[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 02 Feb 2024 01:52:12 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b97f017a by Salvatore Bonaccorso at 2024-02-02T10:51:35+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -121,43 +121,43 @@ CVE-2023-50326 (IBM PowerSC 1.3, 2.0, and 2.1 uses an 
inadequate account lockout
 CVE-2023-4472 (Objectplanet Opinio version 7.22 and prior uses a 
cryptographically we ...)
        TODO: check
 CVE-2023-49617 (The MachineSense application programmable interface (API) is 
improperl ...)
-       TODO: check
+       NOT-FOR-US: MachineSense
 CVE-2023-49610 (MachineSense FeverWarn Raspberry Pi-based devices lack input 
sanitizat ...)
-       TODO: check
+       NOT-FOR-US: MachineSense
 CVE-2023-49118 (in OpenHarmony v3.2.4 and prior versions allow a local 
attacker causes ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2023-49115 (MachineSense devices use unauthenticated MQTT messaging to 
monitor dev ...)
-       TODO: check
+       NOT-FOR-US: MachineSense
 CVE-2023-48793 (Zoho ManageEngine ADAudit Plus through 7250 allows SQL 
Injection in th ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine ADAudit Plus
 CVE-2023-48792 (Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine ADAudit Plus
 CVE-2023-47867 (MachineSense FeverWarn devices are configured as Wi-Fi hosts 
in a way  ...)
-       TODO: check
+       NOT-FOR-US: MachineSense
 CVE-2023-47257 (ConnectWise ScreenConnect through 23.8.4 allows 
man-in-the-middle atta ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise ScreenConnect
 CVE-2023-47256 (ConnectWise ScreenConnect through 23.8.4 allows local users to 
connect ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise ScreenConnect
 CVE-2023-46706 (Multiple MachineSense devices have credentials unable to be 
changed by ...)
-       TODO: check
+       NOT-FOR-US: MachineSense
 CVE-2023-46344 (A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, 
and pos ...)
-       TODO: check
+       NOT-FOR-US: Solar-Log Base 15 Firmware
 CVE-2023-46159 (IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an 
authenticated  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-45734 (in OpenHarmony v3.2.4 and prior versions allow an adjacent 
attacker ar ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2023-43756 (in OpenHarmony v3.2.4 and prior versions allow a local 
attacker causes ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2023-38263 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-38020 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-38019 (IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a 
remote atta ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-36496 (Delegated Admin Privilege virtual attribute provider plugin, 
when enab ...)
        TODO: check
 CVE-2023-32333 (IBM Maximo Asset Management 7.6.1.3 could allow a remote 
attacker to l ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-24754 (Bref enable serverless PHP on AWS Lambda. When Bref is used 
with the E ...)
        NOT-FOR-US: Bref
 CVE-2024-24753 (Bref enable serverless PHP on AWS Lambda. When Bref is used in 
combina ...)
@@ -212,7 +212,7 @@ CVE-2024-0935 (An insertion of Sensitive Information into 
Log File vulnerability
 CVE-2024-0704
        REJECTED
 CVE-2023-6078 (An OS Command Injection vulnerability exists in BIOVIA 
Materials Studi ...)
-       TODO: check
+       NOT-FOR-US: BIOVIA Materials Studio products
 CVE-2023-5841 (Due to a failure in validating the number of scanline samples 
of a Ope ...)
        TODO: check
 CVE-2023-52195 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -450,7 +450,7 @@ CVE-2024-0589 (Cross-site scripting (XSS) vulnerability in 
the entry overview ta
 CVE-2024-0219 (In Telerik JustDecompile versions prior to 2024 R1, a privilege 
elevat ...)
        NOT-FOR-US: Telerik
 CVE-2023-7043 (Unquoted service path in ESET products allows to   drop a 
prepared pro ...)
-       TODO: check
+       NOT-FOR-US: ESET
 CVE-2023-5390 (An attacker could potentially exploit this vulnerability, 
leading to f ...)
        NOT-FOR-US: Honeywell
 CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1 
ASP webs ...)
@@ -95266,7 +95266,7 @@ CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 
and 1.1.4.3 through 1.1.
 CVE-2022-40745
        RESERVED
 CVE-2022-40744 (IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site 
scripting.  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin 
in Apach ...)
        - trafficserver 9.1.4+ds-1
        [bullseye] - trafficserver <not-affected> (Vulnerable code not present)
@@ -216370,9 +216370,9 @@ CVE-2021-22284 (Incorrect Permission Assignment for 
Critical Resource vulnerabil
 CVE-2021-22283 (Improper Initialization vulnerability in ABB Relion protection 
relays  ...)
        NOT-FOR-US: ABB
 CVE-2021-22282 (Improper copy algorithm in the project extraction component in 
B&R Aut ...)
-       TODO: check
+       NOT-FOR-US: B&R Industrial Automation Automation Studio
 CVE-2021-22281 (: Relative Path Traversal vulnerability in B&R Industrial 
Automation A ...)
-       TODO: check
+       NOT-FOR-US: B&R Industrial Automation Automation Studio
 CVE-2021-22280
        RESERVED
 CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the 
OmniCore r ...)
@@ -242636,9 +242636,9 @@ CVE-2020-24684
 CVE-2020-24683 (The affected versions of S+ Operations (version 2.1 SP1 and 
earlier) u ...)
        NOT-FOR-US: ABB
 CVE-2020-24682 (Unquoted Search Path or Element vulnerability in B&R 
Industrial Automa ...)
-       TODO: check
+       NOT-FOR-US: B&R Industrial Automation Automation Studio
 CVE-2020-24681 (Incorrect Permission Assignment for Critical Resource 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: B&R Industrial Automation Automation Studio
 CVE-2020-24680 (In S+ Operations and S+ Historian, the passwords of internal 
users (no ...)
        NOT-FOR-US: ABB
 CVE-2020-24679 (A S+ Operations and S+ Historian service is subject to a DoS 
by specia ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97f017ab1db78a7c2f82693a726c6ab2c74faaf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97f017ab1db78a7c2f82693a726c6ab2c74faaf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to