[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 3 21:19:47 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4cbbd3fc by Salvatore Bonaccorso at 2024-05-03T22:19:13+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -491,7 +491,7 @@ CVE-2024-27453 (In Extreme XOS through 22.6.1.4, a read-only user can escalate p
 CVE-2024-25290 (An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to  ...)
 	TODO: check
 CVE-2024-25047 (IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 i ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-24710 (Missing Authorization vulnerability in SlickRemix Feed Them Social.Thi ...)
 	TODO: check
 CVE-2024-23914 (Use of Externally-Controlled Format String vulnerability in Merge DICO ...)
@@ -851,7 +851,7 @@ CVE-2023-50188 (Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable
 CVE-2023-50187 (Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code ...)
 	TODO: check
 CVE-2023-47727 (IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar S ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-47220 (An OS command injection vulnerability has been reported to affect Medi ...)
 	TODO: check
 CVE-2023-44472 (Missing Authorization vulnerability in ThemeFuse Unyson.This issue aff ...)
@@ -1263,9 +1263,9 @@ CVE-2023-41182 (NETGEAR ProSAFE Network Management System ZipUtils Directory Tra
 CVE-2023-41181 (LG SuperSign Media Editor getSubFolderList Directory Traversal Informa ...)
 	TODO: check
 CVE-2023-40696 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expe ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-40695 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate s ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-40517 (LG SuperSign Media Editor ContentRestController getObject Directory Tr ...)
 	TODO: check
 CVE-2023-40516 (LG Simple Editor Incorrect Permission Assignment Local Privilege Escal ...)
@@ -1453,7 +1453,7 @@ CVE-2023-39458 (Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credent
 CVE-2023-39457 (Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerab ...)
 	TODO: check
 CVE-2023-38724 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-38125 (Softing edgeAggregator Permissive Cross-domain Policy with Untrusted D ...)
 	TODO: check
 CVE-2023-38124 (Inductive Automation Ignition OPC UA Quick Client Task Scheduling Expo ...)
@@ -1549,7 +1549,7 @@ CVE-2023-38078 (Kofax Power PDF U3D File Parsing Use-After-Free Information Disc
 CVE-2023-38077 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...)
 	TODO: check
 CVE-2023-37407 (IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attac ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-37359 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...)
 	TODO: check
 CVE-2023-37358 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Information Disclo ...)
@@ -75901,7 +75901,7 @@ CVE-2023-28954
 CVE-2023-28953 (IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker ...)
 	NOT-FOR-US: IBM
 CVE-2023-28952 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to inje ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-28951
 	RESERVED
 CVE-2023-28950 (IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user infor ...)
@@ -93018,7 +93018,7 @@ CVE-2023-23476 (IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is v
 CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...)
 	NOT-FOR-US: IBM
 CVE-2023-23474 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...)
 	NOT-FOR-US: IBM
 CVE-2023-23472
@@ -177311,7 +177311,7 @@ CVE-2022-22366 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.
 CVE-2022-22365 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax ...)
 	NOT-FOR-US: IBM
 CVE-2022-22364 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to exte ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22363
 	RESERVED
 CVE-2022-22362
@@ -249834,7 +249834,7 @@ CVE-2021-20558
 CVE-2021-20557 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...)
 	NOT-FOR-US: IBM
 CVE-2021-20556 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20555
 	RESERVED
 CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cros ...)
@@ -250044,9 +250044,9 @@ CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable
 CVE-2021-20452
 	RESERVED
 CVE-2021-20451 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20450 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secu ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20449
 	RESERVED
 CVE-2021-20448 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
@@ -320299,7 +320299,7 @@ CVE-2020-4876 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to
 CVE-2020-4875 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...)
 	NOT-FOR-US: IBM
 CVE-2020-4874 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expe ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...)
 	NOT-FOR-US: IBM
 CVE-2020-4872



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbbd3fcdbe3f26bea0230a92e06f1f4b0ae7e35

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbbd3fcdbe3f26bea0230a92e06f1f4b0ae7e35
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240503/cebd599f/attachment.htm>

More information about the debian-security-tracker-commits mailing list