[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 13 09:14:49 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
180df110 by Salvatore Bonaccorso at 2024-08-13T10:13:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -95,15 +95,15 @@ CVE-2024-43124 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-43123 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2024-42377 (SAP shared service framework allows an authenticated non-administrativ ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-42376 (SAP Shared Service Framework does not perform necessary authorization  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-42375 (SAP BusinessObjects Business Intelligence   Platform allows an authent ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-42374 (BEx Web Java Runtime Export Web Service does not sufficiently validate ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-42373 (SAP Student Life Cycle Management (SLcM) fails to conduct proper autho ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41978 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
 	TODO: check
 CVE-2024-41977 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
@@ -131,21 +131,21 @@ CVE-2024-41904 (A vulnerability has been identified in SINEC Traffic Analyzer (6
 CVE-2024-41903 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
 	TODO: check
 CVE-2024-41737 (SAP CRM ABAP (Insights Management) allows an authenticated attacker to ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41736 (Under certain conditions SAP Permit to Work allows an authenticated at ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41735 (SAP Commerce Backoffice does not sufficiently encode user-controlled i ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41734 (Due to missing authorization check in SAP NetWeaver Application Server ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41733 (In SAP Commerce, valid user accounts can be identified during the cust ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41732 (SAP NetWeaver Application Server ABAP allows   an unauthenticated atta ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41731 (SAP BusinessObjects Business Intelligence Platform allows an authentic ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41730 (In SAP BusinessObjects Business Intelligence Platform, if Single Signe ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-41683 (A vulnerability has been identified in Location Intelligence family (A ...)
 	TODO: check
 CVE-2024-41682 (A vulnerability has been identified in Location Intelligence family (A ...)
@@ -165,11 +165,11 @@ CVE-2024-36398 (A vulnerability has been identified in SINEC NMS (All versions <
 CVE-2024-35775 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2024-33005 (Due to the missing authorization checks in the local systems, the admi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-33003 (Some OCC API endpoints in SAP Commerce Cloud allows Personally Identif ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-28166 (SAP BusinessObjects Business Intelligence   Platform allows an authent ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-7066 (The affected applications contain an out of bounds read past the end o ...)
 	TODO: check
 CVE-2024-7700 (A command injection flaw was found in the "Host Init Config" template  ...)
@@ -158523,7 +158523,7 @@ CVE-2022-38384
 CVE-2022-38383 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
 	NOT-FOR-US: IBM
 CVE-2022-38382 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-38105 (An information disclosure vulnerability exists in the cm_processREQ_NC ...)
 	NOT-FOR-US: Asus
 CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/180df1103509b2838f5b252a8179414d92847d6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/180df1103509b2838f5b252a8179414d92847d6e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240813/3e799a25/attachment.htm>

More information about the debian-security-tracker-commits mailing list