[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 25 Jan 2024 12:31:57 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ac65edf0 by Salvatore Bonaccorso at 2024-01-25T21:31:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2024-23855 (A vulnerability has been reported in Cups Easy (Purchase & 
Inventory), ...)
-       TODO: check
+       NOT-FOR-US: Cups Easy (Purchase & Inventory)
 CVE-2024-23817 (Dolibarr is an enterprise resource planning (ERP) and customer 
relatio ...)
        TODO: check
 CVE-2024-23656 (Dex is an identity service that uses OpenID Connect to drive 
authentic ...)
        TODO: check
 CVE-2024-23655 (Tuta is an encrypted email service. Starting in version 
3.118.12 and p ...)
-       TODO: check
+       NOT-FOR-US: Tuta
 CVE-2024-22749 (GPAC v2.3 was detected to contain a buffer overflow via the 
function g ...)
        TODO: check
 CVE-2024-22729 (NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a 
command i ...)
-       TODO: check
+       NOT-FOR-US: NETIS SYSTEMS MW5360
 CVE-2024-22529 (TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command 
injection vuln ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-22432 (Networker 19.9 and all prior versions contains a Plain-text 
Password s ...)
-       TODO: check
+       NOT-FOR-US: Dell Networker
 CVE-2024-21630 (Zulip is an open-source team collaboration tool. A 
vulnerability in ve ...)
-       TODO: check
+       NOT-FOR-US: Zulip
 CVE-2024-0883 (A vulnerability was found in SourceCodester Online Tours & 
Travels Man ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Online Tours & Travels Management System
 CVE-2024-0882 (A vulnerability was found in qwdigital LinkWechat 5.1.0. It has 
been c ...)
-       TODO: check
+       NOT-FOR-US: qwdigital LinkWechat
 CVE-2024-0880 (A vulnerability was found in Qidianbang qdbcrm 1.1.0 and 
classified as ...)
-       TODO: check
+       NOT-FOR-US: Qidianbang qdbcrm
 CVE-2024-0879 (Authentication bypass in vector-admin allows a user to register 
to a v ...)
        TODO: check
 CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are 
vulner ...)
-       TODO: check
+       NOT-FOR-US: SystemK NVR 504/508/516
 CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled 
input, w ...)
-       TODO: check
+       NOT-FOR-US: IceHrm
 CVE-2023-52076 (Atril Document Viewer is the default document reader of the 
MATE deskt ...)
        - atril <unfixed>
        NOTE: 
https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
        NOTE: 
https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
 CVE-2023-41474 (Directory Traversal vulnerability in Ivanti Avalanche 
6.3.4.153 allows ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2023-3181 (The C:\Program Files (x86)\Splashtop\Splashtop Software 
Updater\uninst ...)
        TODO: check
 CVE-2024-23985 (EzServer 6.4.017 allows a denial of service (daemon crash) via 
a long  ...)
@@ -118,7 +118,7 @@ CVE-2024-23646 (Pimcore's Admin Classic Bundle provides a 
backend user interface
 CVE-2024-23644 (Trillium is a composable toolkit for building internet 
applications wi ...)
        NOT-FOR-US: Trillium
 CVE-2024-23641 (SvelteKit is a web development kit. In SvelteKit 2, sending a 
GET requ ...)
-       TODO: check
+       NOT-FOR-US: SvelteKit
 CVE-2024-22725 (Orthanc versions before 1.12.2 are affected by a reflected 
cross-site  ...)
        - orthanc 1.12.2+dfsg-1
        NOTE: https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0
@@ -60185,7 +60185,7 @@ CVE-2023-24678 (A vulnerability in Centralite Pearl 
Thermostat 0x04075010 allows
 CVE-2023-24677
        RESERVED
 CVE-2023-24676 (An issue found in Processwire 3.0.210 allows attackers to 
execute arbi ...)
-       TODO: check
+       NOT-FOR-US: Processwire
 CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 
allows attack ...)
        NOT-FOR-US: BluditCMS
 CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows 
local att ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac65edf0ccb12e4955fcc21039f02eee8b2b19c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac65edf0ccb12e4955fcc21039f02eee8b2b19c4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to