[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 13 08:21:41 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9baa3dae by Salvatore Bonaccorso at 2024-02-13T09:21:13+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...)
 	TODO: check
 CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...)
 	TODO: check
 CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...)
@@ -27,15 +27,15 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefeb
 CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	TODO: check
 CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104, S4FND 1 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-24741 (SAP Master Data Governance for Material Data - versions 618, 619, 620, ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...)
 	TODO: check
 CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...)
@@ -75,17 +75,17 @@ CVE-2024-22222 (Dell Unity, versions prior to 5.4, contains an OS Command Inject
 CVE-2024-22221 (Dell Unity, versions prior to 5.4, contains SQL Injection vulnerabilit ...)
 	TODO: check
 CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution of arbitr ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-22131 (In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-22130 (Print preview option inSAP CRM WebClient UI - versions S4FND 102, S4FN ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-22129 (SAP Companion - version <3.1.38, has a URL with parameter that could b ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-22128 (SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_U ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-22126 (The User Admin application of SAP NetWeaver AS for Java - version 7.50 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-22024 (An XML external entity or XXE vulnerability in the SAML component of I ...)
 	TODO: check
 CVE-2024-21491 (Versions of the package svix before 1.17.0 are vulnerable to Authentic ...)
@@ -102681,7 +102681,7 @@ CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Success
 CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption module. Suc ...)
 	NOT-FOR-US: Huawei
 CVE-2022-38714 (IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive cr ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-38713
 	RESERVED
 CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services  ...)
@@ -115121,11 +115121,11 @@ CVE-2022-34313 (IBM CICS TX 11.1 does not set the secure attribute on authorizat
 CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which can be re ...)
 	NOT-FOR-US: IBM
 CVE-2022-34311 (IBM CICS TX Standard and Advanced 11.1 could allow a user with physica ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-34310 (IBM CICS TX Standard and Advanced 11.1 uses weaker than expected crypt ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-34309 (IBM CICS TX Standard and Advanced 11.1 uses weaker than expected crypt ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of service ...)
 	NOT-FOR-US: IBM
 CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...)
@@ -151406,7 +151406,7 @@ CVE-2022-22508 (Improper Input Validation vulnerability in multiple CODESYS V3 p
 CVE-2022-22507
 	REJECTED
 CVE-2022-22506 (IBM Robotic Process Automation 21.0.2 contains a vulnerability that co ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22505 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a v ...)
 	NOT-FOR-US: IBM
 CVE-2022-22504



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9baa3dae6935ec67e2056402ea97be99ff490418

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9baa3dae6935ec67e2056402ea97be99ff490418
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240213/9a9475a5/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list