[Git][security-tracker-team/security-tracker][master] Process NFUs

Tue Nov 12 08:35:34 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e0150d6 by Salvatore Bonaccorso at 2024-11-12T09:35:04+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -87,17 +87,17 @@ CVE-2024-47799 (Exposure of sensitive system information to an unauthorized cont
 CVE-2024-47595 (An attacker who gains local membership to sapsys group could replace l ...)
 	TODO: check
 CVE-2024-47593 (SAP NetWeaver Application Server ABAP allows an unauthenticated attack ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47592 (SAP NetWeaver AS Java allows an unauthenticated attacker to brute forc ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47590 (An unauthenticated attacker can create a malicious link which they can ...)
 	TODO: check
 CVE-2024-47588 (In SAP NetWeaver Java (Software Update Manager 1.1), under certain con ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47587 (Cash Operations does not perform necessary authorization check for an  ...)
 	TODO: check
 CVE-2024-47586 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47131 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)
 	TODO: check
 CVE-2024-46966 (The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) appl ...)
@@ -113,9 +113,9 @@ CVE-2024-46962 (The SYQ com.downloader.video.fast (aka Master Video Downloader)
 CVE-2024-45827 (Improper neutralization of special elements used in an OS command ('OS ...)
 	TODO: check
 CVE-2024-45088 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-45087 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-44546 (Powerjob >= 3.20 is vulnerable to SQL injection via the version parame ...)
 	TODO: check
 CVE-2024-43439 (A flaw was found in moodle. H5P error messages require additional sani ...)
@@ -135,7 +135,7 @@ CVE-2024-43429 (A flaw was found in moodle. Some hidden user profile fields are
 CVE-2024-43427 (A flaw was found in moodle. When creating an export of site administra ...)
 	TODO: check
 CVE-2024-42372 (Due to missing authorization check in SAP NetWeaver AS Java (System La ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39605 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)
 	TODO: check
 CVE-2024-39354 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0150d64e0341f312afa8e7d8bd7819b4ee5212

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e0150d64e0341f312afa8e7d8bd7819b4ee5212
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241112/bc62c703/attachment.htm>
