[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 24 05:34:13 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4390b93a by Salvatore Bonaccorso at 2024-06-24T06:33:34+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2024-6269 (A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as  ...)
-	TODO: check
+	NOT-FOR-US: Ruijie RG-UAC
 CVE-2024-6268 (A vulnerability, which was classified as critical, has been found in l ...)
-	TODO: check
+	NOT-FOR-US: lahirudanushka School Management System
 CVE-2024-4841 (A Path Traversal vulnerability exists in the parisneo/lollms-webui, sp ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-XXXX [org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code]
 	- emacs <unfixed> (bug #1074137)
 	- org-mode <unfixed> (bug #1074136)
@@ -531,7 +531,7 @@ CVE-2024-29012 (Stack-based buffer overflow vulnerability in the SonicOS HTTP se
 CVE-2024-28397 (An issue in the component js2py.disable_pyimport() of js2py up to v0.7 ...)
 	TODO: check
 CVE-2024-28147 (An authenticated user can upload arbitrary files in the upload  functi ...)
-	TODO: check
+	NOT-FOR-US: edu-sharing
 CVE-2023-49113 (The Kiuwan Local Analyzer (KLA) Java scanning application contains sev ...)
 	NOT-FOR-US: Kiuwan
 CVE-2023-49112 (Kiuwan provides an API endpoint  /saas/rest/v1/info/application  to ge ...)
@@ -133857,7 +133857,7 @@ CVE-2022-42976
 CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin w ...)
 	NOT-FOR-US: Phoenix
 CVE-2022-42974 (In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1, the web application for  ...)
-	TODO: check
+	NOT-FOR-US: Kostal
 CVE-2022-42973 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
 	NOT-FOR-US: Schneider
 CVE-2022-42972 (A CWE-732: Incorrect Permission Assignment for Critical Resource vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4390b93a8a41c5dd050c69f496806b6aa1bd2edd

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4390b93a8a41c5dd050c69f496806b6aa1bd2edd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240624/516b2277/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list