[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a53e54f by Moritz Muehlenhoff at 2024-03-22T12:26:17+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2024-29272 (Arbitrary File Upload vulnerability in VvvebJs before version 1.
 CVE-2024-29271 (Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before v ...)
 	NOT-FOR-US: VvvebJs
 CVE-2024-29031 (Meshery is an open source, cloud native manager that enables the desig ...)
-	TODO: check
+	NOT-FOR-US: Meshery
 CVE-2024-28891 (SQL injection vulnerability exists in the script Handler_CFG.ashx.)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-28863 (node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no  ...)
 	- node-tar <unfixed>
 	NOTE: https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36
@@ -103,13 +103,13 @@ CVE-2024-28029 (Privileges are not fully verified server-side, which can be abus
 CVE-2024-27921 (Grav is an open-source, flat-file content management system. A file up ...)
 	NOT-FOR-US: Grav CMS
 CVE-2024-26557 (Codiad v2.8.4 allows reflected XSS via the components/market/dialog.ph ...)
-	TODO: check
+	NOT-FOR-US: Codiad
 CVE-2024-25937 (SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-25808 (Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1. ...)
-	TODO: check
+	NOT-FOR-US: Lychee
 CVE-2024-25807 (Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remot ...)
-	TODO: check
+	NOT-FOR-US: Lychee
 CVE-2024-25567 (Path traversal attack is possible and write outside of the intended di ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2024-24272 (An issue in iTop DualSafe Password Manager & Digital Vault before 1.4. ...)
@@ -121,7 +121,7 @@ CVE-2024-23494 (SQL injection vulnerability exists in GetDIAE_unListParameters.)
 CVE-2024-0957 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-42954 (A privilege escalation issue existed in FileMaker Server, potentially  ...)
-	TODO: check
+	NOT-FOR-US: Claris FileMaker Server
 CVE-2024-2742 (Operating system command injection vulnerability in Planet IGS-4215-16 ...)
 	NOT-FOR-US: Planet IGS-4215-16T2S
 CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a53e54f87fcc34c6e13e4f1ef790217750062fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a53e54f87fcc34c6e13e4f1ef790217750062fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240322/189dd81a/attachment.htm>