[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 1 20:26:02 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fcb827c1 by Salvatore Bonaccorso at 2024-02-01T21:25:35+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2024-24754 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...)
-	TODO: check
+	NOT-FOR-US: Bref
 CVE-2024-24753 (Bref enable serverless PHP on AWS Lambda. When Bref is used in combina ...)
-	TODO: check
+	NOT-FOR-US: Bref
 CVE-2024-24752 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...)
-	TODO: check
+	NOT-FOR-US: Bref
 CVE-2024-24570 (Statamic is a Laravel and Git powered CMS. HTML files crafted to look  ...)
 	TODO: check
 CVE-2024-24569 (The Pixee Java Code Security Toolkit is a set of security APIs meant t ...)
 	TODO: check
 CVE-2024-24561 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-24557 (Moby is an open-source project created by Docker to enable software co ...)
 	TODO: check
 CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...)
@@ -25,27 +25,27 @@ CVE-2024-23832 (Mastodon is a free, open-source social network server based on A
 CVE-2024-23645 (GLPI is a Free Asset and IT Management Software package. A malicious U ...)
 	TODO: check
 CVE-2024-23328 (Dataease is an open source data visualization analysis tool. A deseria ...)
-	TODO: check
+	NOT-FOR-US: Dataease
 CVE-2024-22939 (Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remo ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22936 (Cross-site scripting (XSS) vulnerability in Parents & Student Portal i ...)
-	TODO: check
+	NOT-FOR-US: Parents & Student Portal in Genesis School Management Systems
 CVE-2024-22449 (Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a miss ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-22433 (Dell Data Protection Search 19.2.0 and above contain an exposed passwo ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-22430 (Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incor ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-22148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-21750 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1167 (When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information un ...)
-	TODO: check
+	NOT-FOR-US: SEW-EURODRIVE MOVITOOLS MotionStudio
 CVE-2024-1141 (A vulnerability was found in python-glance-store. The issue occurs whe ...)
 	TODO: check
 CVE-2024-0935 (An insertion of Sensitive Information into Log File vulnerability is a ...)
-	TODO: check
+	NOT-FOR-US: DELMIA Apriso
 CVE-2024-0704
 	REJECTED
 CVE-2023-6078 (An OS Command Injection vulnerability exists in BIOVIA Materials Studi ...)
@@ -53,71 +53,71 @@ CVE-2023-6078 (An OS Command Injection vulnerability exists in BIOVIA Materials
 CVE-2023-5841 (Due to a failure in validating the number of scanline samples of a Ope ...)
 	TODO: check
 CVE-2023-52195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52194 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52191 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52175 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52118 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51835 (An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to e ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2023-51695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51691 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51689 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51685 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51677 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51669 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51666 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51534 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51514 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51446 (GLPI is a Free Asset and IT Management Software package. When authenti ...)
 	TODO: check
 CVE-2023-37621 (An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers  ...)
-	TODO: check
+	NOT-FOR-US: Fronius Datalogger Web
 CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...)
 	- minio <itp> (bug #859207)
 CVE-2024-24573 (facileManager is a modular suite of web apps built with the sysadmin i ...)
@@ -171,7 +171,7 @@ CVE-2024-24579 (stereoscope is a go library for processing container images and
 CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...)
 	TODO: check
 CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...)
-	TODO: check
+	NOT-FOR-US: OctoPrint
 CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -259,7 +259,7 @@ CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker, deve
 CVE-2024-1111 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: SourceCodester QR Code Login System
 CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Real Estate Management System
 CVE-2024-1099 (A vulnerability was found in Rebuild up to 3.5.5. It has been classifi ...)
 	NOT-FOR-US: Rebuild
 CVE-2024-1098 (A vulnerability was found in Rebuild up to 3.5.5 and classified as pro ...)
@@ -299,9 +299,9 @@ CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by
 CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The vulnerab ...)
 	TODO: check
 CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb ...)
-	TODO: check
+	NOT-FOR-US: Apache ServiceComb Service-Center
 CVE-2023-44312 (Exposure of Sensitive Information to an Unauthorized Actor in Apache S ...)
-	TODO: check
+	NOT-FOR-US: Apache ServiceComb Service-Center
 CVE-2024-24567 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
 	NOT-FOR-US: Vyper
 CVE-2024-23834 (Discourse is an open-source discussion platform. Improperly sanitized  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcb827c1cd66ed04c2f0ec766d4493e9fa480ec5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcb827c1cd66ed04c2f0ec766d4493e9fa480ec5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240201/e2fb19b1/attachment.htm>

More information about the debian-security-tracker-commits mailing list