[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Mar 18 20:16:41 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48b0bbb1 by Salvatore Bonaccorso at 2025-03-18T21:16:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,7 +59,7 @@ CVE-2025-29907 (jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.
 CVE-2025-29790 (Contao is an Open Source CMS. Users can upload SVG files with maliciou ...)
 	TODO: check
 CVE-2025-27688 (Dell ThinOS 2408 and prior, contains an improper permissions vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-27080 (Vulnerabilities in the command line interface of AOS-CX could allow an ...)
 	TODO: check
 CVE-2025-26138 (Systemic Risk Value <=2.8.0 is vulnerable to improper access control i ...)
@@ -107,11 +107,11 @@ CVE-2024-57170 (SOPlanning 1.53.00 is vulnerable to a directory traversal issue
 CVE-2024-57169 (A file upload bypass vulnerability exists in SOPlanning 1.53.00, speci ...)
 	TODO: check
 CVE-2024-56347 (IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-56346 (IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote at ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-49822 (IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side re ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-44314 (TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability  ...)
 	TODO: check
 CVE-2024-44313 (TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability  ...)
@@ -123,9 +123,9 @@ CVE-2024-23943 (An unauthenticated remote attacker can gain access to the cloud
 CVE-2024-23942 (A local user may find a configuration file on the client workstation w ...)
 	TODO: check
 CVE-2024-21760 (An improper control of generation of code ('Code Injection') vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-47539 (An improper access control vulnerability in FortiMail version 7.4.0 co ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-0755 (The various bson_appendfunctions in the MongoDB C driver library may b ...)
 	- mongo-c-driver 1.27.5-1
 	[bookworm] - mongo-c-driver <no-dsa> (Minor issue; can be fixed via point-release)
@@ -188539,7 +188539,7 @@ CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability was
 CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...)
 	NOT-FOR-US: Atlassian
 CVE-2023-22514 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
 	NOT-FOR-US: Bitbucket Data Center and Server
 CVE-2023-22512 (This High severity DoS (Denial of Service) vulnerability was introduce ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b0bbb1ab713a53c478c996ea9f34e466ecd0fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b0bbb1ab713a53c478c996ea9f34e466ecd0fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250318/f7b99c8c/attachment.htm>
