[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 7 20:25:31 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a4652a8 by Salvatore Bonaccorso at 2025-01-07T21:24:56+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -123,7 +123,7 @@ CVE-2025-22502 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-22500 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	TODO: check
 CVE-2025-22365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: EMC2 Alert Boxes
 CVE-2025-22364 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	TODO: check
 CVE-2025-22363 (Missing Authorization vulnerability in ORION Allada T-shirt Designer f ...)
@@ -345,15 +345,15 @@ CVE-2024-53522 (Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to c
 CVE-2024-53345 (An authenticated arbitrary file upload vulnerability in Car Rental Man ...)
 	TODO: check
 CVE-2024-52893 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could al ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-52891 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3   could a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-52813 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
 	TODO: check
 CVE-2024-52367 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could dis ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-52366 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3could allo ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-51715 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2024-51700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -389,9 +389,9 @@ CVE-2024-46601 (Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12
 CVE-2024-46242 (An issue in the validate_email function in CTFd/utils/validators/__ini ...)
 	TODO: check
 CVE-2024-45640 (IBM Security ReaQta 3.12 returns sensitive information in an HTTP resp ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-45100 (IBM Security ReaQta 3.12could allow a privileged user to cause a denia ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-44450 (Multiple functions are vulnerable to Authorization Bypass in AIMS eCre ...)
 	TODO: check
 CVE-2024-43243 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
@@ -403,15 +403,15 @@ CVE-2024-40748 (Lack of output escaping in the id attribute of menu lists.)
 CVE-2024-40747 (Various module chromes didn't properly process inputs, leading to XSS  ...)
 	TODO: check
 CVE-2024-40702 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-40427 (Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers ...)
 	TODO: check
 CVE-2024-35532 (An XML External Entity (XXE) injection vulnerability in Intersec Geosa ...)
 	TODO: check
 CVE-2024-28778 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-25037 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-12738 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
 	TODO: check
 CVE-2024-12719 (The WordPress File Upload plugin for WordPress is vulnerable to unauth ...)
@@ -246305,7 +246305,7 @@ CVE-2022-22365 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with th
 CVE-2022-22364 (IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to exte ...)
 	NOT-FOR-US: IBM
 CVE-2022-22363 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22362
 	RESERVED
 CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20 ...)
@@ -319007,7 +319007,7 @@ CVE-2021-20457
 CVE-2021-20456
 	RESERVED
 CVE-2021-20455 (IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
 	NOT-FOR-US: IBM
 CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a4652a892c0e98150290081ba1ff77d2399a30d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a4652a892c0e98150290081ba1ff77d2399a30d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250107/e7d8e994/attachment.htm>

More information about the debian-security-tracker-commits mailing list