[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 30 21:30:08 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43b5580e by Salvatore Bonaccorso at 2024-07-30T22:29:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,59 +1,59 @@
 CVE-2024-7297 (Langflow versions prior to 1.0.13 suffer from a Privilege Escalation v ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2024-7226 (A vulnerability was found in SourceCodester Medicine Tracker System 1. ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Medicine Tracker System
 CVE-2024-7225 (A vulnerability was found in SourceCodester Insurance Management Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Insurance Management System
 CVE-2024-7209 (A vulnerability exists in the use of shared SPF records in multi-tenan ...)
 	TODO: check
 CVE-2024-7208 (Hosted services do not verify the sender of an email against authentic ...)
 	TODO: check
 CVE-2024-7127 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Stackposts Social Marketing Tool
 CVE-2024-6699 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Mikafon Electronic Inc. Mikafon MA7
 CVE-2024-5486 (A vulnerability exists in ClearPass Policy Manager that allows for an  ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-5250 (In versions of Akana API Platform prior to 2024.1.0 overly verbose err ...)
-	TODO: check
+	NOT-FOR-US: Akana API Platform
 CVE-2024-5249 (In versions of Akana API Platform prior to 2024.1.0, SAML tokens can b ...)
-	TODO: check
+	NOT-FOR-US: Akana API Platform
 CVE-2024-4188 (Unprotected Transport of Credentials vulnerability in OpenText\u2122 D ...)
-	TODO: check
+	NOT-FOR-US: OpenText Documentum Server
 CVE-2024-41945 (fuels-ts is a library for interacting with Fuel v2.  The typescript SD ...)
 	TODO: check
 CVE-2024-41944 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Xibo
 CVE-2024-41943 (I, Librarian is an open-source version of a PDF managing SaaS. PDF not ...)
 	TODO: check
 CVE-2024-41924 (Acceptance of extraneous untrusted data with trusted data vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2024-41916 (A vulnerability exists in ClearPass Policy Manager that allows for an  ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-41915 (A vulnerability in the web-based management interface of ClearPass Pol ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-41804 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Xibo
 CVE-2024-41803 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Xibo
 CVE-2024-41802 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Xibo
 CVE-2024-41702 (SiberianCMS - CWE-89: Improper Neutralization of Special Elements used ...)
-	TODO: check
+	NOT-FOR-US: SiberianCMS
 CVE-2024-41701 (AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorize ...)
-	TODO: check
+	NOT-FOR-US: AccuPOS
 CVE-2024-41696 (Priority   PRI WEB PortalAdd-On for Priority ERP on prem  - CWE-200: E ...)
-	TODO: check
+	NOT-FOR-US: Priority PRI WEB Portal Add-On for Priority ERP on prem
 CVE-2024-41695 (Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Di ...)
-	TODO: check
+	NOT-FOR-US: Cybonet
 CVE-2024-41694 (Cybonet - CWE-200: Exposure of Sensitive Information to an Unauthorize ...)
-	TODO: check
+	NOT-FOR-US: Cybonet
 CVE-2024-41693 (Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags i ...)
-	TODO: check
+	NOT-FOR-US: Mashov
 CVE-2024-41611 (In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service c ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-41610 (D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded cr ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-41443 (A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of  ...)
 	TODO: check
 CVE-2024-41440 (A heap buffer overflow in the function png_quantize() of hicolor v0.5. ...)
@@ -65,19 +65,19 @@ CVE-2024-41438 (A heap buffer overflow in the function cp_stored() (/vendor/cute
 CVE-2024-41437 (A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png ...)
 	TODO: check
 CVE-2024-41305 (A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS  ...)
-	TODO: check
+	NOT-FOR-US: WonderCMS
 CVE-2024-41304 (An arbitrary file upload vulnerability in the uploadFileAction() funct ...)
-	TODO: check
+	NOT-FOR-US: WonderCMS
 CVE-2024-41141 (Stored cross-site scripting vulnerability exists in EC-CUBE Web API Pl ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2024-41109 (Pimcore's Admin Classic Bundle provides a backend user interface for P ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2024-40895 (FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/ ...)
-	TODO: check
+	NOT-FOR-US: FFRI AMC
 CVE-2024-3930 (In versions of Akana API Platform prior to 2024.1.0a flaw resulting in ...)
-	TODO: check
+	NOT-FOR-US: Akana API Platform
 CVE-2024-39320 (Discourse is an open source discussion platform. Prior to 3.2.5 and 3. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-39012 (ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollut ...)
 	TODO: check
 CVE-2024-39011 (Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers  ...)
@@ -85,11 +85,11 @@ CVE-2024-39011 (Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows atta
 CVE-2024-39010 (chase-moskal snapstate v0.0.9 was discovered to contain a prototype po ...)
 	TODO: check
 CVE-2024-38986 (Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execu ...)
-	TODO: check
+	NOT-FOR-US: 75lb deep-merge
 CVE-2024-38984 (Prototype Pollution in lukebond json-override 0.2.0 allows attackers t ...)
 	TODO: check
 CVE-2024-38909 (Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. C ...)
-	TODO: check
+	NOT-FOR-US: Studio 42 elFinder
 CVE-2024-38432 (MatrixTafnit v8   -     CWE-646: Reliance on File Name or Extension of ...)
 	TODO: check
 CVE-2024-38431 (MatrixTafnit v8   -   CWE-204: Observable Response Discrepancy)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b5580e1db32a632fc9126439257a5f7f5570f4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b5580e1db32a632fc9126439257a5f7f5570f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240730/4da49a76/attachment.htm>

More information about the debian-security-tracker-commits mailing list