[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 5 20:09:25 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1e0e2c2 by Salvatore Bonaccorso at 2024-09-05T21:08:34+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -151,7 +151,7 @@ CVE-2024-45314 (Flask-AppBuilder is an application development framework. Prior
 	NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fw5r-6m3x-rh7p
 	NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/3030e881d2e44f4021764e18e489fe940a9b3636 (v4.5.1)
 CVE-2024-45195 (Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.  Thi ...)
-	TODO: check
+	NOT-FOR-US: Apache OFBiz
 CVE-2024-45177 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
 	NOT-FOR-US: za-internet C-MOR
 CVE-2024-45174 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
@@ -414,34 +414,34 @@ CVE-2024-44948 (In the Linux kernel, the following vulnerability has been resolv
 	[bookworm] - linux 6.1.106-1
 	NOTE: https://git.kernel.org/linus/919f18f961c03d6694aa726c514184f2311a4614 (6.11-rc3)
 CVE-2024-44859 (Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `f ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-44821 (ZZCMS 2023 contains a vulnerability in the captcha reuse logic located ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-44820 (A sensitive information disclosure vulnerability exists in ZZCMS v.202 ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-44819 (Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-44818 (Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-44817 (SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-44809 (A remote code execution (RCE) vulnerability exists in the Pi Camera pr ...)
-	TODO: check
+	NOT-FOR-US: Pi Camera
 CVE-2024-44808 (An issue in Vypor Attack API System v.1.0 allows a remote attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Vypor Attack API System
 CVE-2024-44400 (D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection via upgra ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-44383 (WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_in ...)
-	TODO: check
+	NOT-FOR-US: WAYOS
 CVE-2024-43405 (Nuclei is a vulnerability scanner powered by YAML based templates. Sta ...)
-	TODO: check
+	NOT-FOR-US: Nuclei
 CVE-2024-43402 (Rust is a programming language. The fix for CVE-2024-24576, where `std ...)
 	- rustc <not-affected> (Only affects rustc on Windows)
 	NOTE: https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj
 CVE-2024-42642 (Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Micron Crucial MX500 Series Solid State Drives M3CR04
 CVE-2024-42039 (Access control vulnerability in the SystemUI module Impact: Successful ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2024-41927 (Cleartext transmission of sensitive information vulnerability exists i ...)
 	TODO: check
 CVE-2024-41716 (Cleartext storage of sensitive information vulnerability exists in Win ...)
@@ -579,13 +579,13 @@ CVE-2024-8374 (UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vul
 CVE-2024-8371
 	REJECTED
 CVE-2024-7654 (An ActiveMQ Discovery service was reachable by default from an OpenEdg ...)
-	TODO: check
+	NOT-FOR-US: OpenEdge
 CVE-2024-7619
 	REJECTED
 CVE-2024-7346 (Host name validation for TLS certificates is bypassed when the install ...)
-	TODO: check
+	NOT-FOR-US: OpenEdge
 CVE-2024-7345 (Local ABL Client bypass of the required PASOE security checks may allo ...)
-	TODO: check
+	NOT-FOR-US: OpenEdge
 CVE-2024-6473 (Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulne ...)
 	NOT-FOR-US: Yandex Browser for Desktop
 CVE-2024-4629 (A vulnerability was found in Keycloak. This flaw allows attackers to b ...)
@@ -605,7 +605,7 @@ CVE-2024-45391 (Tina is an open-source content management system (CMS). Sites bu
 CVE-2024-45390 (@blakeembrey/template is a string template library. Prior to version 1 ...)
 	NOT-FOR-US: @blakeembrey/template
 CVE-2024-45389 (Pagefind, a fully static search library, initializes its dynamic JavaS ...)
-	TODO: check
+	NOT-FOR-US: Pagefind
 CVE-2024-45307 (SudoBot, a Discord moderation bot, is vulnerable to privilege escalati ...)
 	NOT-FOR-US: SudoBot
 CVE-2024-45180 (SquaredUp DS for SCOM 6.2.1.11104 allows XSS.)
@@ -748,9 +748,9 @@ CVE-2024-6919 (Improper Neutralization of Special Elements used in an SQL Comman
 CVE-2024-45622 (ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3 ...)
 	NOT-FOR-US: ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3)
 CVE-2024-45621 (The Electron desktop application of Rocket.Chat through 6.3.4 allows s ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2024-45388 (Hoverfly is a lightweight service virtualization/ API simulation / API ...)
-	TODO: check
+	NOT-FOR-US: Hoverfly
 CVE-2024-45313 (Overleaf is a web-based collaborative LaTeX editor. When installing Se ...)
 	TODO: check
 CVE-2024-45312 (Overleaf is a web-based collaborative LaTeX editor. Overleaf Community ...)
@@ -758,7 +758,7 @@ CVE-2024-45312 (Overleaf is a web-based collaborative LaTeX editor. Overleaf Com
 CVE-2024-45311 (Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ...)
 	TODO: check
 CVE-2024-45308 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
-	TODO: check
+	NOT-FOR-US: HedgeDoc
 CVE-2024-45306 (Vim is an open source, command line text editor. Patch v9.1.0038 optim ...)
 	- vim 2:9.1.0709-1
 	[bookworm] - vim <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e0e2c2a805e6bc8d45b4de8330bda20728a164

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e0e2c2a805e6bc8d45b4de8330bda20728a164
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240905/52731e55/attachment.htm>

More information about the debian-security-tracker-commits mailing list