[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 22 22:00:13 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1f8c82f by Salvatore Bonaccorso at 2024-08-22T22:59:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,39 +39,39 @@ CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has
 CVE-2024-43331 (Missing Authorization vulnerability in VeronaLabs WP SMS.This issue af ...)
 	TODO: check
 CVE-2024-42776 (Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Acce ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42775 (An Incorrect Access Control vulnerability was found in /admin/add_room ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42774 (An Incorrect Access Control vulnerability was found in /admin/delete_r ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42773 (An Incorrect Access Control vulnerability was found in /admin/edit_roo ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42772 (An Incorrect Access Control vulnerability was found in /admin/rooms.ph ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42771 (A Stored Cross Site Scripting (XSS) vulnerability was found in " /admi ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42770 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/ ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42769 (A Reflected Cross Site Scripting (XSS) vulnerability was found in "/co ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42768 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipa ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42767 (Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted F ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Hotel Management System
 CVE-2024-42599 (SeaCMS 13.0 has a remote code execution vulnerability. The reason for  ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-42497 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0,  ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-42490 (authentik is an open-source Identity Provider. Several API endpoints c ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2024-42418 (Avtec Outpost uses a default cryptographic key that can be used to dec ...)
-	TODO: check
+	NOT-FOR-US: Avtec Outpost
 CVE-2024-40884 (Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly  ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-3127 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	TODO: check
 CVE-2024-39776 (Avtec Outpost stores sensitive information in an insecure location wit ...)
-	TODO: check
+	NOT-FOR-US: Avtec Outpost
 CVE-2024-39746 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could  ...)
 	NOT-FOR-US: IBM
 CVE-2024-39745 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses w ...)
@@ -79,21 +79,21 @@ CVE-2024-39745 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3
 CVE-2024-39744 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vul ...)
 	NOT-FOR-US: IBM
 CVE-2024-39717 (The Versa Director GUI provides an option to customize the look and fe ...)
-	TODO: check
+	NOT-FOR-US: Versa Director GUI
 CVE-2024-36445 (Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a ro ...)
-	TODO: check
+	NOT-FOR-US: Swissphone DiCal-RED 4009 devices
 CVE-2024-36444 (cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an ...)
-	TODO: check
+	NOT-FOR-US: Swissphone DiCal-RED 4009 devices
 CVE-2024-36443 (Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read ...)
-	TODO: check
+	NOT-FOR-US: Swissphone DiCal-RED 4009 devices
 CVE-2024-36442 (cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an ...)
-	TODO: check
+	NOT-FOR-US: Swissphone DiCal-RED 4009 devices
 CVE-2024-36441 (Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker us ...)
-	TODO: check
+	NOT-FOR-US: Swissphone DiCal-RED 4009 devices
 CVE-2024-36440 (An issue was discovered on Swissphone DiCal-RED 4009 devices. An attac ...)
-	TODO: check
+	NOT-FOR-US: Swissphone DiCal-RED 4009 devices
 CVE-2024-36439 (Swissphone DiCal-RED 4009 devices allow a remote attacker to gain acce ...)
-	TODO: check
+	NOT-FOR-US: Swissphone DiCal-RED 4009 devices
 CVE-2024-35151 (IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users  ...)
 	NOT-FOR-US: IBM
 CVE-2023-6452 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1f8c82fbe788a09e1197412a3d8d982a7484afb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1f8c82fbe788a09e1197412a3d8d982a7484afb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240822/ee5955ff/attachment.htm>

More information about the debian-security-tracker-commits mailing list