[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 18 21:28:38 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c46c9174 by Salvatore Bonaccorso at 2024-06-18T22:27:10+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2024-6116 (A vulnerability, which was classified as critical, has been found in i ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
 CVE-2024-6115 (A vulnerability classified as critical was found in itsourcecode Simpl ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
 CVE-2024-6114 (A vulnerability classified as critical has been found in itsourcecode  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Monbela Tourist Inn Online Reservation System
 CVE-2024-6112 (A vulnerability classified as critical was found in itsourcecode Pool  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Pool of Bethesda Online Reservation System
 CVE-2024-6111 (A vulnerability classified as critical has been found in itsourcecode  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Pool of Bethesda Online Reservation System
 CVE-2024-6110 (A vulnerability was found in itsourcecode Magbanua Beach Resort Online ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Magbanua Beach Resort Online Reservation System
 CVE-2024-6109 (A vulnerability was found in itsourcecode Tailoring Management System  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Tailoring Management System
 CVE-2024-6108 (A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03 ...)
-	TODO: check
+	NOT-FOR-US: Genexis Tilgin Home Gateway
 CVE-2024-5967 (A vulnerability was found in Keycloak. The LDAP testing endpoint allow ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2024-5953 (A denial of service vulnerability was found in the 389-ds-base LDAP se ...)
 	TODO: check
 CVE-2024-5899 (When Bazel Plugin in intellij imports a project (either using "import  ...)
@@ -25,19 +25,19 @@ CVE-2024-5750
 CVE-2024-5275 (A hard-coded password in the FileCatalyst TransferAgent can be found w ...)
 	TODO: check
 CVE-2024-38507 (In JetBrains Hub before 2024.2.34646 stored XSS via project descriptio ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Hub
 CVE-2024-38506 (In JetBrains YouTrack before 2024.2.34646 user without appropriate per ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-38505 (In JetBrains YouTrack before 2024.2.34646 user access token was sent t ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-38504 (In JetBrains YouTrack before 2024.2.34646 the Guest User Account was e ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-38351 (Pocketbase is an open source web backend written in go. In affected ve ...)
 	TODO: check
 CVE-2024-38348 (CodeProjects Health Care hospital Management System v1.0 was discovere ...)
-	TODO: check
+	NOT-FOR-US: CodeProjects Health Care hospital Management System
 CVE-2024-38347 (CodeProjects Health Care hospital Management System v1.0 was discovere ...)
-	TODO: check
+	NOT-FOR-US: CodeProjects Health Care hospital Management System
 CVE-2024-38277 (A unique key should be generated for a user's QR login key and their a ...)
 	TODO: check
 CVE-2024-38276 (Incorrect CSRF token checks resulted in multiple CSRF risks.)
@@ -49,23 +49,23 @@ CVE-2024-38274 (Insufficient escaping of calendar event titles resulted in a sto
 CVE-2024-38273 (Insufficient capability checks meant it was possible for users to gain ...)
 	TODO: check
 CVE-2024-37904 (Minder is an open source Software Supply Chain Security Platform. Mind ...)
-	TODO: check
+	NOT-FOR-US: Minder by Stacklok
 CVE-2024-37821 (An arbitrary file upload vulnerability in the Upload Template function ...)
 	TODO: check
 CVE-2024-37803 (Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProj ...)
-	TODO: check
+	NOT-FOR-US: CodeProjects Health Care hospital Management System
 CVE-2024-37802 (CodeProjects Health Care hospital Management System v1.0 was discovere ...)
-	TODO: check
+	NOT-FOR-US: CodeProjects Health Care hospital Management System
 CVE-2024-37800 (CodeProjects Restaurant Reservation System v1.0 was discovered to cont ...)
-	TODO: check
+	NOT-FOR-US: CodeProjects Restaurant Reservation System
 CVE-2024-37799 (CodeProjects Restaurant Reservation System v1.0 was discovered to cont ...)
-	TODO: check
+	NOT-FOR-US: CodeProjects Restaurant Reservation System
 CVE-2024-37791 (DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: DuxCMS3
 CVE-2024-22002 (CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged u ...)
-	TODO: check
+	NOT-FOR-US: CORSAIR iCUE
 CVE-2024-21685 (This High severity Information Disclosure vulnerability was introduced ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pa ...)
 	NOT-FOR-US: IBM
 CVE-2024-6103
@@ -95980,7 +95980,7 @@ CVE-2023-27638 (An issue was discovered in the tshirtecommerce (aka Custom Produ
 CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
 	NOT-FOR-US: tshirtecommerce
 CVE-2023-27636 (Progress Sitefinity before 15.0.0 allows XSS by authenticated users vi ...)
-	TODO: check
+	NOT-FOR-US: Progress Sitefinity
 CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: ECshop
 CVE-2023-1183 (A flaw was found in the Libreoffice package. An attacker can craft an  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c46c9174b1aa86ce28eadb7d80c383b8d7b0fe16

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c46c9174b1aa86ce28eadb7d80c383b8d7b0fe16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240618/2bcd0287/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list