[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Sep 1 13:32:58 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2462b1de by Moritz Muehlenhoff at 2024-09-01T14:32:09+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2024-8368 (A vulnerability was found in code-projects Hospital Management System  ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2024-8367 (A vulnerability was found in HM Courts & Tribunals Service Probate Bac ...)
-	TODO: check
+	NOT-FOR-US: HM Courts & Tribunals Service
 CVE-2024-8366 (A vulnerability was found in code-projects Pharmacy Management System  ...)
 	NOT-FOR-US: code-projects Pharmacy Management System
 CVE-2024-8108 (The Share This Image plugin for WordPress is vulnerable to Stored Cros ...)
@@ -248,7 +248,7 @@ CVE-2024-5622 (An untrusted search path vulnerability in the AprolConfigureCCSer
 CVE-2024-5057 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2024-45056 (zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 ...)
-	TODO: check
+	NOT-FOR-US: zksolc
 CVE-2024-45045 (Collabora Online is a collaborative online office suite based on Libre ...)
 	NOT-FOR-US: Collabora Online
 CVE-2024-44930 (Serilog before v2.1.0 was discovered to contain a Client IP Spoofing v ...)
@@ -336,7 +336,7 @@ CVE-2024-43918 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2024-43917 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2024-43804 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
-	TODO: check
+	NOT-FOR-US: Roxy-WI
 CVE-2024-43144 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-43132 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -939,11 +939,14 @@ CVE-2024-43802 (Vim is an improved version of the unix vi text editor. When flus
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh
 	NOTE: https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)
 CVE-2024-43444 (Passwords of agents and customers are displayed in plain text in the O ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
 CVE-2024-43443 (Improper Neutralization of Input done by an attacker with admin privil ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
 CVE-2024-43442 (Improper Neutralization of Input done by an attacker with admin privil ...)
-	TODO: check
+	NOT-FOR-US: OTRS
+	NOTE: Could possibly affect Znuny, we'll let their security team figure it out
 CVE-2024-43319 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-43289 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -955,9 +958,9 @@ CVE-2024-42913 (RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulne
 CVE-2024-42906 (TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) v ...)
 	NOT-FOR-US: TestLink
 CVE-2024-42818 (A cross-site scripting (XSS) vulnerability in the Config-Create functi ...)
-	TODO: check
+	NOT-FOR-US: fastapi-admin pro
 CVE-2024-42816 (A cross-site scripting (XSS) vulnerability in the Create Product funct ...)
-	TODO: check
+	NOT-FOR-US: fastapi-admin pro
 CVE-2024-42792 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipa ...)
 	NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42791 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2462b1de10b95957f78d303b4a5d4807af0dcdce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2462b1de10b95957f78d303b4a5d4807af0dcdce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240901/abd3f17f/attachment.htm>

More information about the debian-security-tracker-commits mailing list