[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 27 21:37:21 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e46e56a2 by Salvatore Bonaccorso at 2024-05-27T22:36:45+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in  ...)
-	TODO: check
+	NOT-FOR-US: RhinOS
 CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...)
-	TODO: check
+	NOT-FOR-US: RhinOS
 CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code injection thro ...)
-	TODO: check
+	NOT-FOR-US: RhinOS
 CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...)
-	TODO: check
+	NOT-FOR-US: WinNMP
 CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...)
-	TODO: check
+	NOT-FOR-US: WinNMP
 CVE-2024-3381
 	REJECTED
 CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6.0.3.  ...)
@@ -15,19 +15,19 @@ CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6
 CVE-2024-36105 (dbt enables data analysts and engineers to transform their data using  ...)
 	TODO: check
 CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-35238 (Minder by Stacklok is an open source software supply chain security pl ...)
-	TODO: check
+	NOT-FOR-US: Minder by Stacklok
 CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js that ve ...)
-	TODO: check
+	NOT-FOR-US: MIT IdentiBot
 CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
 	TODO: check
 CVE-2024-35231 (rack-contrib provides contributed rack middleware and utilities for Ra ...)
 	TODO: check
 CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...)
-	TODO: check
+	NOT-FOR-US: ZKsync Era
 CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries (SDK gener ...)
 	TODO: check
 CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the desig ...)
@@ -35,7 +35,7 @@ CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the
 CVE-2024-35181 (Meshery is an open source, cloud native manager that enables the desig ...)
 	TODO: check
 CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23,  ...)
-	TODO: check
+	NOT-FOR-US: Avocent DSR2030 Appliance firmware
 CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows l ...)
 	TODO: check
 CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...)
@@ -43,7 +43,7 @@ CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relati
 CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...)
 	TODO: check
 CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46e56a25c12b44222a7ee274f4c363ca88b3733

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46e56a25c12b44222a7ee274f4c363ca88b3733
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240527/60b357a7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list