[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 12 20:40:36 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0d8b07e by Salvatore Bonaccorso at 2024-01-12T21:35:35+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2024-22494 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...)
-	TODO: check
+	NOT-FOR-US: JFinalcms
 CVE-2024-22493 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...)
-	TODO: check
+	NOT-FOR-US: JFinalcms
 CVE-2024-22492 (A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetboo ...)
-	TODO: check
+	NOT-FOR-US: JFinalcms
 CVE-2024-21887 (A command injection vulnerability in web components of Ivanti Connect  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-0467 (A vulnerability, which was classified as problematic, was found in cod ...)
-	TODO: check
+	NOT-FOR-US: code-projects Employee Profile Management System
 CVE-2024-0466 (A vulnerability, which was classified as critical, has been found in c ...)
-	TODO: check
+	NOT-FOR-US: code-projects Employee Profile Management System
 CVE-2024-0465 (A vulnerability classified as problematic was found in code-projects E ...)
-	TODO: check
+	NOT-FOR-US: code-projects Employee Profile Management System
 CVE-2024-0464 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Faculty Clearance
 CVE-2024-0463 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Faculty Clearance
 CVE-2024-0462 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Faculty Clearance
 CVE-2024-0461 (A vulnerability was found in code-projects Online Faculty Clearance 1. ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Faculty Clearance
 CVE-2024-0460 (A vulnerability was found in code-projects Faculty Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects Faculty Management System
 CVE-2024-0459 (A vulnerability has been found in Blood Bank & Donor Management 5.6 an ...)
-	TODO: check
+	NOT-FOR-US: Blood Bank & Donor Management
 CVE-2023-6683 (A flaw was found in the QEMU built-in VNC server while processing Clie ...)
 	TODO: check
 CVE-2023-52026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a r ...)
-	TODO: check
+	NOT-FOR-US: TOTOlink
 CVE-2023-51978 (In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Art Gallery Management System
 CVE-2023-51949 (Verydows v2.0 was discovered to contain a Cross-Site Request Forgery ( ...)
-	TODO: check
+	NOT-FOR-US: Verydows
 CVE-2023-51806 (File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Ujcms
 CVE-2023-51790 (Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote  ...)
 	TODO: check
 CVE-2023-49569 (A path traversal vulnerability was discovered in go-git versions prior ...)
@@ -41,31 +41,31 @@ CVE-2023-49569 (A path traversal vulnerability was discovered in go-git versions
 CVE-2023-49568 (A denial of service (DoS) vulnerability was discovered in go-git versi ...)
 	TODO: check
 CVE-2023-49262 (The authentication mechanism can be bypassed by overflowing the value  ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49261 (The "tokenKey" value used in user authorization is visible in the HTML ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49260 (An XSS attack can be performed by changing the MOTD banner and pointin ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49259 (The authentication cookies are generated using an algorithm based on t ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49258 (User browser may be forced to execute JavaScript and pass the authenti ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49257 (An authenticated user is able to upload an arbitrary CGI-compatible fi ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49256 (It is possible to download the configuration backup without authorizat ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49255 (The router console is accessible without authentication at "data" fiel ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49254 (Authenticated user can execute arbitrary commands in the context of th ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-49253 (Root user password is hardcoded into the device and cannot be changed  ...)
-	TODO: check
+	NOT-FOR-US: Hongdian
 CVE-2023-48909 (An issue was discovered in Jave2 version 3.3.1, allows attackers to ex ...)
 	TODO: check
 CVE-2023-46805 (An authentication bypass vulnerability in the web component of Ivanti  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2010-10011 (A vulnerability, which was classified as problematic, was found in Acr ...)
-	TODO: check
+	NOT-FOR-US: Acritum Femitter Server
 CVE-2024-XXXX [spip XSS]
 	- spip 4.1.15+dfsg-1
 	[bookworm] - spip <no-dsa> (Minor issue)
@@ -38236,21 +38236,21 @@ CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin
 CVE-2023-31037
 	RESERVED
 CVE-2023-31036 (NVIDIA Triton Inference Server for Linux and Windows contains a vulner ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Triton Inference Server for Linux and Windows
 CVE-2023-31035 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may c ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31034 (NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31033 (NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31032 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31031 (NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31030 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, w ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31029 (NVIDIA DGX A100 baseboard management controller (BMC) contains a vulne ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31028
 	RESERVED
 CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability that al ...)
@@ -38258,9 +38258,9 @@ CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability t
 CVE-2023-31026 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...)
 	NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
 CVE-2023-31025 (NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cau ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31024 (NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, w ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2023-31023 (NVIDIA Display Driver for Windows contains a vulnerability where an at ...)
 	NOT-FOR-US: NVIDIA
 CVE-2023-31022 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
@@ -41286,11 +41286,11 @@ CVE-2023-30018 (Judging Management System v1.0 is vulnerable to SQL Injection. v
 CVE-2023-30017
 	RESERVED
 CVE-2023-30016 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...)
-	TODO: check
+	NOT-FOR-US: oretnom23 Judging Management System
 CVE-2023-30015 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...)
-	TODO: check
+	NOT-FOR-US: oretnom23 Judging Management System
 CVE-2023-30014 (SQL Injection vulnerability in oretnom23 Judging Management System v1. ...)
-	TODO: check
+	NOT-FOR-US: oretnom23 Judging Management System
 CVE-2023-30013 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2023-30012
@@ -44750,11 +44750,11 @@ CVE-2023-28901
 CVE-2023-28900
 	RESERVED
 CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of Skoda vehicl ...)
-	TODO: check
+	NOT-FOR-US: Skoda
 CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3 infotainme ...)
-	TODO: check
+	NOT-FOR-US: MIB3 infotainment
 CVE-2023-28897 (The secret value used for access to critical UDS services of the MIB3  ...)
-	TODO: check
+	NOT-FOR-US: MIB3 infotainment
 CVE-2023-28896 (Access to critical Unified Diagnostics Services (UDS) of the Modular I ...)
 	NOT-FOR-US: Skoda
 CVE-2023-28895 (The password for access to the debugging console of the PoWer Controll ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0d8b07eecf8dd6ce2b0e90599222e86ca05edf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0d8b07eecf8dd6ce2b0e90599222e86ca05edf1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240112/2b7eef13/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list