[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 22 21:31:45 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60bd2da5 by Salvatore Bonaccorso at 2024-03-22T22:28:16+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,35 +1,35 @@
 CVE-2024-2828 (A vulnerability, which was classified as critical, was found in lakern ...)
-	TODO: check
+	NOT-FOR-US: lakernote EasyAdmin
 CVE-2024-2827 (A vulnerability, which was classified as critical, has been found in l ...)
-	TODO: check
+	NOT-FOR-US: lakernote EasyAdmin
 CVE-2024-2826 (A vulnerability classified as problematic was found in lakernote EasyA ...)
-	TODO: check
+	NOT-FOR-US: lakernote EasyAdmin
 CVE-2024-2825 (A vulnerability classified as critical has been found in lakernote Eas ...)
-	TODO: check
+	NOT-FOR-US: lakernote EasyAdmin
 CVE-2024-2824 (A vulnerability was found in Matthias-Wandel jhead 3.08 and classified ...)
 	TODO: check
 CVE-2024-2823 (A vulnerability has been found in DedeCMS 5.7 and classified as proble ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-2822 (A vulnerability, which was classified as problematic, was found in Ded ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-2821 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-2820 (A vulnerability classified as problematic was found in DedeCMS 5.7. Af ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-2728 (Information exposure vulnerability in the CIGESv2 system. This vulnera ...)
-	TODO: check
+	NOT-FOR-US: CIGESv2 system
 CVE-2024-2727 (HTML injection vulnerability affecting the CIGESv2 system, which allow ...)
-	TODO: check
+	NOT-FOR-US: CIGESv2 system
 CVE-2024-2726 (Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the C ...)
-	TODO: check
+	NOT-FOR-US: CIGESv2 system
 CVE-2024-2725 (Information exposure vulnerability in the CIGESv2 system. A remote att ...)
-	TODO: check
+	NOT-FOR-US: CIGESv2 system
 CVE-2024-2724 (SQL injection vulnerability in the CIGESv2 system, through/ajaxServici ...)
-	TODO: check
+	NOT-FOR-US: CIGESv2 system
 CVE-2024-2723 (SQL injection vulnerability in the CIGESv2 system, through/ajaxSubServ ...)
-	TODO: check
+	NOT-FOR-US: CIGESv2 system
 CVE-2024-2722 (SQL injection vulnerability in the CIGESv2 system, through/ajaxConfigT ...)
-	TODO: check
+	NOT-FOR-US: CIGESv2 system
 CVE-2024-2449 (A cross-site request forgery vulnerability has been identified in Load ...)
 	TODO: check
 CVE-2024-2448 (An OS command injection vulnerability has been identified in LoadMaste ...)
@@ -47,35 +47,35 @@ CVE-2024-29943 (An attacker was able to perform an out-of-bounds read or write o
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943
 CVE-2024-29865 (Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page  ...)
-	TODO: check
+	NOT-FOR-US: Logpoint
 CVE-2024-29499 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...)
-	TODO: check
+	NOT-FOR-US: Anchor CMS
 CVE-2024-29385 (DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execu ...)
-	TODO: check
+	NOT-FOR-US: DIR-845L router
 CVE-2024-29366 (A command injection vulnerability exists in the cgibin binary in DIR-8 ...)
-	TODO: check
+	NOT-FOR-US: DIR-845L router
 CVE-2024-29338 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...)
-	TODO: check
+	NOT-FOR-US: Anchor CMS
 CVE-2024-29186 (Bref is an open-source project that helps users go serverless on Amazo ...)
 	TODO: check
 CVE-2024-29185 (FreeScout is a self-hosted help desk and shared mailbox. Versions prio ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2024-29184 (FreeScout is a self-hosted help desk and shared mailbox. A Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2024-29042 (Translate is a package that allows users to convert text to different  ...)
 	TODO: check
 CVE-2024-28861 (Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a P ...)
-	TODO: check
+	NOT-FOR-US: Symfony1 (community fork of symfony 1.4 with some enhancements)
 CVE-2024-28824 (Least privilege violation and reliance on untrusted inputs in the mk_i ...)
 	TODO: check
 CVE-2024-28593 (The Chat activity in Moodle 4.3.3 allows students to insert a potentia ...)
 	TODO: check
 CVE-2024-28560 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...)
-	TODO: check
+	NOT-FOR-US: Niushop B2B2C
 CVE-2024-28559 (SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows ...)
-	TODO: check
+	NOT-FOR-US: Niushop B2B2C
 CVE-2024-25168 (SQL injection vulnerability in snow snow v.2.0.0 allows a remote attac ...)
-	TODO: check
+	NOT-FOR-US: snow snow
 CVE-2024-1848 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out ...)
 	TODO: check
 CVE-2024-1742 (Invocation of the sqlplus command with sensitive information in the co ...)
@@ -83,9 +83,9 @@ CVE-2024-1742 (Invocation of the sqlplus command with sensitive information in t
 CVE-2024-0638 (Least privilege violation in the Checkmk agent plugins mk_oracle, mk_o ...)
 	TODO: check
 CVE-2023-4063 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2023-41099 (In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811,  ...)
-	TODO: check
+	NOT-FOR-US: Windows installer in Atos Eviden CardOS API
 CVE-2024-2817 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: Tenda
 CVE-2024-2816 (A vulnerability classified as problematic was found in Tenda AC15 15.0 ...)
@@ -78271,7 +78271,7 @@ CVE-2023-23351
 CVE-2023-23350
 	RESERVED
 CVE-2023-23349 (Kaspersky has fixed a security issue in Kaspersky Password Manager (KP ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2023-0229 (A flaw was found in github.com/openshift/apiserver-library-go, used in ...)
 	NOT-FOR-US: OpenShift
 CVE-2023-0228 (Improper Authentication vulnerability in ABB Symphony Plus S+ Operatio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60bd2da56150490b275c7f37a02aaa210e386ac2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60bd2da56150490b275c7f37a02aaa210e386ac2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240322/ff87be2d/attachment.htm>

More information about the debian-security-tracker-commits mailing list