[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 5 21:05:25 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd60b624 by Salvatore Bonaccorso at 2024-03-05T22:04:52+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2024-2188 (Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-2056 (Services that are running and bound to the loopback interface on the A ...)
-	TODO: check
+	NOT-FOR-US: Artica Proxy
 CVE-2024-2055 (The "Rich Filemanager" feature of Artica Proxy provides a web-based in ...)
-	TODO: check
+	NOT-FOR-US: Artica Proxy
 CVE-2024-2054 (The Artica-Proxy administrative web application will deserialize arbit ...)
-	TODO: check
+	NOT-FOR-US: Artica Proxy
 CVE-2024-2053 (The Artica Proxy administrative web application will deserialize arbit ...)
-	TODO: check
+	NOT-FOR-US: Artica Proxy
 CVE-2024-2005 (Blue Planet\xae has released software updates that address this vulner ...)
-	TODO: check
+	NOT-FOR-US: Blue Planet
 CVE-2024-27931 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure  ...)
 	NOT-FOR-US: Deno
 CVE-2024-27929 (ImageSharp is a managed, cross-platform, 2D graphics library. A heap-u ...)
@@ -51,7 +51,7 @@ CVE-2024-23243 (A privacy issue was addressed with improved private data redacti
 CVE-2024-23225 (A memory corruption issue was addressed with improved validation. This ...)
 	TODO: check
 CVE-2024-22352 (IBM InfoSphere Information Server 11.7 stores potentially sensitive in ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-22255 (VMware ESXi, Workstation, and Fusion contain an information disclosure ...)
 	NOT-FOR-US: VMware
 CVE-2024-22254 (VMware ESXi contains an out-of-bounds write vulnerability.A malicious  ...)
@@ -61,9 +61,9 @@ CVE-2024-22253 (VMware ESXi, Workstation, and Fusion contain a use-after-free vu
 CVE-2024-22252 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
 	NOT-FOR-US: VMware
 CVE-2024-1202 (Authentication Bypass by Primary Weakness vulnerability in XPodas Octo ...)
-	TODO: check
+	NOT-FOR-US: XPodas Octopod
 CVE-2023-7103 (Authentication Bypass by Primary Weakness vulnerability in ZKSoftware  ...)
-	TODO: check
+	NOT-FOR-US: ZKSoftware Biometric Security Solutions UFace
 CVE-2023-5457 (A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d v ...)
 	TODO: check
 CVE-2023-5456 (A CWE-798 \u201cUse of Hard-coded Credentials\u201d vulnerability in t ...)
@@ -89,7 +89,7 @@ CVE-2023-45592 (A CWE-250 \u201cExecution with Unnecessary Privileges\u201d vuln
 CVE-2023-45591 (A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the  ...)
 	TODO: check
 CVE-2023-35899 (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-48630 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 5.17.11-1
 	[bullseye] - linux 5.10.120-1
@@ -64698,7 +64698,7 @@ CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 t
 CVE-2023-26283 (IBM WebSphere Application Server 9.0 is vulnerable to cross-site scrip ...)
 	NOT-FOR-US: IBM
 CVE-2023-26282 (IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user wit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-26281 (IBM HTTP Server 8.5 used by IBM WebSphere Application Server could all ...)
 	NOT-FOR-US: IBM
 CVE-2023-26280
@@ -66781,7 +66781,7 @@ CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 thro
 CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
 	NOT-FOR-US: IBM
 CVE-2023-25681 (LDAP users on IBM Spectrum Virtualize 8.5 which are configured to requ ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to  ...)
 	NOT-FOR-US: IBM
 CVE-2023-25679
@@ -85575,7 +85575,7 @@ CVE-2022-46090
 CVE-2022-46089
 	RESERVED
 CVE-2022-46088 (Online Flight Booking Management System v1.0 was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Online Flight Booking Management System
 CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A norm ...)
 	NOT-FOR-US: CloudSchool
 CVE-2022-46086
@@ -157681,7 +157681,7 @@ CVE-2022-22401 (IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather
 CVE-2022-22400
 	RESERVED
 CVE-2022-22399 (IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injecti ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22398
 	RESERVED
 CVE-2022-22397



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd60b62496e6e8e62cc7744f18572e40adb02444

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd60b62496e6e8e62cc7744f18572e40adb02444
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240305/e0b5d6bc/attachment.htm>

More information about the debian-security-tracker-commits mailing list