[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 27 21:40:53 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
627e1c96 by Salvatore Bonaccorso at 2024-06-27T22:40:13+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,59 +1,59 @@
 CVE-2024-6388 (Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, be ...)
-	TODO: check
+	NOT-FOR-US: ubuntu-advantage-desktop-daemon
 CVE-2024-6374 (A vulnerability was found in lahirudanushka School Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: lahirudanushka School Management System
 CVE-2024-6373 (A vulnerability has been found in itsourcecode Online Food Ordering Sy ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Online Food Ordering System
 CVE-2024-6372 (A vulnerability, which was classified as critical, was found in itsour ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Tailoring Management System
 CVE-2024-6371 (A vulnerability, which was classified as critical, has been found in i ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Pool of Bethesda Online Reservation System
 CVE-2024-6370 (A vulnerability classified as problematic was found in LabVantage LIMS ...)
-	TODO: check
+	NOT-FOR-US: LabVantage LIMS
 CVE-2024-6369 (A vulnerability classified as problematic has been found in LabVantage ...)
-	TODO: check
+	NOT-FOR-US: LabVantage LIMS
 CVE-2024-6368 (A vulnerability was found in LabVantage LIMS 2017. It has been rated a ...)
-	TODO: check
+	NOT-FOR-US: LabVantage LIMS
 CVE-2024-6367 (A vulnerability was found in LabVantage LIMS 2017. It has been declare ...)
-	TODO: check
+	NOT-FOR-US: LabVantage LIMS
 CVE-2024-6262 (The Portfolio Gallery \u2013 Image Gallery Plugin plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6250 (An absolute path traversal vulnerability exists in parisneo/lollms-web ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-6139 (A path traversal vulnerability exists in the XTTS server of the parisn ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms
 CVE-2024-6127 (BC Security Empire before 5.9.3 is vulnerable to a path traversal issu ...)
-	TODO: check
+	NOT-FOR-US: BC Security Empire
 CVE-2024-6090 (A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt ve ...)
-	TODO: check
+	NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
 CVE-2024-6086 (In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardle ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-6085 (A path traversal vulnerability exists in the XTTS server included in t ...)
-	TODO: check
+	NOT-FOR-US: lollms
 CVE-2024-6038 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: gaizhenbiao/chuanhuchatgpt
 CVE-2024-5980 (A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-l ...)
-	TODO: check
+	NOT-FOR-US: pytorch-lightning
 CVE-2024-5979 (In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids`  ...)
-	TODO: check
+	NOT-FOR-US: h2oai/h2o-3
 CVE-2024-5936 (An open redirect vulnerability exists in imartinez/privategpt version  ...)
-	TODO: check
+	NOT-FOR-US: imartinez/privategpt
 CVE-2024-5935 (A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of  ...)
-	TODO: check
+	NOT-FOR-US: imartinez/privategpt
 CVE-2024-5933 (A Cross-site Scripting (XSS) vulnerability exists in the chat function ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-5885 (stangirard/quivr version 0.0.236 contains a Server-Side Request Forger ...)
-	TODO: check
+	NOT-FOR-US: stangirard/quivr
 CVE-2024-5826 (In the latest version of vanna-ai/vanna, the `vanna.ask` function is v ...)
-	TODO: check
+	NOT-FOR-US: vanna-ai/vanna
 CVE-2024-5824 (A path traversal vulnerability in the `/set_personality_config` endpoi ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms
 CVE-2024-5822 (A Server-Side Request Forgery (SSRF) vulnerability exists in the uploa ...)
-	TODO: check
+	NOT-FOR-US: gaizhenbiao/ChuanhuChatGPT
 CVE-2024-5820 (Missing Authorization in stitionai/devika)
-	TODO: check
+	NOT-FOR-US: stitionai/devika
 CVE-2024-5755 (In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email v ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-5751 (BerriAI/litellm version v1.35.8 contains a vulnerability where an atta ...)
 	TODO: check
 CVE-2024-5714 (In lunary-ai/lunary version 1.2.4, an improper access control vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627e1c9658b70e944afec4807eed639fd09cc2f2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627e1c9658b70e944afec4807eed639fd09cc2f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240627/3fee51c9/attachment.htm>

More information about the debian-security-tracker-commits mailing list