[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 25 06:31:16 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba99fe14 by Salvatore Bonaccorso at 2024-07-25T07:30:18+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,97 +41,97 @@ CVE-2024-6988
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-7080 (A vulnerability was found in SourceCodester Insurance Management Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Insurance Management System
 CVE-2024-7079 (A flaw was found in the Openshift console. The /API/helm/verify endpoi ...)
-	TODO: check
+	NOT-FOR-US: Openshift
 CVE-2024-7069 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
 CVE-2024-7068 (A vulnerability classified as problematic has been found in SourceCode ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Insurance Management System
 CVE-2024-7067 (A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap u ...)
 	TODO: check
 CVE-2024-7066 (A vulnerability was found in F-logic DataCube3 1.0. It has been declar ...)
-	TODO: check
+	NOT-FOR-US: F-logic DataCube3
 CVE-2024-7065 (A vulnerability was found in Spina CMS up to 2.18.0. It has been class ...)
-	TODO: check
+	NOT-FOR-US: Spina CMS
 CVE-2024-6896 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6327 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q2 (1 ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2024-6096 (In Progress\xae Telerik\xae Reporting versions prior to 18.1.24.709, a ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2024-5818 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-41914 (A vulnerability in the web-based management interface of EdgeConnect S ...)
-	TODO: check
+	NOT-FOR-US: HPE EdgeConnect SD-WAN Orchestrator
 CVE-2024-41672 (DuckDB is a SQL database management system. In versions 1.0.0 and prio ...)
 	- duckdb <itp> (bug #1036922)
 CVE-2024-41667 (OpenAM is an open access management solution. In versions 15.0.3 and p ...)
-	TODO: check
+	NOT-FOR-US: OpenAM
 CVE-2024-41666 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
-	TODO: check
+	NOT-FOR-US: Argo CD
 CVE-2024-41662 (VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerab ...)
-	TODO: check
+	NOT-FOR-US: VNote
 CVE-2024-41551 (CampCodes Supplier Management System v1.0 is vulnerable to SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: CampCodes Supplier Management System
 CVE-2024-41550 (CampCodes Supplier Management System v1.0 is vulnerable to SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: CampCodes Supplier Management System
 CVE-2024-41135 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN  ...)
-	TODO: check
+	NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
 CVE-2024-41134 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN  ...)
-	TODO: check
+	NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
 CVE-2024-41133 (A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN  ...)
-	TODO: check
+	NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
 CVE-2024-41110 (Moby is an open-source project created by Docker for software containe ...)
 	TODO: check
 CVE-2024-40575 (An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7. ...)
-	TODO: check
+	NOT-FOR-US: Huawei Technologies opengauss
 CVE-2024-40495 (A vulnerability was discovered in Linksys Router E2500 with firmware 2 ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2024-40422 (The snapshot_path parameter in the /api/get-browser-snapshot endpoint  ...)
-	TODO: check
+	NOT-FOR-US: stitionai devika
 CVE-2024-40137 (Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remo ...)
 	- dolibarr <removed>
 CVE-2024-3896 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39345 (AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH s ...)
-	TODO: check
+	NOT-FOR-US: AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices
 CVE-2024-37533 (IBM InfoSphere Information Server 11.7 could disclose sensitive user i ...)
 	NOT-FOR-US: IBM
 CVE-2024-36541 (Insecure permissions in logging-operator v4.6.0 allows attackers to ac ...)
-	TODO: check
+	NOT-FOR-US: logging-operator
 CVE-2024-36540 (Insecure permissions in external-secrets v0.9.16 allows attackers to a ...)
-	TODO: check
+	NOT-FOR-US: external-secrets
 CVE-2024-36539 (Insecure permissions in contour v1.28.3 allows attackers to access sen ...)
-	TODO: check
+	NOT-FOR-US: contour
 CVE-2024-36538 (Insecure permissions in chaos-mesh v2.6.3 allows attackers to access s ...)
-	TODO: check
+	NOT-FOR-US: chaos-mesh
 CVE-2024-36537 (Insecure permissions in cert-manager v1.14.4 allows attackers to acces ...)
-	TODO: check
+	NOT-FOR-US: cert-manager
 CVE-2024-36536 (Insecure permissions in fabedge v0.8.1 allows attackers to access sens ...)
-	TODO: check
+	NOT-FOR-US: fabedge
 CVE-2024-36535 (Insecure permissions in meshery v0.7.51 allows attackers to access sen ...)
-	TODO: check
+	NOT-FOR-US: meshery
 CVE-2024-36534 (Insecure permissions in hwameistor v0.14.3 allows attackers to access  ...)
-	TODO: check
+	NOT-FOR-US: hwameistor
 CVE-2024-36533 (Insecure permissions in volcano v1.8.2 allows attackers to access sens ...)
-	TODO: check
+	NOT-FOR-US: volcano
 CVE-2024-33519 (A vulnerability in the web-based management interface of HPE Aruba Net ...)
-	TODO: check
+	NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
 CVE-2024-31977 (Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version  ...)
-	TODO: check
+	NOT-FOR-US: Adtran 834-5
 CVE-2024-31971 (Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran N ...)
-	TODO: check
+	NOT-FOR-US: AdTran NetVanta 3120 devices
 CVE-2024-31970 (AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixe ...)
-	TODO: check
+	NOT-FOR-US: Adtran 834-5 devices
 CVE-2024-22444 (A vulnerability within the web-based management interface of EdgeConne ...)
-	TODO: check
+	NOT-FOR-US: HPE EdgeConnect SD-WAN Orchestrator
 CVE-2024-22443 (A vulnerability in the web-based management interface of EdgeConnect S ...)
-	TODO: check
+	NOT-FOR-US: HPE EdgeConnect SD-WAN Orchestrator
 CVE-2024-21684 (There is a low severity open redirect vulnerability within affected ve ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2023-45249 (Remote command execution due to use of default passwords. The followin ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2024-7027 (The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6930 (The WP Booking Calendar plugin for WordPress is vulnerable to Stored C ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba99fe14fd32a22093b9529b558bcd2687c67f82

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba99fe14fd32a22093b9529b558bcd2687c67f82
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240725/96506d08/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list