[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 14 09:46:15 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ec4e195b by Salvatore Bonaccorso at 2024-08-14T10:45:32+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
CVE-2024-7754 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7753 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7752 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7751 (A vulnerability was found in SourceCodester Clinics Patient Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7750 (A vulnerability has been found in SourceCodester Clinics Patient Manag ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Clinics Patient Management System
CVE-2024-7749 (A vulnerability, which was classified as problematic, was found in Sou ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Accounts Manager App
CVE-2024-7748 (A vulnerability, which was classified as critical, has been found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Accounts Manager App
CVE-2024-7743 (A vulnerability was found in wanglongcn ltcms 1.0.20. It has been decl ...)
- TODO: check
+ NOT-FOR-US: wanglongcn ltcms
CVE-2024-7742 (A vulnerability was found in wanglongcn ltcms 1.0.20. It has been clas ...)
- TODO: check
+ NOT-FOR-US: wanglongcn ltcms
CVE-2024-7732 (Dr.ID Access Control System from SECOM does not properly validate a sp ...)
- TODO: check
+ NOT-FOR-US: Dr.ID Access Control System from SECOM
CVE-2024-7731 (Dr.ID Access Control System from SECOM does not properly validate a sp ...)
- TODO: check
+ NOT-FOR-US: Dr.ID Access Control System from SECOM
CVE-2024-7729 (The CAYIN Technology CMS lacks proper access control, allowing unauthe ...)
- TODO: check
+ NOT-FOR-US: CAYIN Technology CMS
CVE-2024-7728 (The specific CGI of the CAYIN Technology CMS does not properly validat ...)
- TODO: check
+ NOT-FOR-US: CAYIN Technology CMS
CVE-2024-7588 (The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38653 (XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote una ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38652 (Path traversal in the skin management component of Ivanti Avalanche 6. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38163 (Windows Update Stack Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37399 (A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37373 (Improper input validation in the Central Filestore in Ivanti Avalanche ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-36136 (An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 all ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28986 (SolarWinds Web Help Desk was found to be susceptible to a Java Deseria ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-20083 (In venc, there is a possible out of bounds write due to a missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20082 (In Modem, there is a possible memory corruption due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-7730
- qemu <unfixed>
NOTE: https://lore.kernel.org/qemu-devel/virtio-snd-fuzz-2427-fix-v1-manos.pitsidianakis@linaro.org/
@@ -326,19 +326,19 @@ CVE-2024-37287 (A flaw allowing arbitrary code execution was discovered in Kiban
CVE-2024-37015 (An issue was discovered in Ada Web Server 20.0. When configured to use ...)
TODO: check
CVE-2024-36505 (An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 th ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-36446 (The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2024-35124 (A vulnerability in the combination of the OpenBMC's FW1050.00 through ...)
NOT-FOR-US: IBM
CVE-2024-2259 (This vulnerability exists in InstaRISPACS software due to insufficient ...)
TODO: check
CVE-2024-29995 (Windows Kerberos Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21981 (Improper key usage control in AMD Secure Processor (ASP) may allow an ...)
TODO: check
CVE-2024-21757 (A unverified password change in Fortinet FortiManager versions 7.0.0 t ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-31366 (Improper input validation in AMD \u03bcProf could allow an attacker to ...)
TODO: check
CVE-2023-31356 (Incomplete system memory cleanup in SEV firmware could allow a privile ...)
@@ -113969,7 +113969,7 @@ CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before 8
CVE-2023-26212
RESERVED
CVE-2023-26211 (An improper neutralization of input during web page generation ('cross ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-26210 (Multiple improper neutralization of special elements used in an os com ...)
NOT-FOR-US: Fortinet
CVE-2023-26209 (A improper restriction of excessive authentication attempts vulnerabil ...)
@@ -135182,7 +135182,7 @@ CVE-2022-45864
CVE-2022-45863
RESERVED
CVE-2022-45862 (An insufficient session expiration vulnerability [CWE-613] vulnerabili ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL ...)
NOT-FOR-US: Fortinet
CVE-2022-45860 (A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7 ...)
@@ -189899,7 +189899,7 @@ CVE-2022-27488 (A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterp
CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...)
NOT-FOR-US: Fortinet
CVE-2022-27486 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-27485 (A improper neutralization of special elements used in an sql command ( ...)
NOT-FOR-US: Fortinet
CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0 throug ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec4e195b91266ada0191c1e92bcf51e1ccc7a221
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec4e195b91266ada0191c1e92bcf51e1ccc7a221
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240814/66d11217/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list