[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 27 06:25:09 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a75a6b3f by Salvatore Bonaccorso at 2024-08-27T07:24:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2024-7988 (A remote code execution vulnerability exists in the Rockwell Auto
 CVE-2024-7987 (A remote code execution vulnerability exists in the Rockwell Automatio ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-7401 (Netskope was notified about a security gap in Netskope Client enrollme ...)
-	TODO: check
+	NOT-FOR-US: Netskope
 CVE-2024-7313 (The Shield Security  WordPress plugin before 20.0.6 does not sanitise  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6879 (The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.1 fails  ...)
@@ -59,21 +59,21 @@ CVE-2024-6879 (The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.1 f
 CVE-2024-45265 (A SQL injection vulnerability in the poll component in SkySystem Arfa- ...)
 	NOT-FOR-US: SkySystem Arfa-CMS
 CVE-2024-45258 (The req package before 3.43.4 for Go may send an unintended request wh ...)
-	TODO: check
+	NOT-FOR-US: imroc/req
 CVE-2024-45256 (An arbitrary file write issue in the exfiltration endpoint in BYOB (Bu ...)
-	TODO: check
+	NOT-FOR-US: BYOB (Build Your Own Botnet)
 CVE-2024-45241 (A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf ...)
 	NOT-FOR-US: CentralSquare CryWolf (False Alarm Management)
 CVE-2024-44797 (A cross-site scripting (XSS) vulnerability in the component /managers/ ...)
-	TODO: check
+	NOT-FOR-US: Gazelle torrent tracker
 CVE-2024-44796 (A cross-site scripting (XSS) vulnerability in the component /auth/Azur ...)
-	TODO: check
+	NOT-FOR-US: Gazelle torrent tracker
 CVE-2024-44795 (A cross-site scripting (XSS) vulnerability in the component /login/dis ...)
-	TODO: check
+	NOT-FOR-US: Gazelle torrent tracker
 CVE-2024-44794 (A cross-site scripting (XSS) vulnerability in the component /master/au ...)
-	TODO: check
+	NOT-FOR-US: PicUploader
 CVE-2024-44793 (A cross-site scripting (XSS) vulnerability in the component /managers/ ...)
-	TODO: check
+	NOT-FOR-US: Gazelle torrent tracker
 CVE-2024-44565 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName par ...)
 	NOT-FOR-US: Tenda
 CVE-2024-44563 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port  ...)
@@ -121,7 +121,7 @@ CVE-2024-43283 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 CVE-2024-42913 (RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerabili ...)
 	NOT-FOR-US: RuoYi CMS
 CVE-2024-42906 (TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2024-42818 (A cross-site scripting (XSS) vulnerability in the Config-Create functi ...)
 	TODO: check
 CVE-2024-42816 (A cross-site scripting (XSS) vulnerability in the Create Product funct ...)
@@ -147,13 +147,13 @@ CVE-2024-41444 (SeaCMS v12.9 has a SQL injection vulnerability in the key parame
 CVE-2024-41285 (A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows ...)
 	NOT-FOR-US: FAST FW300R
 CVE-2024-39097 (There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below v ...)
-	TODO: check
+	NOT-FOR-US: Gnuboard
 CVE-2024-38859 (XSS in the view page with the SLA column configured in Checkmk version ...)
 	TODO: check
 CVE-2024-34087 (An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24. ...)
-	TODO: check
+	NOT-FOR-US: BPQ32 HTTP Server in BPQ32
 CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet devices. S ...)
-	TODO: check
+	NOT-FOR-US: GL-iNet devices
 CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on Unix pla ...)
 	- apr <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
@@ -117229,7 +117229,7 @@ CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that could
 CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service Application pro ...)
 	NOT-FOR-US: Xiaomi
 CVE-2023-26315 (The Xiaomi router AX9000 has a post-authentication command injection v ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: MedData Informatics MedDataPACS
 CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a75a6b3fdc038d89fa1f16d734c247c0a0c44994

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a75a6b3fdc038d89fa1f16d734c247c0a0c44994
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240827/544d6c49/attachment.htm>

More information about the debian-security-tracker-commits mailing list