[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 24 07:02:36 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f65015a by Salvatore Bonaccorso at 2024-07-24T08:01:32+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30,19 +30,19 @@ CVE-2024-41663 (Canarytokens help track activity and actions on a network.  A Cr
 CVE-2024-41661 (reNgine is an automated reconnaissance framework for web applications. ...)
 	NOT-FOR-US: reNgine
 CVE-2024-41655 (TF2 Item Format helps users format TF2 items to the community standard ...)
-	TODO: check
+	NOT-FOR-US: TF2 Item Format
 CVE-2024-41319 (TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a comm ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2024-41178 (Exposure of temporary credentials in logsin Apache Arrow Rust Object S ...)
 	NOT-FOR-US: Apache Arrow Rust Object Store
 CVE-2024-40060 (go-chart v2.1.1 was discovered to contain an infinite loop via the dra ...)
-	TODO: check
+	NOT-FOR-US: go-chart
 CVE-2024-39702 (In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string ha ...)
-	TODO: check
+	NOT-FOR-US: OpenResty fork specific issue
 CVE-2024-34128 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-29070 (On versions before 2.1.4,session is not invalidated after logout. When ...)
-	TODO: check
+	NOT-FOR-US: Apache StreamPark
 CVE-2024-1975 (If a server hosts a zone containing a "KEY" Resource Record, or a reso ...)
 	- bind9 1:9.20.0-1
 	NOTE: https://kb.isc.org/docs/cve-2024-1975
@@ -704,7 +704,7 @@ CVE-2024-41122 (Woodpecker is a simple yet powerful CI/CD engine with great exte
 CVE-2024-41121 (Woodpecker is a simple yet powerful CI/CD engine with great extensibil ...)
 	NOT-FOR-US: Woodpecker
 CVE-2024-41107 (The CloudStack SAML authentication (disabled by default) does not enfo ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2024-40400 (An arbitrary file upload vulnerability in the image upload function of ...)
 	NOT-FOR-US: automad
 CVE-2024-39963 (AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Du ...)
@@ -326658,9 +326658,9 @@ CVE-2020-11642 (The local file inclusion vulnerability present in B&R SiteManage
 CVE-2020-11641 (A local file inclusion vulnerability in B&R SiteManager versions <9.2. ...)
 	NOT-FOR-US: B&R GateManager
 CVE-2020-11640 (AdvaBuild uses a command queue to launch certain operations. An attack ...)
-	TODO: check
+	NOT-FOR-US: AdvaBuild
 CVE-2020-11639 (An attacker could exploit the vulnerability by injecting garbage data  ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2020-11638
 	RESERVED
 CVE-2020-11637 (A memory leak in the TFTP service in B&R Automation Runtime versions < ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f65015a2e66c403b2eb1570e3f5b7f9cfbbd585

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f65015a2e66c403b2eb1570e3f5b7f9cfbbd585
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240724/71127928/attachment.htm>

More information about the debian-security-tracker-commits mailing list