[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 22 21:45:22 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
36e919e8 by Salvatore Bonaccorso at 2024-01-22T22:44:52+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,65 +1,65 @@
 CVE-2024-22895 (DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/modul ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-22233 (In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a us ...)
 	TODO: check
 CVE-2024-0784 (A vulnerability was found in biantaibao octopus 1.0. It has been class ...)
-	TODO: check
+	NOT-FOR-US: biantaibao octopus
 CVE-2024-0783 (A vulnerability was found in Project Worlds Online Admission System 1. ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds Online Admission System
 CVE-2024-0782 (A vulnerability has been found in CodeAstro Online Railway Reservation ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Online Railway Reservation System
 CVE-2024-0781 (A vulnerability, which was classified as problematic, was found in Cod ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro Internet Banking System
 CVE-2024-0778 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
-	TODO: check
+	NOT-FOR-US: Uniview
 CVE-2024-0706
 	REJECTED
 CVE-2024-0606 (An attacker could execute unauthorized script on a legitimate site thr ...)
-	TODO: check
+	NOT-FOR-US: Focus for iOS
 CVE-2024-0605 (Using a javascript: URI with a setTimeout race condition, an attacker  ...)
-	TODO: check
+	NOT-FOR-US: Focus for iOS
 CVE-2024-0430 (IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Servic ...)
-	TODO: check
+	NOT-FOR-US: IObit Malware Fighter
 CVE-2024-0204 (Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Fortra's GoAnywhere MFT
 CVE-2023-7194 (The Meris WordPress theme through 1.1.2 does not sanitise and escape s ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-7170 (The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7082 (The Import any XML or CSV File to WordPress plugin before 3.7.3 accept ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6626 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6625 (The Product Enquiry for WooCommerce WordPress plugin before 3.1 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6456 (The WP Review Slider WordPress plugin before 13.0 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6447 (The EventPrime WordPress plugin before 3.3.6 lacks authentication and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6384 (The WP User Profile Avatar WordPress plugin before 1.0.1 does not prop ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6290 (The SEOPress WordPress plugin before 7.3 does not sanitise and escape  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50308 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-48118 (SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 al ...)
-	TODO: check
+	NOT-FOR-US: Quest Analytics LLC IQCRM
 CVE-2023-47747 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-47746 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-47158 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-47152 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-45193 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-44395 (Autolab is a course management service that enables instructors to off ...)
-	TODO: check
+	NOT-FOR-US: Autolab
 CVE-2020-36772 (CloudLinux  CageFS 7.0.8-2 or below insufficiently restricts file path ...)
-	TODO: check
+	NOT-FOR-US: CloudLinux CageFS
 CVE-2020-36771 (CloudLinux  CageFS 7.1.1-1 or below passes the authentication token as ...)
-	TODO: check
+	NOT-FOR-US: CloudLinux CageFS
 CVE-2023-46838 [xen-netback: don't produce zero-size SKB frags]
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-448.html
@@ -50129,7 +50129,7 @@ CVE-2023-27861 (IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0
 CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensiti ...)
 	NOT-FOR-US: IBM
 CVE-2023-27859 (IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary code execut ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36e919e8bdb4e4958cf364eb5edb9f5692a0b17d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36e919e8bdb4e4958cf364eb5edb9f5692a0b17d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240122/a407819e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list