[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 26 21:50:47 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb6e1d56 by Salvatore Bonaccorso at 2024-07-26T22:50:02+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
 CVE-2024-7128 (A flaw was found in the Openshift console. Several endpoints in the ap ...)
-	TODO: check
+	NOT-FOR-US: Openshift
 CVE-2024-7062 (Nimble Commander suffers from a privilege escalation vulnerability due ...)
-	TODO: check
+	NOT-FOR-US: Nimble Commander
 CVE-2024-7050 (Improper Authentication vulnerability in OpenText OpenText Directory S ...)
-	TODO: check
+	NOT-FOR-US: OpenText OpenText Directory Services
 CVE-2024-6922 (Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Sid ...)
-	TODO: check
+	NOT-FOR-US: Automation Anywhere Automation 360
 CVE-2024-4786 (An improper validation vulnerability was reported in the Lenovo Tab K1 ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-42007 (SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal ...)
-	TODO: check
+	NOT-FOR-US: SPX (aka php-spx)
 CVE-2024-41813 (txtdot is an HTTP proxy that parses only text, links, and pictures fro ...)
-	TODO: check
+	NOT-FOR-US: txtdot
 CVE-2024-41812 (txtdot is an HTTP proxy that parses only text, links, and pictures fro ...)
-	TODO: check
+	NOT-FOR-US: txtdot
 CVE-2024-41807
 	REJECTED
 CVE-2024-41805 (Tracks, a Getting Things Done (GTD) web application, is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: TracksApp
 CVE-2024-41692 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41691 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41690 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41689 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41688 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due la ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41687 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41686 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41685 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41684 (This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to ...)
-	TODO: check
+	NOT-FOR-US: SyroTech SY-GPON-1110-WDONT Router
 CVE-2024-41670 (In the module "PayPal Official" for PrestaShop 7+ releases prior to ve ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-41375 (ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/termi ...)
-	TODO: check
+	NOT-FOR-US: ICEcoder
 CVE-2024-41374 (ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/setti ...)
-	TODO: check
+	NOT-FOR-US: ICEcoder
 CVE-2024-41373 (ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-ve ...)
-	TODO: check
+	NOT-FOR-US: ICEcoder
 CVE-2024-41357 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin ...)
 	TODO: check
 CVE-2024-41356 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\ ...)
@@ -55,43 +55,43 @@ CVE-2024-41354 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app
 CVE-2024-41353 (phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\ ...)
 	TODO: check
 CVE-2024-41113 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
-	TODO: check
+	NOT-FOR-US: streamlit-geospatial
 CVE-2024-41112 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
-	TODO: check
+	NOT-FOR-US: streamlit-geospatial
 CVE-2024-40689 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
 	NOT-FOR-US: IBM
 CVE-2024-40117 (Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- ...)
-	TODO: check
+	NOT-FOR-US: Solar-Log 1000
 CVE-2024-40116 (An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was d ...)
-	TODO: check
+	NOT-FOR-US: Solar-Log 1000
 CVE-2024-39304 (ChurchCRM is an open-source church management system. Versions of the  ...)
-	TODO: check
+	NOT-FOR-US: ChurchCRM
 CVE-2024-38872 (Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below a ...)
-	TODO: check
+	NOT-FOR-US: Zohocorp ManageEngine Exchange Reporter Plus
 CVE-2024-38871 (Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below a ...)
-	TODO: check
+	NOT-FOR-US: Zohocorp ManageEngine Exchange Reporter Plus
 CVE-2024-38512 (A privilege escalation vulnerability was discovered in XCC that could  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-38511 (A privilege escalation vulnerability was discovered in an upload proce ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-38510 (A privilege escalation vulnerability was discovered in the SSH captive ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-38509 (A privilege escalation vulnerability was discovered in XCC that could  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-38508 (A privilege escalation vulnerability was discovered in the web interfa ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-27358 (An issue was discovered in WithSecure Elements Agent through 23.x for  ...)
-	TODO: check
+	NOT-FOR-US: WithSecure
 CVE-2024-27357 (An issue was discovered in WithSecure Elements Agent through 23.x for  ...)
-	TODO: check
+	NOT-FOR-US: WithSecure
 CVE-2024-26520 (An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaur ...)
-	TODO: check
+	NOT-FOR-US: Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform
 CVE-2024-25090 (Insufficient input validation and sanitation in Profile name & screenn ...)
-	TODO: check
+	NOT-FOR-US: Apache Roller
 CVE-2024-24257 (An issue in skteco.com Central Control Attendance Machine web manageme ...)
-	TODO: check
+	NOT-FOR-US: skteco.com Central Control Attendance Machine web management platform
 CVE-2023-50700 (Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 a ...)
-	TODO: check
+	NOT-FOR-US: Deepin dde-file-manager
 CVE-2024-7120 (A vulnerability, which was classified as critical, was found in Raisec ...)
 	NOT-FOR-US: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300
 CVE-2024-7119 (A vulnerability, which was classified as critical, has been found in M ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb6e1d5661afcaa6ba71a9f91f8f4835f6ca5306

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb6e1d5661afcaa6ba71a9f91f8f4835f6ca5306
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240726/51cdc057/attachment.htm>

More information about the debian-security-tracker-commits mailing list