[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 25 20:31:48 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac65edf0 by Salvatore Bonaccorso at 2024-01-25T21:31:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2024-23855 (A vulnerability has been reported in Cups Easy (Purchase & Inventory), ...)
-	TODO: check
+	NOT-FOR-US: Cups Easy (Purchase & Inventory)
 CVE-2024-23817 (Dolibarr is an enterprise resource planning (ERP) and customer relatio ...)
 	TODO: check
 CVE-2024-23656 (Dex is an identity service that uses OpenID Connect to drive authentic ...)
 	TODO: check
 CVE-2024-23655 (Tuta is an encrypted email service. Starting in version 3.118.12 and p ...)
-	TODO: check
+	NOT-FOR-US: Tuta
 CVE-2024-22749 (GPAC v2.3 was detected to contain a buffer overflow via the function g ...)
 	TODO: check
 CVE-2024-22729 (NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command i ...)
-	TODO: check
+	NOT-FOR-US: NETIS SYSTEMS MW5360
 CVE-2024-22529 (TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vuln ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-22432 (Networker 19.9 and all prior versions contains a Plain-text Password s ...)
-	TODO: check
+	NOT-FOR-US: Dell Networker
 CVE-2024-21630 (Zulip is an open-source team collaboration tool. A vulnerability in ve ...)
-	TODO: check
+	NOT-FOR-US: Zulip
 CVE-2024-0883 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Tours & Travels Management System
 CVE-2024-0882 (A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been c ...)
-	TODO: check
+	NOT-FOR-US: qwdigital LinkWechat
 CVE-2024-0880 (A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as ...)
-	TODO: check
+	NOT-FOR-US: Qidianbang qdbcrm
 CVE-2024-0879 (Authentication bypass in vector-admin allows a user to register to a v ...)
 	TODO: check
 CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulner ...)
-	TODO: check
+	NOT-FOR-US: SystemK NVR 504/508/516
 CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, w ...)
-	TODO: check
+	NOT-FOR-US: IceHrm
 CVE-2023-52076 (Atril Document Viewer is the default document reader of the MATE deskt ...)
 	- atril <unfixed>
 	NOTE: https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
 	NOTE: https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
 CVE-2023-41474 (Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-3181 (The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst ...)
 	TODO: check
 CVE-2024-23985 (EzServer 6.4.017 allows a denial of service (daemon crash) via a long  ...)
@@ -118,7 +118,7 @@ CVE-2024-23646 (Pimcore's Admin Classic Bundle provides a backend user interface
 CVE-2024-23644 (Trillium is a composable toolkit for building internet applications wi ...)
 	NOT-FOR-US: Trillium
 CVE-2024-23641 (SvelteKit is a web development kit. In SvelteKit 2, sending a GET requ ...)
-	TODO: check
+	NOT-FOR-US: SvelteKit
 CVE-2024-22725 (Orthanc versions before 1.12.2 are affected by a reflected cross-site  ...)
 	- orthanc 1.12.2+dfsg-1
 	NOTE: https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0
@@ -60185,7 +60185,7 @@ CVE-2023-24678 (A vulnerability in Centralite Pearl Thermostat 0x04075010 allows
 CVE-2023-24677
 	RESERVED
 CVE-2023-24676 (An issue found in Processwire 3.0.210 allows attackers to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: Processwire
 CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attack ...)
 	NOT-FOR-US: BluditCMS
 CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows local att ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac65edf0ccb12e4955fcc21039f02eee8b2b19c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac65edf0ccb12e4955fcc21039f02eee8b2b19c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240125/2ec5efec/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list