[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 23 Feb 2024 00:40:05 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4f271358 by Moritz Muehlenhoff at 2024-02-23T09:38:16+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,32 @@
+CVE-2024-23807
+       NOTE: No change CVE assignment to clarify affected versions for 
CVE-2018-1311
+       NOTE: Debian was already correct
 CVE-2024-26445 (flusity-CMS v2.33 was discovered to contain a Cross-Site 
Request Forge ...)
-       TODO: check
+       NOT-FOR-US: flusity-CMS
 CVE-2024-26352 (flusity-CMS v2.33 was discovered to contain a Cross-Site 
Request Forge ...)
-       TODO: check
+       NOT-FOR-US: flusity-CMS
 CVE-2024-26351 (flusity-CMS v2.33 was discovered to contain a Cross-Site 
Request Forge ...)
-       TODO: check
+       NOT-FOR-US: flusity-CMS
 CVE-2024-26350 (flusity-CMS v2.33 was discovered to contain a Cross-Site 
Request Forge ...)
-       TODO: check
+       NOT-FOR-US: flusity-CMS
 CVE-2024-26349 (flusity-CMS v2.33 was discovered to contain a Cross-Site 
Request Forge ...)
-       TODO: check
+       NOT-FOR-US: flusity-CMS
 CVE-2024-26287
        REJECTED
 CVE-2024-26284 (Utilizing a 302 redirect, an attacker could have conducted a 
Universal ...)
-       TODO: check
+       NOT-FOR-US: Mozilla Firefox Focus
 CVE-2024-26283 (An attacker could have executed unauthorized scripts on top 
origin sit ...)
-       TODO: check
+       - firefox <not-affected> (iOS-specific)
 CVE-2024-26282 (Using an AMP url with a canonical element, an attacker could 
have exec ...)
-       TODO: check
+       - firefox <not-affected> (iOS-specific)
 CVE-2024-26281 (Upon scanning a JavaScript URI with the QR code scanner, an 
attacker c ...)
-       TODO: check
+       - firefox <not-affected> (iOS-specific)
 CVE-2024-26152 (### Summary On all Label Studio versions prior to 1.11.0, data 
importe ...)
-       TODO: check
+       - label-studio <itp> (bug #1026232)
 CVE-2024-26151 (The `mjml` PyPI package, found at the 
`FelixSchwarz/mjml-python` GitHu ...)
-       TODO: check
+       NOT-FOR-US: mjml Python package
 CVE-2024-26128 (baserCMS is a website development framework. Prior to version 
5.0.9, t ...)
-       TODO: check
+       NOT-FOR-US: baserCMS
 CVE-2024-25876 (A cross-site scripting (XSS) vulnerability in the Header 
module of Enh ...)
        TODO: check
 CVE-2024-25875 (A cross-site scripting (XSS) vulnerability in the Header 
module of Enh ...)
@@ -287,17 +290,17 @@ CVE-2024-0903 (The User Feedback \u2013 Create 
Interactive Feedback Form, User S
 CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in 
ASMKER ...)
        NOT-FOR-US: Autodesk
 CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in 
PMB 7.4. ...)
-       TODO: check
+       NOT-FOR-US: PMB
 CVE-2023-52154 (File Upload vulnerability in pmb/camera_upload.php in PMB 
7.4.7 and ea ...)
-       TODO: check
+       NOT-FOR-US: PMB
 CVE-2023-52153 (A SQL Injection vulnerability in 
/pmb/opac_css/includes/sessions.inc.p ...)
-       TODO: check
+       NOT-FOR-US: PMB
 CVE-2023-51828 (A SQL Injection vulnerability in 
/admin/convert/export.class.php in PM ...)
-       TODO: check
+       NOT-FOR-US: PMB
 CVE-2023-38844 (SQL injection vulnerability in PMB v.7.4.7 and earlier allows 
a remote ...)
-       TODO: check
+       NOT-FOR-US: PMB
 CVE-2023-37177 (SQL Injection vulnerability in PMB Services PMB v.7.4.7 and 
before all ...)
-       TODO: check
+       NOT-FOR-US: PMB
 CVE-2024-26147 (Helm is a package manager for Charts for Kubernetes. Versions 
prior to ...)
        - helm-kubernetes <itp> (bug #910799)
 CVE-2024-1726
@@ -341,7 +344,7 @@ CVE-2024-25892 (ChurchCRM 5.5.0 ConfirmReport.php is 
vulnerable to Blind SQL Inj
 CVE-2024-25891 (ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL 
Injection ( ...)
        NOT-FOR-US: ChurchCRM
 CVE-2024-25461 (Directory Traversal vulnerability in Terrasoft, Creatio 
Terrasoft CRM  ...)
-       TODO: check
+       NOT-FOR-US: Terrasoft CRM
 CVE-2024-25381 (There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article 
Publish ...)
        NOT-FOR-US: Emlog Pro
 CVE-2024-25288 (SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is 
vulnerab ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2713588148776f18a0ba83251ba7c030dc0ddf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f2713588148776f18a0ba83251ba7c030dc0ddf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to