[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 3 21:59:16 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff5df8f1 by Salvatore Bonaccorso at 2024-10-03T22:58:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,61 +17,61 @@ CVE-2024-5803 (The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1
 CVE-2024-47762 (Backstage is an open framework for building developer portals. Configu ...)
 	TODO: check
 CVE-2024-47618 (Sulu is a PHP content management system. Sulu is vulnerable against XS ...)
-	TODO: check
+	NOT-FOR-US: Sulu
 CVE-2024-47617 (Sulu is a PHP content management system. This vulnerability allows an  ...)
-	TODO: check
+	NOT-FOR-US: Sulu
 CVE-2024-47614 (async-graphql is a GraphQL server library implemented in Rust. async-g ...)
 	TODO: check
 CVE-2024-47561 (Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous vers ...)
-	TODO: check
+	NOT-FOR-US: Apache Avro
 CVE-2024-47554 (Uncontrolled Resource Consumption vulnerability in Apache Commons IO.  ...)
 	TODO: check
 CVE-2024-45872 (Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x41 ...)
-	TODO: check
+	NOT-FOR-US: Bandisoft BandiView
 CVE-2024-45871 (Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8  ...)
-	TODO: check
+	NOT-FOR-US: Bandisoft BandiView
 CVE-2024-45870 (Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in  ...)
-	TODO: check
+	NOT-FOR-US: Bandisoft BandiView
 CVE-2024-42415 (An integer overflow vulnerability exists in the Compound Document Bina ...)
 	TODO: check
 CVE-2024-41988 (TEM Opera Plus FM Family Transmitter allows access to an unprotected e ...)
-	TODO: check
+	NOT-FOR-US: TEM Opera Plus FM Family Transmitter
 CVE-2024-41987 (The TEM Opera Plus FM Family Transmitter application interface allows  ...)
-	TODO: check
+	NOT-FOR-US: TEM Opera Plus FM Family Transmitter
 CVE-2024-41922 (A directory traversal vulnerability exists in the log files download f ...)
-	TODO: check
+	NOT-FOR-US: Veertu Anka
 CVE-2024-41596 (Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices thro ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41595 (DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to ch ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41594 (An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacke ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41593 (DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41592 (DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow  ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41591 (DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-ba ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41590 (Several CGI endpoints are vulnerable to buffer overflows, by authentic ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41589 (DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for auth ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41588 (The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 device ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41587 (Stored XSS, by authenticated users, is caused by poor sanitization of  ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41586 (A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 device ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41585 (DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS comman ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41584 (DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected  ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41583 (DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cro ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor310 devices
 CVE-2024-41163 (A directory traversal vulnerability exists in the archive download fun ...)
-	TODO: check
+	NOT-FOR-US: Veertu Anka
 CVE-2024-39755 (A privilege escalation vulnerability exists in the Veertu Anka Build 1 ...)
-	TODO: check
+	NOT-FOR-US: Veertu Anka
 CVE-2024-36474 (An integer overflow vulnerability exists in the Compound Document Bina ...)
 	TODO: check
 CVE-2024-34535 (In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setti ...)
@@ -83,7 +83,7 @@ CVE-2024-0124 (NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerabilit
 CVE-2024-0123 (NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in  ...)
 	TODO: check
 CVE-2023-37822 (Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the depre ...)
-	TODO: check
+	NOT-FOR-US: Eufy HomeBase 2 model T8010X
 CVE-2024-8508 (NLnet Labs Unbound up to and including version 1.21.0 contains a vulne ...)
 	- unbound <unfixed> (bug #1083282)
 	NOTE: Advisory: https://nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff5df8f1cde8f0a19e1f153e299aa84200e7bfc6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff5df8f1cde8f0a19e1f153e299aa84200e7bfc6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241003/7317d925/attachment.htm>

More information about the debian-security-tracker-commits mailing list