[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 23 08:38:40 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f271358 by Moritz Muehlenhoff at 2024-02-23T09:38:16+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,32 @@
+CVE-2024-23807
+	NOTE: No change CVE assignment to clarify affected versions for CVE-2018-1311
+	NOTE: Debian was already correct
 CVE-2024-26445 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...)
-	TODO: check
+	NOT-FOR-US: flusity-CMS
 CVE-2024-26352 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...)
-	TODO: check
+	NOT-FOR-US: flusity-CMS
 CVE-2024-26351 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...)
-	TODO: check
+	NOT-FOR-US: flusity-CMS
 CVE-2024-26350 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...)
-	TODO: check
+	NOT-FOR-US: flusity-CMS
 CVE-2024-26349 (flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...)
-	TODO: check
+	NOT-FOR-US: flusity-CMS
 CVE-2024-26287
 	REJECTED
 CVE-2024-26284 (Utilizing a 302 redirect, an attacker could have conducted a Universal ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Firefox Focus
 CVE-2024-26283 (An attacker could have executed unauthorized scripts on top origin sit ...)
-	TODO: check
+	- firefox <not-affected> (iOS-specific)
 CVE-2024-26282 (Using an AMP url with a canonical element, an attacker could have exec ...)
-	TODO: check
+	- firefox <not-affected> (iOS-specific)
 CVE-2024-26281 (Upon scanning a JavaScript URI with the QR code scanner, an attacker c ...)
-	TODO: check
+	- firefox <not-affected> (iOS-specific)
 CVE-2024-26152 (### Summary On all Label Studio versions prior to 1.11.0, data importe ...)
-	TODO: check
+	- label-studio <itp> (bug #1026232)
 CVE-2024-26151 (The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHu ...)
-	TODO: check
+	NOT-FOR-US: mjml Python package
 CVE-2024-26128 (baserCMS is a website development framework. Prior to version 5.0.9, t ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2024-25876 (A cross-site scripting (XSS) vulnerability in the Header module of Enh ...)
 	TODO: check
 CVE-2024-25875 (A cross-site scripting (XSS) vulnerability in the Header module of Enh ...)
@@ -287,17 +290,17 @@ CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User S
 CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in ASMKER ...)
 	NOT-FOR-US: Autodesk
 CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4. ...)
-	TODO: check
+	NOT-FOR-US: PMB
 CVE-2023-52154 (File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and ea ...)
-	TODO: check
+	NOT-FOR-US: PMB
 CVE-2023-52153 (A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.p ...)
-	TODO: check
+	NOT-FOR-US: PMB
 CVE-2023-51828 (A SQL Injection vulnerability in /admin/convert/export.class.php in PM ...)
-	TODO: check
+	NOT-FOR-US: PMB
 CVE-2023-38844 (SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote ...)
-	TODO: check
+	NOT-FOR-US: PMB
 CVE-2023-37177 (SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before all ...)
-	TODO: check
+	NOT-FOR-US: PMB
 CVE-2024-26147 (Helm is a package manager for Charts for Kubernetes. Versions prior to ...)
 	- helm-kubernetes <itp> (bug #910799)
 CVE-2024-1726
@@ -341,7 +344,7 @@ CVE-2024-25892 (ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Inj
 CVE-2024-25891 (ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection ( ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2024-25461 (Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM  ...)
-	TODO: check
+	NOT-FOR-US: Terrasoft CRM
 CVE-2024-25381 (There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publish ...)
 	NOT-FOR-US: Emlog Pro
 CVE-2024-25288 (SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2713588148776f18a0ba83251ba7c030dc0ddf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2713588148776f18a0ba83251ba7c030dc0ddf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/bcbc76c7/attachment.htm>

More information about the debian-security-tracker-commits mailing list