[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sat Jan 13 16:12:27 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5032aa1 by Salvatore Bonaccorso at 2024-01-13T17:11:48+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,7 +6,7 @@ CVE-2024-23301 (Relax-and-Recover (aka ReaR) through 2.7 creates a world-readabl
 CVE-2024-22209 (Open edX Platform is a service-oriented platform for authoring and del ...)
 	NOT-FOR-US: Open edX
 CVE-2024-22206 (Clerk helps developers build user management. Unauthorized access or p ...)
-	TODO: check
+	NOT-FOR-US: Clerk
 CVE-2024-22142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Cozmoslabs Profile Builder Pro
 CVE-2024-22137 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -50,9 +50,9 @@ CVE-2024-0251 (The Advanced Woo Search plugin for WordPress is vulnerable to Ref
 CVE-2024-0230 (A session management issue was addressed with improved checks. This is ...)
 	NOT-FOR-US: Magic Keyboard Firmware Update
 CVE-2023-52289 (An issue was discovered in the flaskcode package through 0.0.8 for Pyt ...)
-	TODO: check
+	NOT-FOR-US: flaskcode for Python
 CVE-2023-52288 (An issue was discovered in the flaskcode package through 0.0.8 for Pyt ...)
-	TODO: check
+	NOT-FOR-US: flaskcode for Python
 CVE-2023-51805 (SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows  ...)
 	NOT-FOR-US: TDuckCLoud tduck-platform
 CVE-2023-51804 (An issue in rymcu forest v.0.02 allows a remote attacker to obtain sen ...)
@@ -95,9 +95,9 @@ CVE-2023-48297 (Discourse is a platform for community discussion. The message se
 CVE-2023-48166 (A directory traversal vulnerability in the SOAP Server integrated in A ...)
 	NOT-FOR-US: Unify
 CVE-2023-46943 (An issue was discovered in NPM's package @evershop/evershop before ver ...)
-	TODO: check
+	NOT-FOR-US: evershop Nodejs module
 CVE-2023-46942 (Lack of authentication in NPM's package @evershop/evershop before vers ...)
-	TODO: check
+	NOT-FOR-US: evershop Nodejs module
 CVE-2023-42463 (Wazuh is a free and open source platform used for threat prevention, d ...)
 	NOT-FOR-US: Wazuh
 CVE-2023-33472 (An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and bef ...)
@@ -184,7 +184,7 @@ CVE-2023-49254 (Authenticated user can execute arbitrary commands in the context
 CVE-2023-49253 (Root user password is hardcoded into the device and cannot be changed  ...)
 	NOT-FOR-US: Hongdian
 CVE-2023-48909 (An issue was discovered in Jave2 version 3.3.1, allows attackers to ex ...)
-	TODO: check
+	NOT-FOR-US: Jave2
 CVE-2023-46805 (An authentication bypass vulnerability in the web component of Ivanti  ...)
 	NOT-FOR-US: Ivanti
 CVE-2010-10011 (A vulnerability, which was classified as problematic, was found in Acr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5032aa17e7c8a24453d1876f62ac2278d7d9dcd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5032aa17e7c8a24453d1876f62ac2278d7d9dcd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240113/e9dca6a4/attachment.htm>
