[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 14 09:46:15 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec4e195b by Salvatore Bonaccorso at 2024-08-14T10:45:32+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
 CVE-2024-7754 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Clinics Patient Management System
 CVE-2024-7753 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Clinics Patient Management System
 CVE-2024-7752 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Clinics Patient Management System
 CVE-2024-7751 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Clinics Patient Management System
 CVE-2024-7750 (A vulnerability has been found in SourceCodester Clinics Patient Manag ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Clinics Patient Management System
 CVE-2024-7749 (A vulnerability, which was classified as problematic, was found in Sou ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Accounts Manager App
 CVE-2024-7748 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Accounts Manager App
 CVE-2024-7743 (A vulnerability was found in wanglongcn ltcms 1.0.20. It has been decl ...)
-	TODO: check
+	NOT-FOR-US: wanglongcn ltcms
 CVE-2024-7742 (A vulnerability was found in wanglongcn ltcms 1.0.20. It has been clas ...)
-	TODO: check
+	NOT-FOR-US: wanglongcn ltcms
 CVE-2024-7732 (Dr.ID Access Control System from SECOM does not properly validate a sp ...)
-	TODO: check
+	NOT-FOR-US: Dr.ID Access Control System from SECOM
 CVE-2024-7731 (Dr.ID Access Control System from SECOM does not properly validate a sp ...)
-	TODO: check
+	NOT-FOR-US: Dr.ID Access Control System from SECOM
 CVE-2024-7729 (The CAYIN Technology CMS lacks proper access control, allowing unauthe ...)
-	TODO: check
+	NOT-FOR-US: CAYIN Technology CMS
 CVE-2024-7728 (The specific CGI of the CAYIN Technology CMS does not properly validat ...)
-	TODO: check
+	NOT-FOR-US: CAYIN Technology CMS
 CVE-2024-7588 (The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-38653 (XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote una ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-38652 (Path traversal in the skin management component of Ivanti Avalanche 6. ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-38163 (Windows Update Stack Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-37399 (A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6 ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-37373 (Improper input validation in the Central Filestore in Ivanti Avalanche ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-36136 (An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 all ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-28986 (SolarWinds Web Help Desk was found to be susceptible to a Java Deseria ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2024-20083 (In venc, there is a possible out of bounds write due to a missing boun ...)
-	TODO: check
+	NOT-FOR-US: Mediatek
 CVE-2024-20082 (In Modem, there is a possible memory corruption due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: Mediatek
 CVE-2024-7730
 	- qemu <unfixed>
 	NOTE: https://lore.kernel.org/qemu-devel/virtio-snd-fuzz-2427-fix-v1-manos.pitsidianakis@linaro.org/
@@ -326,19 +326,19 @@ CVE-2024-37287 (A flaw allowing arbitrary code execution was discovered in Kiban
 CVE-2024-37015 (An issue was discovered in Ada Web Server 20.0. When configured to use ...)
 	TODO: check
 CVE-2024-36505 (An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 th ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2024-36446 (The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2024-35124 (A vulnerability in the combination of the OpenBMC's FW1050.00 through  ...)
 	NOT-FOR-US: IBM
 CVE-2024-2259 (This vulnerability exists in InstaRISPACS software due to insufficient ...)
 	TODO: check
 CVE-2024-29995 (Windows Kerberos Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-21981 (Improper key usage control in AMD Secure Processor (ASP) may allow an  ...)
 	TODO: check
 CVE-2024-21757 (A unverified password change in Fortinet FortiManager versions 7.0.0 t ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-31366 (Improper input validation in AMD \u03bcProf could allow an attacker to ...)
 	TODO: check
 CVE-2023-31356 (Incomplete system memory cleanup in SEV firmware could allow a privile ...)
@@ -113969,7 +113969,7 @@ CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before 8
 CVE-2023-26212
 	RESERVED
 CVE-2023-26211 (An improper neutralization of input during web page generation ('cross ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-26210 (Multiple improper neutralization of special elements used in an os com ...)
 	NOT-FOR-US: Fortinet
 CVE-2023-26209 (A improper restriction of excessive authentication attempts vulnerabil ...)
@@ -135182,7 +135182,7 @@ CVE-2022-45864
 CVE-2022-45863
 	RESERVED
 CVE-2022-45862 (An insufficient session expiration vulnerability [CWE-613] vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL  ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-45860 (A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7 ...)
@@ -189899,7 +189899,7 @@ CVE-2022-27488 (A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterp
 CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-27486 (A improper neutralization of special elements used in an os command (' ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-27485 (A improper neutralization of special elements used in an sql command ( ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0 throug ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec4e195b91266ada0191c1e92bcf51e1ccc7a221

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec4e195b91266ada0191c1e92bcf51e1ccc7a221
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240814/66d11217/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list