[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 8 21:27:39 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df1f4602 by Salvatore Bonaccorso at 2024-07-08T22:27:02+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
 CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be induce ...)
-	TODO: check
+	NOT-FOR-US: /n software IPWorks SSH library SFTPServer component
 CVE-2024-6564 (Buffer overflow in "rcar_dev_init"  due to using due to using untruste ...)
 	TODO: check
 CVE-2024-6563 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
 	TODO: check
 CVE-2024-6227 (A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to c ...)
-	TODO: check
+	NOT-FOR-US: aimhubio/aim
 CVE-2024-6163 (Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, <  ...)
 	TODO: check
 CVE-2024-4882 (The user may be redirected to an arbitrary site in Sitefinity 15.1.832 ...)
-	TODO: check
+	NOT-FOR-US: Sitefinity
 CVE-2024-4341 (Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar  ...)
-	TODO: check
+	NOT-FOR-US: Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS
 CVE-2024-39896 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2024-39895 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2024-39743 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...)
 	NOT-FOR-US: IBM
 CVE-2024-39742 (IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to ...)
 	NOT-FOR-US: IBM
 CVE-2024-39701 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2024-39699 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2024-39695 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	TODO: check
 CVE-2024-39677 (NHibernate is an object-relational mapper for the .NET framework. A SQ ...)
@@ -33,15 +33,15 @@ CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can iden
 CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for managing d ...)
 	TODO: check
 CVE-2024-39203 (A cross-site scripting (XSS) vulnerability in the Backend Theme Manage ...)
-	TODO: check
+	NOT-FOR-US: Backend Theme Management module of Z-BlogPHP
 CVE-2024-39202 (D-Link DIR-823X firmware - 240126 was discovered to contain a remote c ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-37999 (A vulnerability has been identified in Medicalis Workflow Orchestrator ...)
-	TODO: check
+	NOT-FOR-US: Medicalis Workflow Orchestrator
 CVE-2024-34702 (Botan is a C++ cryptography library. X.509 certificates can identify e ...)
 	TODO: check
 CVE-2024-31504 (Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodb ...)
-	TODO: check
+	NOT-FOR-US: SILA Embedded Solutions GmbH freemodbus
 CVE-2024-27903 (OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be lo ...)
 	TODO: check
 CVE-2024-27459 (The interactive service in OpenVPN 2.6.9 and earlier allows an attacke ...)
@@ -51,7 +51,7 @@ CVE-2024-25639 (Khoj is an application that creates personal AI agents. The Khoj
 CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVP ...)
 	TODO: check
 CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure of sensi ...)
-	TODO: check
+	NOT-FOR-US: HCL Domino
 CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the configuration ...)
 	TODO: check
 CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly  check  ...)
@@ -109,7 +109,7 @@ CVE-2024-37528 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19
 CVE-2024-37389 (Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 suppor ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2024-34603 (Improper access control in Samsung Message prior to SMR Jul-2024 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34602 (Use of implicit intent for sensitive communication in Samsung Messages ...)
 	NOT-FOR-US: Samsung
 CVE-2024-31897 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1,  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df1f4602c05ce4522b0568d712c5f49a672c1a28

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df1f4602c05ce4522b0568d712c5f49a672c1a28
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240708/5c43fa80/attachment.htm>


More information about the debian-security-tracker-commits mailing list