[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 10 11:01:33 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ce5b033 by Salvatore Bonaccorso at 2024-07-10T11:38:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,19 +21,19 @@ CVE-2024-4866 (The UltraAddons \u2013 Elementor Addons (Header Footer Builder, C
 CVE-2024-39927 (Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. I ...)
 	NOT-FOR-US: Ricoh
 CVE-2024-39901 (OpenSearch Observability is collection of plugins and applications tha ...)
-	TODO: check
+	NOT-FOR-US: OpenSearch Observability collection of plugins and applications
 CVE-2024-39900 (OpenSearch Dashboards Reports allows \u2018Report Owner\u2019 export a ...)
-	TODO: check
+	NOT-FOR-US: OpenSearch Dashboards Reports
 CVE-2024-39886 (TONE store App version 3.4.2 and earlier contains an issue with unprot ...)
-	TODO: check
+	NOT-FOR-US: TONE
 CVE-2024-39883 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of  ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-39882 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied  ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-39881 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied  ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of  ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
@@ -47,31 +47,31 @@ CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 befor
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14 (4.2.14)
 CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
 CVE-2024-39072 (AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: AMTT Hotel Broadband Operation System (HiBOS)
 CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_eve ...)
-	TODO: check
+	NOT-FOR-US: Fujian Kelixun
 CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows ...)
-	TODO: check
+	NOT-FOR-US: ifood Order Manager
 CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a ...)
-	TODO: check
+	NOT-FOR-US: Silverpeas Core
 CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the ...)
-	TODO: check
+	NOT-FOR-US: Nopcommerce
 CVE-2024-38959 (Cross Site Scripting vulnerability in Creativeitem Academy LMS Learnin ...)
-	TODO: check
+	NOT-FOR-US: Creativeitem Academy LMS Learning Management System
 CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ...)
 	- python-django 3:4.2.14-1 (bug #1076069)
 	NOTE: https://www.djangoproject.com/weblog/2024/jul/09/security-releases/
 	NOTE: https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5 (4.2.14)
 CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contains an  ...)
-	TODO: check
+	NOT-FOR-US: Dell Alienware Command Center
 CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allo ...)
 	TODO: check
 CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a session h ...)
 	TODO: check
 CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: bookstack
 CVE-2024-36453 (Cross-site scripting vulnerability exists in session_login.cgi of Webm ...)
 	TODO: check
 CVE-2024-36452 (Cross-site request forgery vulnerability exists in ajaxterm module of  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce5b033da4f29c7d04811d7a40e7198a284312b

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce5b033da4f29c7d04811d7a40e7198a284312b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240710/b4937bd8/attachment.htm>

More information about the debian-security-tracker-commits mailing list