[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 1 08:40:54 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
412345be by Salvatore Bonaccorso at 2024-03-01T09:40:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,57 +1,57 @@
 CVE-2024-2045 (Session version 1.17.5 allows obtaining internal application files and ...)
 	TODO: check
 CVE-2024-2022 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
-	TODO: check
+	NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
 CVE-2024-2021 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
-	TODO: check
+	NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
 CVE-2024-2016 (A vulnerability, which was classified as critical, was found in ZhiCms ...)
-	TODO: check
+	NOT-FOR-US: ZhiCms
 CVE-2024-2015 (A vulnerability, which was classified as critical, has been found in Z ...)
-	TODO: check
+	NOT-FOR-US: ZhiCms
 CVE-2024-2014 (A vulnerability classified as critical was found in Panabit Panalog 20 ...)
-	TODO: check
+	NOT-FOR-US: Panabit Panalog
 CVE-2024-27950 (Missing Authorization vulnerability in sirv.Com Image Optimizer, Resiz ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27949 (Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Opt ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27294 (dp-golang is a Puppet module for Go installations.  Prior to 1.2.7, dp ...)
 	TODO: check
 CVE-2024-27292 (Docassemble is an expert system for guided interviews and document ass ...)
-	TODO: check
+	NOT-FOR-US: Docassemble
 CVE-2024-27291 (Docassemble is an expert system for guided interviews and document ass ...)
-	TODO: check
+	NOT-FOR-US: Docassemble
 CVE-2024-27290 (Docassemble is an expert system for guided interviews and document ass ...)
-	TODO: check
+	NOT-FOR-US: Docassemble
 CVE-2024-26196 (Microsoft Edge for Android (Chromium-based) Information Disclosure Vul ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-25578 (MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain ...)
-	TODO: check
+	NOT-FOR-US: MicroDicom DICOM Viewer
 CVE-2024-25554
 	REJECTED
 CVE-2024-25553
 	REJECTED
 CVE-2024-25552 (A local attacker can gain administrative privileges by inserting an ex ...)
-	TODO: check
+	NOT-FOR-US: VDE
 CVE-2024-25386 (Directory Traversal vulnerability in DICOM\xae Connectivity Framework  ...)
-	TODO: check
+	NOT-FOR-US: laurelbridge
 CVE-2024-25293 (mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a re ...)
-	TODO: check
+	NOT-FOR-US: mjml-app
 CVE-2024-25239 (SQL Injection vulnerability in Sourcecodester Employee Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Employee Management System
 CVE-2024-25167 (Cross Site Scripting vulnerability in eblog v1.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: eblog
 CVE-2024-24520 (An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: Lepton CMS
 CVE-2024-24028 (Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2. ...)
-	TODO: check
+	NOT-FOR-US: Likeshop
 CVE-2024-22891 (Nteract v.0.28.0 was discovered to contain a remote code execution (RC ...)
 	TODO: check
 CVE-2024-22100 (MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are aff ...)
-	TODO: check
+	NOT-FOR-US: MicroDicom DICOM Viewer
 CVE-2024-1941 (Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-1859 (The Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0403 (Recipes version 1.5.10 allows arbitrary HTTP requests to be made  thro ...)
 	TODO: check
 CVE-2023-52555 (In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/412345bec472c7cc740ff5044865ee2a6af2d764

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/412345bec472c7cc740ff5044865ee2a6af2d764
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240301/08b9814b/attachment.htm>

More information about the debian-security-tracker-commits mailing list