[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 12 21:21:33 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
434cf0f9 by Salvatore Bonaccorso at 2024-08-12T22:20:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,63 +1,63 @@
 CVE-2024-7700 (A command injection flaw was found in the "Host Init Config" template  ...)
 	TODO: check
 CVE-2024-7697 (Logical vulnerability in the mobile application (com.transsion.carlcar ...)
-	TODO: check
+	NOT-FOR-US: mobile application (com.transsion.carlcare)
 CVE-2024-6917 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Veribilim Software Veribase Order Management
 CVE-2024-6768 (A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, W ...)
 	TODO: check
 CVE-2024-6758 (Improper Privilege ManagementinSprecher Automation SPRECON-E below ver ...)
-	TODO: check
+	NOT-FOR-US: Sprecher Automation
 CVE-2024-6684 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: GST Electronics inohom Nova Panel N7
 CVE-2024-6639 (The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripti ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-42748 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42747 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42745 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42744 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42743 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42742 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42741 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42632 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42631 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42630 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42629 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42628 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42627 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42626 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42625 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42624 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42623 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
-	TODO: check
+	NOT-FOR-US: FrogCMS
 CVE-2024-42547 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerab ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42546 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerab ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42545 (TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42543 (TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42520 (TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulne ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-42489 (Pro Macros provides XWiki rendering macros. Missing escaping in the Vi ...)
-	TODO: check
+	NOT-FOR-US: XWiki Pro Macros
 CVE-2024-42485 (Filament Excel enables excel export for Filament admin resources. The  ...)
 	TODO: check
 CVE-2024-42482 (fish-shop/syntax-check is a GitHub action for syntax checking fish she ...)
@@ -65,13 +65,13 @@ CVE-2024-42482 (fish-shop/syntax-check is a GitHub action for syntax checking fi
 CVE-2024-42481 (Skyport Daemon (skyportd) is the daemon for the Skyport Panel. By maki ...)
 	TODO: check
 CVE-2024-42480 (Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions ...)
-	TODO: check
+	NOT-FOR-US: Kamaji
 CVE-2024-42479 (llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer m ...)
-	TODO: check
+	NOT-FOR-US: ggerganov/llama.cpp
 CVE-2024-42478 (llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer m ...)
-	TODO: check
+	NOT-FOR-US: ggerganov/llama.cpp
 CVE-2024-42477 (llama.cpp provides LLM inference in C/C++. The unsafe `type` member in ...)
-	TODO: check
+	NOT-FOR-US: ggerganov/llama.cpp
 CVE-2024-42474 (Streamlit is a data oriented application development framework for pyt ...)
 	TODO: check
 CVE-2024-42167 (The function "generate_app_certificates" in controllers/saml2/saml2.js ...)
@@ -87,9 +87,9 @@ CVE-2024-42163 (Insufficiently random values for generating password reset token
 CVE-2024-41909 (Like many other SSH implementations, Apache MINA SSHD suffered from th ...)
 	TODO: check
 CVE-2024-41710 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Serie ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2024-41651 (An issue in Prestashop v.8.1.7 and before allows a remote attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Prestashop
 CVE-2024-41475 (Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS mis ...)
 	TODO: check
 CVE-2024-40893 (Multiple authenticated operating system (OS) command injection vulnera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434cf0f92710d2e9a853da42ed5f7fc5cc74e705

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/434cf0f92710d2e9a853da42ed5f7fc5cc74e705
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240812/e74fc2be/attachment.htm>

More information about the debian-security-tracker-commits mailing list