[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 3 21:56:50 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12197309 by Salvatore Bonaccorso at 2024-07-03T22:56:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2024-6488
 	REJECTED
 CVE-2024-6471 (A vulnerability classified as critical has been found in SourceCodeste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Tours & Travels Management
 CVE-2024-6470 (A vulnerability was found in playSMS 1.4.3. It has been rated as probl ...)
-	TODO: check
+	NOT-FOR-US: playSMS
 CVE-2024-6469 (A vulnerability was found in playSMS 1.4.3. It has been declared as pr ...)
-	TODO: check
+	NOT-FOR-US: playSMS
 CVE-2024-6428 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9. ...)
 	TODO: check
 CVE-2024-6427 (Uncontrolled Resource Consumption vulnerability in MESbook20221021.03  ...)
-	TODO: check
+	NOT-FOR-US: MESbook
 CVE-2024-6426 (Information exposure vulnerability in MESbook 20221021.03 version, the ...)
-	TODO: check
+	NOT-FOR-US: MESbook
 CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an authentic ...)
 	TODO: check
 CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...)
 	TODO: check
 CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
-	TODO: check
+	NOT-FOR-US: stitionai/devika
 CVE-2024-5821 (Improper Access Control in stitionai/devika)
-	TODO: check
+	NOT-FOR-US: stitionai/devika
 CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system commands ...)
 	TODO: check
 CVE-2024-3332 (A malicious BLE device can send a specific order of packet sequence to ...)
@@ -29,37 +29,37 @@ CVE-2024-39830 (Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6
 CVE-2024-39807 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0fail to properly sanitize  ...)
 	TODO: check
 CVE-2024-39683 (ZITADEL is an open-source identity infrastructure tool. ZITADEL provid ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2024-39361 (Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= ...)
 	TODO: check
 CVE-2024-39353 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the Remo ...)
 	TODO: check
 CVE-2024-39248 (A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows atta ...)
-	TODO: check
+	NOT-FOR-US: SimpCMS
 CVE-2024-39223 (An authentication bypass in the SSH service of gost v2.11.5 allows att ...)
 	TODO: check
 CVE-2024-39220 (BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, ...)
-	TODO: check
+	NOT-FOR-US: BAS-IP
 CVE-2024-37726 (Insecure Permissions vulnerability in Micro-Star International Co., Lt ...)
-	TODO: check
+	NOT-FOR-US: Micro-Star International Co. Ltd MSI Center
 CVE-2024-37157 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-36257 (Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,when using shared channel ...)
 	TODO: check
 CVE-2024-36122 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-36113 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-35234 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-35227 (Discourse is an open-source discussion platform. Prior to version 3.2. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-34750 (Improper Handling of Exceptional Conditions, Uncontrolled Resource Con ...)
 	TODO: check
 CVE-2024-32937 (An os command injection vulnerability exists in the CWMP SelfDefinedTi ...)
-	TODO: check
+	NOT-FOR-US: Grandstream GXP2135
 CVE-2024-31223 (Fides is an open-source privacy engineering platform, and `SERVER_SIDE ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2024-29511 (Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, ha ...)
 	TODO: check
 CVE-2024-29509 (Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFP ...)
@@ -163,7 +163,7 @@ CVE-2024-4467 (A flaw was found in the QEMU disk image utility (qemu-img) 'info'
 CVE-2024-4268 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3826 (In versions of Akana in versions prior to and including 2022.1.3 valid ...)
-	TODO: check
+	NOT-FOR-US: Akana
 CVE-2024-39894 (OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks aga ...)
 	- openssh <unfixed>
 	[bookworm] - openssh <not-affected> (Vulnerable code not present)
@@ -187,7 +187,7 @@ CVE-2024-39119 (idccms v1.35 was discovered to contain a Cross-Site Request Forg
 CVE-2024-38857 (Improper neutralization of input in Checkmk before versions 2.3.0p8, 2 ...)
