[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 2 09:57:39 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f15f187d by Moritz Mühlenhoff at 2024-02-02T10:57:18+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -119,7 +119,7 @@ CVE-2023-50327 (IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which c
 CVE-2023-50326 (IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setti ...)
 	NOT-FOR-US: IBM
 CVE-2023-4472 (Objectplanet Opinio version 7.22 and prior uses a cryptographically we ...)
-	TODO: check
+	NOT-FOR-US: Objectplanet Opinio
 CVE-2023-49617 (The MachineSense application programmable interface (API) is improperl ...)
 	NOT-FOR-US: MachineSense
 CVE-2023-49610 (MachineSense FeverWarn Raspberry Pi-based devices lack input sanitizat ...)
@@ -155,7 +155,7 @@ CVE-2023-38020 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an auth
 CVE-2023-38019 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote atta ...)
 	NOT-FOR-US: IBM
 CVE-2023-36496 (Delegated Admin Privilege virtual attribute provider plugin, when enab ...)
-	TODO: check
+	NOT-FOR-US: pingidentity
 CVE-2023-32333 (IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to l ...)
 	NOT-FOR-US: IBM
 CVE-2024-24754 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...)
@@ -165,21 +165,21 @@ CVE-2024-24753 (Bref enable serverless PHP on AWS Lambda. When Bref is used in c
 CVE-2024-24752 (Bref enable serverless PHP on AWS Lambda. When Bref is used with the E ...)
 	NOT-FOR-US: Bref
 CVE-2024-24570 (Statamic is a Laravel and Git powered CMS. HTML files crafted to look  ...)
-	TODO: check
+	NOT-FOR-US: Statamic CMS
 CVE-2024-24569 (The Pixee Java Code Security Toolkit is a set of security APIs meant t ...)
-	TODO: check
+	NOT-FOR-US: Pixee Java Code Security Toolkit
 CVE-2024-24561 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
 	NOT-FOR-US: Vyper
 CVE-2024-24557 (Moby is an open-source project created by Docker to enable software co ...)
 	TODO: check
 CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...)
-	TODO: check
+	NOT-FOR-US: springboot-manager
 CVE-2024-24061 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...)
-	TODO: check
+	NOT-FOR-US: springboot-manager
 CVE-2024-24060 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...)
-	TODO: check
+	NOT-FOR-US: springboot-manager
 CVE-2024-24059 (springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The sy ...)
-	TODO: check
+	NOT-FOR-US: springboot-manager
 CVE-2024-23832 (Mastodon is a free, open-source social network server based on Activit ...)
 	- mastodon <itp> (bug #859741)
 CVE-2024-23645 (GLPI is a Free Asset and IT Management Software package. A malicious U ...)
@@ -334,7 +334,7 @@ CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux
 CVE-2024-24579 (stereoscope is a go library for processing container images and simula ...)
 	TODO: check
 CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...)
-	TODO: check
+	NOT-FOR-US: Lobe Chat
 CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...)
 	NOT-FOR-US: OctoPrint
 CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -420,7 +420,7 @@ CVE-2024-1114 (A vulnerability has been found in openBI up to 1.0.8 and classifi
 CVE-2024-1113 (A vulnerability, which was classified as critical, was found in openBI ...)
 	NOT-FOR-US: openBI
 CVE-2024-1112 (Heap-based buffer overflow vulnerability in Resource Hacker, developed ...)
-	TODO: check
+	NOT-FOR-US: Resource Hacker
 CVE-2024-1111 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: SourceCodester QR Code Login System
 CVE-2024-1103 (A vulnerability was found in CodeAstro Real Estate Management System 1 ...)
@@ -462,7 +462,7 @@ CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue wi
 CVE-2023-50165 (Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Gen ...)
 	NOT-FOR-US: Pega Platform
 CVE-2023-47116 (Label Studio is a popular open source data labeling tool. The vulnerab ...)
-	TODO: check
+	- label-studio <itp> (bug #1026232)
 CVE-2023-44313 (Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb ...)
 	NOT-FOR-US: Apache ServiceComb Service-Center
 CVE-2023-44312 (Exposure of Sensitive Information to an Unauthorized Actor in Apache S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f15f187da1d2ffffbd3c93c30992ebf20533fa3c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f15f187da1d2ffffbd3c93c30992ebf20533fa3c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240202/4f1688aa/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list