[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 12 08:40:45 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7e68782 by Salvatore Bonaccorso at 2023-12-12T09:40:17+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
 CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for Android, ...)
-	TODO: check
+	NOT-FOR-US: Emarsys SDK for Android
 CVE-2023-5536 (A feature in LXD (LP#1829071), affects the default configuration of Ub ...)
 	TODO: check
 CVE-2023-50424 (SAPBTPSecurity Services Integration Library ([Golang] github.com/sap/c ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-50423 (SAPBTPSecurity Services Integration Library ([Python]sap-xssec) - vers ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-50422 (SAPBTPSecurity Services Integration Library ([Java] cloud-security-ser ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-50245 (OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata pr ...)
 	TODO: check
 CVE-2023-49805 (Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Uptime Kuma
 CVE-2023-49804 (Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Uptime Kuma
 CVE-2023-49803 (@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a ...)
 	TODO: check
 CVE-2023-49802 (The LinkedCustomFields plugin for MantisBT allows users to link values ...)
-	TODO: check
+	NOT-FOR-US: LinkedCustomFields plugin for MantisBT
 CVE-2023-49796 (MindsDB connects artificial intelligence models to real time data. Ver ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2023-49587 (SAP Solution Manager - version 720, allows an authorized attacker to e ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-49584 (SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-49583 (SAPBTPSecurity Services Integration Library ([Node.js] @sap/xssec - ve ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-49581 (SAP GUI for WindowsandSAP GUI for Javaallow an unauthenticated attacke ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-49580 (SAP GUI for WindowsandSAP GUI for Java - versions SAP_BASIS 755, SAP_B ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-49578 (SAP Cloud Connector - version 2.0, allows an authenticated user with l ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-49577 (The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 6 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-49494 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2023-49490 (XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scr ...)
-	TODO: check
+	NOT-FOR-US: XunRuiCMS
 CVE-2023-49488 (A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 al ...)
-	TODO: check
+	NOT-FOR-US: Openfiler ESA
 CVE-2023-49058 (SAP Master Data Governance File Upload applicationallows an attacker t ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-48642 (Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticate ...)
 	TODO: check
 CVE-2023-48641 (Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecu ...)
@@ -244,7 +244,7 @@ CVE-2023-48425 (U-Boot vulnerability resulting in persistent Code Execution)
 CVE-2023-48424 (U-Boot shell vulnerability resulting in Privilege escalation in a prod ...)
 	TODO: check
 CVE-2023-48417 (Missing Permission checks resulting in unauthorized access and Manipul ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-6655 (A vulnerability, which was classified as critical, has been found in H ...)
 	NOT-FOR-US: Hongjing e-HR 2020
 CVE-2023-6654 (A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Af ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e68782485a39f5778eee61fe40128487526f09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e68782485a39f5778eee61fe40128487526f09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231212/8c44d846/attachment.htm>


More information about the debian-security-tracker-commits mailing list