[Git][security-tracker-team/security-tracker][master] Process more NFUs

Thu Jul 18 21:33:40 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5aa4152d by Salvatore Bonaccorso at 2024-07-18T22:33:05+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,67 +1,67 @@
 CVE-2024-6504 (Rapid7 InsightVM Console versions below 6.6.260 suffer from a protecti ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 InsightVM Console
 CVE-2024-5625 (Improper Restriction of XML External Entity Reference vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PruvaSoft Informatics Apinizer Management Console
 CVE-2024-5620 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: PruvaSoft Informatics Apinizer Management Console
 CVE-2024-5619 (Authorization Bypass Through User-Controlled Key vulnerability in Pruv ...)
-	TODO: check
+	NOT-FOR-US: PruvaSoft Informatics Apinizer Management Console
 CVE-2024-5618 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PruvaSoft Informatics Apinizer Management Console
 CVE-2024-5555 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5554 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5321 (A security issue was discovered in Kubernetes clusters with Windows no ...)
 	TODO: check
 CVE-2024-40648 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
-	TODO: check
+	NOT-FOR-US: matrix-rust-sdk
 CVE-2024-40647 (sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's ...)
 	TODO: check
 CVE-2024-40644 (gitoxide An idiomatic, lean, fast & safe pure Rust implementation of G ...)
 	TODO: check
 CVE-2024-40629 (JumpServer is an open-source Privileged Access Management (PAM) tool t ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2024-40628 (JumpServer is an open-source Privileged Access Management (PAM) tool t ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2024-3242 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to ar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39911 (1Panel is a web-based linux server management control panel. 1Panel co ...)
-	TODO: check
+	NOT-FOR-US: 1Panel
 CVE-2024-39907 (1Panel is a web-based linux server management control panel. There are ...)
-	TODO: check
+	NOT-FOR-US: 1Panel
 CVE-2024-39173 (calculator-boilerplate v1.0 was discovered to contain a remote code ex ...)
-	TODO: check
+	NOT-FOR-US: calculator-boilerplate
 CVE-2024-39152
 	REJECTED
 CVE-2024-39090 (The PHPGurukul Online Shopping Portal Project version 2.0 contains a v ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Online Shopping Portal Project
 CVE-2024-38806 (Failure to properly synchronize user's permissions in UAA in Cloud Fou ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry Foundation
 CVE-2024-38302 (Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encrypti ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-34013 (Local privilege escalation due to OS command injection vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2024-30473 (Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulne ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-30126 (HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP he ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-30125 (HCL BigFix Compliance server can respond with an HTTP status of 500, i ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-29178 (On versions before 2.1.4, a user could log in and perform a template i ...)
-	TODO: check
+	NOT-FOR-US: Apache StreamPark
 CVE-2024-0857 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Universal Software Inc. FlexWater Corporate Water Management
 CVE-2023-50304 (IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vu ...)
 	NOT-FOR-US: IBM
 CVE-2023-40704 (Philips Vue PACS uses default credentials for potentially critical fun ...)
-	TODO: check
+	NOT-FOR-US: Philips Vue PACS
 CVE-2023-40539 (Philips Vue PACS does not require that users have strong passwords, wh ...)
-	TODO: check
+	NOT-FOR-US: Philips Vue PACS
 CVE-2023-40223 (Philips Vue PACS does not properly assign, modify, track, or check act ...)
-	TODO: check
+	NOT-FOR-US: Philips Vue PACS
 CVE-2023-40159 (A validated user not explicitly authorized to have access to certain s ...)
-	TODO: check
+	NOT-FOR-US: Philips Vue PACS
 CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to unauthor ...)
@@ -100,7 +100,7 @@ CVE-2024-29014 (Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64
 CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-43971 (Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote  ...)
-	TODO: check
+	NOT-FOR-US: ACG-faka
 CVE-2024-41011 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.8.11-1
 	[bookworm] - linux 6.1.94-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa4152d5bb886121c0fc1976edd1acfcd6687d3

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa4152d5bb886121c0fc1976edd1acfcd6687d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240718/49e7f5c7/attachment.htm>
