[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7bbbc35d by Salvatore Bonaccorso at 2024-02-28T21:45:00+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2024-27948 (Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahual ...)
-	TODO: check
+	NOT-FOR-US: bytesforall Atahualpa
 CVE-2024-27517 (Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attacke ...)
-	TODO: check
+	NOT-FOR-US: Webasyst
 CVE-2024-27516 (livehelperchat 4.28v is vulnerable to Server-Side Template Injection ( ...)
-	TODO: check
+	NOT-FOR-US: livehelperchat
 CVE-2024-27515 (Osclass 5.1.2 is vulnerable to SQL Injection.)
-	TODO: check
+	NOT-FOR-US: Osclass
 CVE-2024-27285 (YARD is a Ruby Documentation tool. The "frames.html" file within the Y ...)
 	- yard <unfixed>
 	NOTE: https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
@@ -13,33 +13,33 @@ CVE-2024-27285 (YARD is a Ruby Documentation tool. The "frames.html" file within
 CVE-2024-27284 (cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts  ...)
 	TODO: check
 CVE-2024-27103 (Querybook is a Big Data Querying UI. When a user searches for their qu ...)
-	TODO: check
+	NOT-FOR-US: Querybook
 CVE-2024-27083 (Flask-AppBuilder is an application development framework, built on top ...)
 	TODO: check
 CVE-2024-26342 (A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384 ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2024-25932 (Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25931 (Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heure ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25930 (Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Or ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25927 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25910 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25902 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25859 (A path traversal vulnerability in the /path/to/uploads/ directory of B ...)
-	TODO: check
+	NOT-FOR-US: Blesta
 CVE-2024-25833 (F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, ...)
-	TODO: check
+	NOT-FOR-US: F-logic DataCube3
 CVE-2024-25832 (F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, whic ...)
-	TODO: check
+	NOT-FOR-US: F-logic DataCube3
 CVE-2024-25831 (F-logic DataCube3 Version 1.0 is affected by a reflected cross-site sc ...)
-	TODO: check
+	NOT-FOR-US: F-logic DataCube3
 CVE-2024-25830 (F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due t ...)
-	TODO: check
+	NOT-FOR-US: F-logic DataCube3
 CVE-2024-25435 (A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2. ...)
 	TODO: check
 CVE-2024-25202 (Cross Site Scripting vulnerability in Phpgurukul User Registration & L ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bbbc35d6bbcd1e589d2a9320ee6ae0bdf5c4f0b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bbbc35d6bbcd1e589d2a9320ee6ae0bdf5c4f0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240228/4c2f4095/attachment-0001.htm>