[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 3 21:32:45 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a05de6d0 by Salvatore Bonaccorso at 2024-04-03T22:32:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,7 @@ CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded buffe
 CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr ERP CRM u ...)
 	TODO: check
 CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovere ...)
 	TODO: check
 CVE-2024-27972 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
@@ -119,7 +119,7 @@ CVE-2024-27336 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information
 CVE-2024-27335 (Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execut ...)
 	TODO: check
 CVE-2024-27254 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-27201 (An improper input validation vulnerability exists in the OAS Engine Us ...)
 	TODO: check
 CVE-2024-27191 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
@@ -131,9 +131,9 @@ CVE-2024-25918 (Unrestricted Upload of File with Dangerous Type vulnerability in
 CVE-2024-25096 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	TODO: check
 CVE-2024-25046 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-25030 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-24976 (A denial of service vulnerability exists in the OAS Engine File Data S ...)
 	TODO: check
 CVE-2024-24707 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
@@ -141,7 +141,7 @@ CVE-2024-24707 (Improper Control of Generation of Code ('Code Injection') vulner
 CVE-2024-23540 (The HCL BigFix Inventory server is vulnerable to path traversal which  ...)
 	TODO: check
 CVE-2024-22360 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-22178 (A file write vulnerability exists in the OAS Engine Save Security Conf ...)
 	TODO: check
 CVE-2024-21870 (A file write vulnerability exists in the OAS Engine Tags Configuration ...)
@@ -183,7 +183,7 @@ CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a
 CVE-2023-5755
 	REJECTED
 CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-45552 (In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulner ...)
 	TODO: check
 CVE-2023-44040 (In VeridiumID before 3.5.0, the identity provider page is susceptible  ...)
@@ -193,7 +193,7 @@ CVE-2023-44039 (In VeridiumID before 3.5.0, the WebAuthn API allows an internal
 CVE-2023-44038 (In VeridiumID before 3.5.0, the identity provider page allows an unaut ...)
 	TODO: check
 CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-35812 (An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 fo ...)
 	TODO: check
 CVE-2024-26779 (In the Linux kernel, the following vulnerability has been resolved:  w ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a05de6d0f16446ec6ba3a32c719227a15f224aa0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a05de6d0f16446ec6ba3a32c719227a15f224aa0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240403/f360fd22/attachment.htm>

More information about the debian-security-tracker-commits mailing list