[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 18 20:34:49 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44afb1c1 by Salvatore Bonaccorso at 2024-01-18T21:34:09+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
 CVE-2024-22819 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22818 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility  ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22817 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22699 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22603 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22601 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22593 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22592 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22591 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22568 (FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22549 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email se ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22548 (FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system w ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2024-22419 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-22400 (Nextcloud User Saml is an app for authenticating Nextcloud users using ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud User Saml app
 CVE-2024-22317 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 thr ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-22213 (Deck is a kanban style organization tool aimed at personal planning an ...)
-	TODO: check
+	NOT-FOR-US: Deck
 CVE-2024-22212 (Nextcloud Global Site Selector is a tool which allows you to run multi ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Global Site Selector
 CVE-2024-0694
 	REJECTED
 CVE-2024-0669 (A Cross-Frame Scripting vulnerability has been found on Plone CMS affe ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2024-0580 (Omission of user-controlled key authorization in the IDMSistemas platf ...)
-	TODO: check
+	NOT-FOR-US: IDMSistemas platform / QSige
 CVE-2023-7153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Macroturk Software and Internet Technologies Macro-Bel
 CVE-2023-5806 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Mergen Software Quality Management System
 CVE-2023-51464 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2023-51463 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2023-49943 (Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-40052 (This issue affects Progress Application Server (PAS) for OpenEdge in v ...)
-	TODO: check
+	NOT-FOR-US: OpenEdge
 CVE-2023-40051 (This issue affects Progress Application Server (PAS) for OpenEdge in v ...)
-	TODO: check
+	NOT-FOR-US: OpenEdge
 CVE-2023-34348 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vul ...)
-	TODO: check
+	NOT-FOR-US: AVEVA PI Server
 CVE-2023-31274 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vul ...)
-	TODO: check
+	NOT-FOR-US: AVEVA PI Server
 CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE att ...)
 	- libspreadsheet-parsexlsx-perl <unfixed> (bug #1061098)
 	NOTE: https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
@@ -66,7 +66,7 @@ CVE-2024-22416 (pyLoad is a free and open-source Download Manager written in pur
 CVE-2024-22414 (flaskBlog is a simple blog app built with Flask. Improper storage and  ...)
 	NOT-FOR-US: flaskBlog
 CVE-2024-22410 (Creditcoin is a network that enables cross-blockchain credit transacti ...)
-	TODO: check
+	NOT-FOR-US: Creditcoin
 CVE-2024-0655 (A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified  ...)
 	NOT-FOR-US: Novel-Plus
 CVE-2024-0654 (A vulnerability, which was classified as problematic, was found in Dee ...)
@@ -142,7 +142,7 @@ CVE-2023-48340 (In video decoder, there is a possible out of bounds write due to
 CVE-2023-48339 (In jpg driver, there is a possible missing permission check. This coul ...)
 	NOT-FOR-US: Unisoc
 CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has be ...)
-	TODO: check
+	NOT-FOR-US: Karjasoft Sami HTTP Server
 CVE-2024-22365 [pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations]
 	- pam <unfixed> (bug #1061097)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/18/3
@@ -171,7 +171,7 @@ CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux kernel\
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c5a595000e2677e865a39f249c056bc05d6e55fd (6.7-rc5)
 CVE-2024-0645 (Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.53 ...)
-	TODO: check
+	NOT-FOR-US: Explorer++
 CVE-2024-0643 (Unrestricted upload of dangerous file types in the C21 Live Encoder an ...)
 	NOT-FOR-US: C21 Live encoder and Live Mosaic
 CVE-2024-0642 (Inadequate access control in the C21 Live Encoder and Live Mosaic prod ...)
@@ -45870,9 +45870,9 @@ CVE-2023-28903
 CVE-2023-28902
 	RESERVED
 CVE-2023-28901 (The Skoda Automotive cloud contains a Broken Access Control vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Skoda
 CVE-2023-28900 (The Skoda Automotive cloud contains a Broken Access Control vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Skoda
 CVE-2023-28899 (By sending a specific reset UDS request via OBDII port of Skoda vehicl ...)
 	NOT-FOR-US: Skoda
 CVE-2023-28898 (The Real-Time Streaming Protocol implementation in the MIB3 infotainme ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44afb1c13d922c6b3d46ae3ad05fe678b18fe0f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44afb1c13d922c6b3d46ae3ad05fe678b18fe0f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240118/5401e16e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list