[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 8 21:55:02 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65279530 by Salvatore Bonaccorso at 2024-08-08T22:54:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106,7 +106,7 @@ CVE-2024-3958 (An issue has been discovered in GitLab CE/EE affecting all versio
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/456988
 	NOTE: https://hackerone.com/reports/2437784
 CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: KAON AR2140 routers
 CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
 	- gitlab <unfixed>
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/452547
@@ -120,31 +120,31 @@ CVE-2024-39815 (Improper check or handling of exceptional conditions vulnerabili
 CVE-2024-39791 (Stack-based buffer overflow vulnerabilities affecting Vonets        in ...)
 	NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge repeaters
 CVE-2024-39287 (Dorsett Controls Central Server update server has potential informatio ...)
-	TODO: check
+	NOT-FOR-US: Dorsett Controls Central Server
 CVE-2024-37382 (An issue discovered in import host feature in Ab Initio Metadata Hub a ...)
-	TODO: check
+	NOT-FOR-US: Ab Initio Metadata Hub and Authorization Gateway
 CVE-2024-37023 (Multiple OS command injection vulnerabilities affecting Vonets    indu ...)
-	TODO: check
+	NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge repeaters
 CVE-2024-2800 (ReDoS flaw in RefMatcher when matching branch names using wildcards in ...)
 	- gitlab <unfixed>
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/451293
 	NOTE: https://hackerone.com/reports/2416332
 CVE-2024-29082 (Improper access control vulnerability affecting Vonets   industrial wi ...)
-	TODO: check
+	NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge repeaters
 CVE-2024-0108 (NVIDIA Jetson Linux contains a vulnerability in NvGPU where error hand ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Jetson Linux
 CVE-2024-0107 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA GPU Display Driver for Windows
 CVE-2024-0104 (NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a v ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC
 CVE-2024-0101 (NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a v ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC
 CVE-2023-7265 (Permission verification vulnerability in the lock screen module Impact ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2023-40261 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0  ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-33206 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0  ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2024-7348 (Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ...)
 	- postgresql-16 16.4-1
 	- postgresql-15 <removed>
@@ -104661,7 +104661,7 @@ CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allo
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 CVE-2023-28865 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0  ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker to expl ...)
 	- chef <removed>
 	[buster] - chef <not-affected> (chef package does not include upstream chef-server)
@@ -119481,11 +119481,11 @@ CVE-2023-24066
 CVE-2023-24065 (NOSH 4a5cfdb allows stored XSS via the create user page. For example,  ...)
 	NOT-FOR-US: NOSH
 CVE-2023-24064 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-24063 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails t ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-24062 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0  ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-24061
 	RESERVED
 CVE-2023-24060 (Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[u ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6527953076fe08a35f9a4b281c6601afafd99167

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6527953076fe08a35f9a4b281c6601afafd99167
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240808/313a3324/attachment.htm>

More information about the debian-security-tracker-commits mailing list