[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 15 21:31:59 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
723fe1c5 by Salvatore Bonaccorso at 2024-07-15T22:31:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2024-6746 (A vulnerability classified as problematic was found in NaiboWang EasyS ...)
-	TODO: check
+	NOT-FOR-US: NaiboWang EasySpider
 CVE-2024-6745 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects Simple Ticket Booking
 CVE-2024-6741 (Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag  ...)
-	TODO: check
+	NOT-FOR-US: Openfind's Mail2000
 CVE-2024-6740 (Openfind's Mail2000 does not properly validate email atachments, allow ...)
-	TODO: check
+	NOT-FOR-US: Openfind's Mail2000
 CVE-2024-6721
 	REJECTED
 CVE-2024-6689 (Local Privilege Escalation in MSI-Installer in baramundi Management Ag ...)
-	TODO: check
+	NOT-FOR-US: MSI-Installer in baramundi Management Agent
 CVE-2024-6398 (An information disclosure vulnerability in SWG in versions 12.x prior  ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2024-5402 (Unquoted Search Path or Element vulnerability in ABB Mint Workbench.   ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2024-40631 (Plate media is an open source, rich-text editor for React. Editors tha ...)
 	TODO: check
 CVE-2024-40630 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
@@ -23,19 +23,19 @@ CVE-2024-40627 (Fastapi OPA is an opensource fastapi middleware which includes a
 CVE-2024-40624 (TorrentPier is an open source BitTorrent Public/Private tracker engine ...)
 	TODO: check
 CVE-2024-40560 (Tmall_demo before v2024.07.03 was discovered to contain a SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Tmall_demo
 CVE-2024-40555 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upl ...)
-	TODO: check
+	NOT-FOR-US: Tmall_demo
 CVE-2024-40554 (An access control issue in Tmall_demo v2024.07.03 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: Tmall_demo
 CVE-2024-40553 (Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upl ...)
-	TODO: check
+	NOT-FOR-US: Tmall_demo
 CVE-2024-40416 (A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C functi ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-40415 (A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-40414 (A vulnerability in /goform/SetNetControlList in the sub_656BC function ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-39919 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...)
 	TODO: check
 CVE-2024-39918 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...)
@@ -45,17 +45,17 @@ CVE-2024-39915 (Thruk is a multibackend monitoring webinterface for Naemon, Nagi
 CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...)
 	TODO: check
 CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace Desktop  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-39826 (Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-39821 (Race condition in the installer for Zoom Workplace App for Windows and ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-39820 (Uncontrolled search path element in the installer for Zoom Workplace D ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-39819 (Improper privilege management in the installer for some Zoom Workplace ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-39767 (Mattermost Mobile Apps versions <=2.16.0 fail to validate that the pus ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Mobile Apps
 CVE-2024-38496 (The vulnerability allows a malicious low-privileged PAM user to access ...)
 	TODO: check
 CVE-2024-38495 (A specific authentication strategy allows a malicious attacker to lear ...)
@@ -69,11 +69,11 @@ CVE-2024-38492 (This vulnerability allows an unauthenticated attacker to achieve
 CVE-2024-38491 (The vulnerability allows an unauthenticated attacker to read arbitrary ...)
 	TODO: check
 CVE-2024-38360 (Discourse is an open source platform for community discussion. In affe ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-37386 (An issue was discovered in Stormshield Network Security (SNS) 4.0.0 th ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2024-37016 (Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypa ...)
-	TODO: check
+	NOT-FOR-US: Mengshen Wireless Door Alarm M70
 CVE-2024-36458 (The vulnerability allows a malicious low-privileged PAM user to perfor ...)
 	TODO: check
 CVE-2024-36457 (The vulnerability allows an attacker to bypass the authentication requ ...)
@@ -83,23 +83,23 @@ CVE-2024-36456 (This vulnerability allows an unauthenticated attacker to achieve
 CVE-2024-36455 (An improper input validation allows an unauthenticated attacker to ach ...)
 	TODO: check
 CVE-2024-36438 (eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access C ...)
-	TODO: check
+	NOT-FOR-US: eLinkSmart Hidden Smart Cabinet Lock
 CVE-2024-36434 (An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X1 ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2024-36433 (An arbitrary memory write vulnerability was discovered in Supermicro X ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2024-36432 (An arbitrary memory write vulnerability was discovered in Supermicro X ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2024-32945 (Mattermost Mobile Apps versions <=2.16.0 fail to protect against abuse ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Mobile Apps
 CVE-2024-31946 (An issue was discovered in Stormshield Network Security (SNS) 3.7.0 th ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2024-27241 (Improper input validation in some Zoom Apps and SDKs may allow an auth ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-27240 (Improper input validation in the installer for some Zoom Apps for Wind ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-27238 (Race condition in the installer for some Zoom Apps and SDKs for Window ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-41007 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/97a9063518f198ec0adb2ecb89789de342bb8283 (6.10)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/723fe1c575b2ab9259cf804f0c92fa7d39710760

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/723fe1c575b2ab9259cf804f0c92fa7d39710760
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240715/7a1595b4/attachment.htm>

More information about the debian-security-tracker-commits mailing list