[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 30 21:20:20 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
173ff1b5 by Salvatore Bonaccorso at 2024-07-30T22:17:54+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -109,7 +109,7 @@ CVE-2024-23091 (Weak password hashing using MD5 in funzioni.php in HotelDruid be
 CVE-2023-48396 (Web Authentication vulnerability in Apache SeaTunnel.Since the jwt key ...)
 	TODO: check
 CVE-2023-38001 (IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forg ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-33976 (TensorFlow is an end-to-end open source platform for machine learning. ...)
 	TODO: check
 CVE-2024-7252 (Comodo Internet Security Pro cmdagent Link Following Local Privilege E ...)
@@ -110669,9 +110669,9 @@ CVE-2023-26291 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2023-26290 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Forcepoint
 CVE-2023-26289 (IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection,  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-26288 (IBM Aspera Orchestrator 4.0.1 does not invalidate session after a pass ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-26287
 	RESERVED
 CVE-2023-26286 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
@@ -170113,7 +170113,7 @@ CVE-2022-33169 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vul
 CVE-2022-33168 (IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause ...)
 	NOT-FOR-US: IBM
 CVE-2022-33167 (IBM Security Directory Integrator 7.2.0 and IBM Security Verify Direct ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...)
 	NOT-FOR-US: IBM
 CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173ff1b5ea18311e9a77581fa0ad884369464072

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/173ff1b5ea18311e9a77581fa0ad884369464072
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240730/245342ac/attachment.htm>

More information about the debian-security-tracker-commits mailing list