 	TODO: check
 CVE-2024-38537 (Fides is an open-source privacy engineering platform. `fides.js`, a cl ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2024-38519 (`yt-dlp` is a command-line audio/video downloader. Prior to version 20 ...)
 	- yt-dlp 2024.07.01-1 (unimportant)
 	NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j
@@ -195,57 +195,57 @@ CVE-2024-38519 (`yt-dlp` is a command-line audio/video downloader. Prior to vers
 	NOTE: https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp/
 	NOTE: Exploitable issue under Windows
 CVE-2024-37185 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-37077 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-37030 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-36404 (GeoTools is an open source Java library that provides tools for geospa ...)
 	TODO: check
 CVE-2024-36278 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-36260 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-36243 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-34601 (Improper verification of intent by broadcast receiver vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34600 (Improper verification of intent by broadcast receiver vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34599 (Improper input validation in Tips prior to version 6.2.9.4 in Android  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34597 (Improper input validation in Samsung Health prior to version 6.27.0.11 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34596 (Improper authentication in SmartThings prior to version 1.8.17 allows  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34595 (Improper access control in clickAdapterItem of SystemUI prior to SMR J ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34594 (Exposure of sensitive information in proc file system prior to SMR Jul ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34593 (Improper input validation in parsing and distributing RTCP packet in l ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34592 (Improper input validation in parsing RTCP SDES packet in librtp.so pri ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34591 (Improper input validation in parsing an item data from RTCP SDES packe ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34590 (Improper input validation\ud63bin parsing an item type from RTCP SDES  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34589 (Improper input validation in parsing RTCP RR packet in librtp.so prior ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34588 (Improper input validation\ud63bin parsing RTCP SR packet in librtp.so  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34587 (Improper input validation in parsing application information from RTCP ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34586 (Improper access control in KnoxCustomManagerService prior to SMR Jul-2 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34585 (Improper access control in launchApp of SystemUI prior to SMR Jul-2024 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34584 (Improper privilege management in SumeNNService prior to SMR Jul-2024 R ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34583 (Improper access control in system property prior to SMR Jul-2024 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34122 (Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an ...)
-	TODO: check
+	NOT-FOR-US: Acrobat for Edge
 CVE-2024-32932 (Under certain circumstances the web interface users credentials may be ...)
 	TODO: check
 CVE-2024-32757 (Under certain circumstances unnecessary user details are provided with ...)
@@ -255,7 +255,7 @@ CVE-2024-32756 (Under certain circumstances the Linux users credentials may be r
 CVE-2024-32755 (Under certain circumstances the web interface will accept characters u ...)
 	TODO: check
 CVE-2024-31071 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-26314 (Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0  ...)
 	TODO: check
 CVE-2024-25088 (Improper privilege management in Jungo WinDriver before 12.5.1 allows  ...)
@@ -357,11 +357,11 @@ CVE-2024-39309 (Parse Server is an open source backend that can be deployed to a
 CVE-2024-39305 (Envoy is a cloud-native, open source edge and service proxy. Prior to  ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2024-38368 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...)
-	TODO: check
+	NOT-FOR-US: trunk.cocoapods.org authentication server for the CoacoaPods dependency manager
 CVE-2024-38367 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...)
-	TODO: check
+	NOT-FOR-US: trunk.cocoapods.org authentication server for the CoacoaPods dependency manager
 CVE-2024-38366 (trunk.cocoapods.org is the authentication server for the CoacoaPods de ...)
-	TODO: check
+	NOT-FOR-US: trunk.cocoapods.org authentication server for the CoacoaPods dependency manager
 CVE-2024-37765 (Machform up to version 19 is affected by an authenticated Blind SQL in ...)
 	NOT-FOR-US: Machform
 CVE-2024-37764 (MachForm up to version 19 is affected by an authenticated stored cross ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12197309541c61c97f0f6c3a3af7bec7701dd779

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12197309541c61c97f0f6c3a3af7bec7701dd779
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240703/69fc25b9/attachment.htm>

More information about the debian-security-tracker-commits mailing list