[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 5 21:54:20 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec76c7c5 by Salvatore Bonaccorso at 2024-07-05T22:53:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2024-6526 (A vulnerability classified as problematic has been found in CodeIgnite ...)
 	TODO: check
 CVE-2024-6525 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-6524 (A vulnerability was found in ShopXO up to 6.1.0. It has been declared  ...)
-	TODO: check
+	NOT-FOR-US: ShopXO
 CVE-2024-6523 (A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been c ...)
-	TODO: check
+	NOT-FOR-US: ZKTeco BioTime
 CVE-2024-6505 (A flaw was found in the virtio-net device in QEMU. When enabling the R ...)
 	TODO: check
 CVE-2024-6298 (Improper Input Validation vulnerability in ABB ASPECT-Enterprise on Li ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2024-6209 (Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <= ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2024-5753 (vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some f ...)
-	TODO: check
+	NOT-FOR-US: vanna-ai/vanna
 CVE-2024-39864 (The CloudStack integration API service allows running its unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2024-39696 (Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos  ...)
-	TODO: check
+	NOT-FOR-US: Evmos
 CVE-2024-39691 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...)
 	TODO: check
 CVE-2024-39689 (Certifi is a curated collection of Root Certificates for validating th ...)
@@ -27,73 +27,73 @@ CVE-2024-39687 (Fedify is a TypeScript library for building federated server app
 CVE-2024-39321 (Traefik is an HTTP reverse proxy and load balancer. Versions prior to  ...)
 	TODO: check
 CVE-2024-39210 (Best House Rental Management System v1.0 was discovered to contain an  ...)
-	TODO: check
+	NOT-FOR-US: Best House Rental Management System
 CVE-2024-39178 (MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: MyPower vc8100 V100R001C00B030
 CVE-2024-39174 (A cross-site scripting (XSS) vulnerability in the Publish Article func ...)
-	TODO: check
+	NOT-FOR-US: yzmcms
 CVE-2024-39150 (vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a c ...)
-	TODO: check
+	NOT-FOR-US: vditor
 CVE-2024-39028 (An issue was discovered in SeaCMS <=12.9 which allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-39027 (SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vuln ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-39023 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-39022 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-39021 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-39020 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-39019 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-38346 (The CloudStack cluster service runs on unauthenticated port (default 9 ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2024-37903 (Mastodon is a self-hosted, federated microblogging platform. Starting  ...)
 	TODO: check
 CVE-2024-37769 (Insecure permissions in 14Finger v1.1 allow attackers to escalate priv ...)
-	TODO: check
+	NOT-FOR-US: 14Finger
 CVE-2024-37768 (14Finger v1.1 was discovered to contain an arbitrary user deletion vul ...)
-	TODO: check
+	NOT-FOR-US: 14Finger
 CVE-2024-37767 (Insecure permissions in the component /api/admin/user of 14Finger v1.1 ...)
-	TODO: check
+	NOT-FOR-US: 14Finger
 CVE-2024-34361 (Pi-hole is a DNS sinkhole that protects devices from unwanted content  ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole
 CVE-2024-29319 (Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Serve ...)
-	TODO: check
+	NOT-FOR-US: Volmarg Personal Management System
 CVE-2024-29318 (Volmarg Personal Management System 1.4.64 is vulnerable to stored cros ...)
-	TODO: check
+	NOT-FOR-US: Volmarg Personal Management System
 CVE-2024-27717 (Cross Site Request Forgery vulnerability in Eskooly Free Online School ...)
-	TODO: check
+	NOT-FOR-US: Eskooly Free Online School Management Software
 CVE-2024-27716 (Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and be ...)
-	TODO: check
+	NOT-FOR-US: Eskooly Web Product
 CVE-2024-27715 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
-	TODO: check
+	NOT-FOR-US: Eskooly Free Online School management Software
 CVE-2024-27713 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
-	TODO: check
+	NOT-FOR-US: Eskooly Free Online School management Software
 CVE-2024-27712 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
-	TODO: check
+	NOT-FOR-US: Eskooly Free Online School management Software
 CVE-2024-27711 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
-	TODO: check
+	NOT-FOR-US: Eskooly Free Online School management Software
 CVE-2024-27710 (An issue in Eskooly Free Online School management Software v.3.0 and b ...)
-	TODO: check
+	NOT-FOR-US: Eskooly Free Online School management Software
 CVE-2024-27709 (SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remo ...)
-	TODO: check
+	NOT-FOR-US: Eskooly Web Product
 CVE-2024-23998 (goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross ...)
 	TODO: check
 CVE-2024-23997 (Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Lukas Bach yana
 CVE-2024-23588 (HCL Nomad server on Domino fails to properly handle users configured w ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-39943 (rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, an ...)
-	TODO: check
+	NOT-FOR-US: rejetto HFS
 CVE-2024-39937 (supOS 5.0 allows api/image/download?fileName=../ directory traversal f ...)
 	NOT-FOR-US: supOS
 CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2. ...)
 	TODO: check
 CVE-2024-39935 (jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certifi ...)
-	TODO: check
+	NOT-FOR-US: jc21 NGINX Proxy Manager
 CVE-2024-39485 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.9.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec76c7c509365478d948d41a07887a36a5392203

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec76c7c509365478d948d41a07887a36a5392203
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240705/9a73d1b0/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list