[Git][security-tracker-team/security-tracker][master] Process some new NFUs

Thu Feb 15 08:30:06 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1671072 by Salvatore Bonaccorso at 2024-02-15T09:29:39+01:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2024-26264 (EBM Technologies RISWEB's specific query function parameter does not p ...)
-	TODO: check
+	NOT-FOR-US: EBM Technologies RISWEB
 CVE-2024-26263 (EBM Technologies RISWEB's specific URL path is not properly controlled ...)
-	TODO: check
+	NOT-FOR-US: EBM Technologies RISWEB
 CVE-2024-26262 (EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks ...)
-	TODO: check
+	NOT-FOR-US: EBM Technologies Uniweb/SoliPACS WebServer
 CVE-2024-26261 (The functionality for file download in HGiga OAKlouds' certain modules ...)
-	TODO: check
+	NOT-FOR-US: HGiga OAKlouds
 CVE-2024-26260 (The functionality for synchronization in HGiga OAKlouds' certain moudu ...)
-	TODO: check
+	NOT-FOR-US: HGiga OAKlouds
 CVE-2024-25941 (The jail(2) system call has not limited a visiblity of allocated TTYs  ...)
 	TODO: check
 CVE-2024-25940 (`bhyveload -h <host-path>` may be used to grant loader access to the < ...)
@@ -21,17 +21,17 @@ CVE-2024-25618 (Mastodon is a free, open-source social network server based on A
 CVE-2024-25617 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...)
 	TODO: check
 CVE-2024-25559 (URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8 ...)
-	TODO: check
+	NOT-FOR-US: a-blog cms
 CVE-2024-24386 (An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: VitalPBX
 CVE-2024-24301 (Command Injection vulnerability discovered in 4ipnet EAP-767 device v3 ...)
-	TODO: check
+	NOT-FOR-US: 4ipnet EAP-767 device
 CVE-2024-24300 (4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The ...)
-	TODO: check
+	NOT-FOR-US: 4ipnet EAP-767
 CVE-2024-24256 (SQL Injection vulnerability in Yonyou space-time enterprise informatio ...)
-	TODO: check
+	NOT-FOR-US: Yonyou space-time enterprise information integration platform
 CVE-2024-21727 (XSS vulnerability in DP Calendar component for Joomla.)
-	TODO: check
+	NOT-FOR-US: DP Calendar component for Joomla
 CVE-2024-1523 (EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restriction ...)
 	TODO: check
 CVE-2024-1482 (An incorrect authorization vulnerability was identified in GitHub Ente ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1671072131a9a53888186f376f5abae58af4707

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1671072131a9a53888186f376f5abae58af4707
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240215/910cd201/attachment.htm>
