[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 25 07:00:30 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca304d5a by Salvatore Bonaccorso at 2024-06-25T07:59:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2024-6160 (SQL Injection vulnerability in MegaBIP software allows attacker t
 CVE-2024-6104 (go-retryablehttp prior to 0.7.7 did not sanitize urls when writing the ...)
 	TODO: check
 CVE-2024-5862 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Mia Technology Inc. Mia-Med Health Aplication
 CVE-2024-5683 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Next4Biz CRM & BPM Software Business Process Manangement (BPM)
 CVE-2024-4839 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Serve ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-4754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Next4Biz CRM & BPM Software Business Process Manangement (BPM)
 CVE-2024-4748 (The CRUDDIY project is vulnerable to shell command injection via sendi ...)
 	TODO: check
 CVE-2024-3264 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia  ...)
@@ -21,39 +21,39 @@ CVE-2024-3264 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in
 CVE-2024-38373 (FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS ...)
 	TODO: check
 CVE-2024-38369 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2024-37825 (An issue in EnvisionWare Computer Access & Reservation Control SelfChe ...)
-	TODO: check
+	NOT-FOR-US: EnvisionWare Computer Access & Reservation Control SelfCheck
 CVE-2024-37732 (Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a rem ...)
-	TODO: check
+	NOT-FOR-US: Anchor CMS
 CVE-2024-37681 (An issue the background management system of Shanxi Internet Chuangxia ...)
-	TODO: check
+	NOT-FOR-US: Shanxi Internet Chuangxiang Technology
 CVE-2024-37680 (Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is af ...)
-	TODO: check
+	NOT-FOR-US: Hangzhou Meisoft Information Technology
 CVE-2024-37679 (Cross Site Scripting vulnerability in Hangzhou Meisoft Information Tec ...)
-	TODO: check
+	NOT-FOR-US: Hangzhou Meisoft Information Technology
 CVE-2024-37678 (Cross Site Scripting vulnerability in Hangzhou Meisoft Information Tec ...)
-	TODO: check
+	NOT-FOR-US: Hangzhou Meisoft Information Technology
 CVE-2024-37677 (An issue in Shenzhen Weitillage Industrial Co., Ltd the access managem ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Weitillage Industrial
 CVE-2024-37233 (Improper Authentication vulnerability in Play.Ht allows Accessing Func ...)
 	TODO: check
 CVE-2024-37231 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Salon Booking System Salon booking system
 CVE-2024-37228 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37111 (Missing Authorization vulnerability in Membership Software WishList Me ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37109 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37107 (Improper Privilege Management vulnerability in Membership Software Wis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37092 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37091 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37089 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-36497 (The decrypted configuration file contains the password in cleartext  w ...)
 	TODO: check
 CVE-2024-36496 (The configuration file is encrypted with a static key derived from a   ...)
@@ -61,7 +61,7 @@ CVE-2024-36496 (The configuration file is encrypted with a static key derived fr
 CVE-2024-36495 (The application Faronics WINSelect (Standard + Enterprise)saves its co ...)
 	TODO: check
 CVE-2024-36038 (Zoho ManageEngine ITOM products versions from128234 to 128248 are affe ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-34313 (An issue in VPL Jail System up to v4.0.2 allows attackers to execute a ...)
 	TODO: check
 CVE-2024-34312 (Virtual Programming Lab for Moodle up to v4.2.3 was discovered to cont ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca304d5a7116f8bbb8557a789117e0d9156a0262

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca304d5a7116f8bbb8557a789117e0d9156a0262
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240625/5bb9ca37/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list