        NOT-FOR-US: NetAPP
 CVE-2024-21832 (A potential JSON injection attack vector exists in 
PingFederate REST A ...)
-       TODO: check
+       NOT-FOR-US: PingIdentity
 CVE-2024-21526 (All versions of the package speaker are vulnerable to Denial 
of Servic ...)
        TODO: check
 CVE-2024-21525 (All versions of the package node-twain are vulnerable to 
Improper Chec ...)
@@ -179,17 +179,17 @@ CVE-2024-21522 (All versions of the package audify are 
vulnerable to Improper Va
 CVE-2024-21521 (All versions of the package @discordjs/opus are vulnerable to 
Denial o ...)
        TODO: check
 CVE-2024-21417 (Windows Text Services Framework Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2023-7062 (The Advanced File Manager Shortcodes plugin for WordPress is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-7061 (The Advanced File Manager Shortcodes plugin for WordPress is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6813 (The Login by Auth0 plugin for WordPress is vulnerable to 
Reflected Cro ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-32472 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an 
out-of-bou ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2023-32467 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an 
out-of-bou ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-39493 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
        - linux 6.9.7-1
        [bookworm] - linux 6.1.94-1
@@ -430,7 +430,7 @@ CVE-2024-38095 (.NET and Visual Studio Denial of Service 
Vulnerability)
 CVE-2024-38094 (Microsoft SharePoint Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-38092 (Azure CycleCloud Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-38091 (Microsoft WS-Discovery Denial of Service Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-38089 (Microsoft Defender for IoT Elevation of Privilege 
Vulnerability)
@@ -440,7 +440,7 @@ CVE-2024-38088 (SQL Server Native Client OLE DB Provider 
Remote Code Execution V
 CVE-2024-38087 (SQL Server Native Client OLE DB Provider Remote Code Execution 
Vulnera ...)
        NOT-FOR-US: Microsoft
 CVE-2024-38086 (Azure Kinect SDK Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-38085 (Windows Graphics Component Elevation of Privilege 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-38081 (.NET, .NET Framework, and Visual Studio Elevation of Privilege 
Vulnera ...)
@@ -130879,9 +130879,9 @@ CVE-2023-21116 (In verifyReplacingVersionCode of 
InstallPackageHelper.java, ther
 CVE-2023-21115 (In btm_sec_encrypt_change of btm_sec.cc, there is a possible 
way to do ...)
        NOT-FOR-US: Android
 CVE-2023-21114 (In multiple locations, there is a possible permission bypass 
due to a  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21113 (In multiple locations, there is a possible permission bypass 
due to a  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21112 (In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out 
of bound ...)
        NOT-FOR-US: Android
 CVE-2023-21111 (In several functions of PhoneAccountRegistrar.java, there is a 
possibl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8e1c0cdecaac117e7d4f7c61997661bdbe62e9b

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8e1c0cdecaac117e7d4f7c61997661bdbe62e9b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to