[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) Tue, 13 Feb 2024 00:22:15 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9baa3dae by Salvatore Bonaccorso at 2024-02-13T09:21:13+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone 
SMTP Ma ...)
        TODO: check
 CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does 
not perfor ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud 
Connector - ver ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction 
ID's when r ...)
        TODO: check
 CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 
leaks infor ...)
@@ -27,15 +27,15 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF) 
vulnerability in Yannick Lefeb
 CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, 
writing,  ...)
        TODO: check
 CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 
7.50, allows ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104, 
S4FND 1 ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-24741 (SAP Master Data Governance for Material Data - versions 618, 
619, 620, ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 
7.53, KERNEL ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user 
with re ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and 
'/admin/aq ...)
        TODO: check
 CVE-2024-23833 (OpenRefine is a free, open source power tool for working with 
messy da ...)
@@ -75,17 +75,17 @@ CVE-2024-22222 (Dell Unity, versions prior to 5.4, contains 
an OS Command Inject
 CVE-2024-22221 (Dell Unity, versions prior to 5.4, contains SQL Injection 
vulnerabilit ...)
        TODO: check
 CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution 
of arbitr ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-22131 (In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 
740, 750 ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-22130 (Print preview option inSAP CRM WebClient UI - versions S4FND 
102, S4FN ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-22129 (SAP Companion - version <3.1.38, has a URL with parameter that 
could b ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-22128 (SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 
756, SAP_U ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-22126 (The User Admin application of SAP NetWeaver AS for Java - 
version 7.50 ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-22024 (An XML external entity or XXE vulnerability in the SAML 
component of I ...)
        TODO: check
 CVE-2024-21491 (Versions of the package svix before 1.17.0 are vulnerable to 
Authentic ...)
@@ -102681,7 +102681,7 @@ CVE-2020-36601 (Out-of-bounds write vulnerability in 
the kernel modules. Success
 CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption 
module. Suc ...)
        NOT-FOR-US: Huawei
 CVE-2022-38714 (IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores 
sensitive cr ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-38713
        RESERVED
 CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web 
services  ...)
@@ -115121,11 +115121,11 @@ CVE-2022-34313 (IBM CICS TX 11.1 does not set the 
secure attribute on authorizat
 CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which 
can be re ...)
        NOT-FOR-US: IBM
 CVE-2022-34311 (IBM CICS TX Standard and Advanced 11.1 could allow a user with 
physica ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-34310 (IBM CICS TX Standard and Advanced 11.1 uses weaker than 
expected crypt ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-34309 (IBM CICS TX Standard and Advanced 11.1 uses weaker than 
expected crypt ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of 
service ...)
        NOT-FOR-US: IBM
 CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on 
authorization to ...)
@@ -151406,7 +151406,7 @@ CVE-2022-22508 (Improper Input Validation 
vulnerability in multiple CODESYS V3 p
 CVE-2022-22507
        REJECTED
 CVE-2022-22506 (IBM Robotic Process Automation 21.0.2 contains a vulnerability 
that co ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2022-22505 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 
contains a v ...)
        NOT-FOR-US: IBM
 CVE-2022-22504



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9baa3dae6935ec67e2056402ea97be99ff490418

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9baa3dae6935ec67e2056402ea97be99ff490418
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to