[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 10 06:36:37 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb74a2ae by Salvatore Bonaccorso at 2024-09-10T07:34:40+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,17 +11,17 @@ CVE-2024-8372 (Improper sanitization of the value of the '[srcset]' attribute in
 CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and August 14,  ...)
 	NOT-FOR-US: Rapid7 Insight Platform
 CVE-2024-7341 (A session fixation issue was discovered in the SAML adapters provided  ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2024-7318 (A vulnerability was found in Keycloak. Expired OTP codes are still usa ...)
 	NOT-FOR-US: Keycloak
 CVE-2024-7260 (An open redirect vulnerability was found in Keycloak. A specially craf ...)
 	NOT-FOR-US: Keycloak
 CVE-2024-7015 (Improper Authentication, Missing Authentication for Critical Function, ...)
-	TODO: check
+	NOT-FOR-US: Profelis Informatics and Consulting PassBox
 CVE-2024-6796 (In Baxter Connex health portal released before 8/30/2024, an improper  ...)
-	TODO: check
+	NOT-FOR-US: Baxter Connex health portal
 CVE-2024-6795 (In Connex health portal released before8/30/2024, SQL injection vulner ...)
-	TODO: check
+	NOT-FOR-US: Baxter Connex health portal
 CVE-2024-6572 (Improper host key checking in active check 'Check SFTP Service' and sp ...)
 	TODO: check
 CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances, the san ...)
@@ -37,53 +37,53 @@ CVE-2024-45406 (Craft is a content management system (CMS). Craft CMS 5 stored X
 CVE-2024-45296 (path-to-regexp turns path strings into a regular expressions. In certa ...)
 	TODO: check
 CVE-2024-45041 (External Secrets Operator is a Kubernetes operator that integrates ext ...)
-	TODO: check
+	NOT-FOR-US: External Secrets Kubernetes Operator
 CVE-2024-44902 (A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows at ...)
-	TODO: check
+	NOT-FOR-US: Thinkphp
 CVE-2024-44849 (Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via A ...)
-	TODO: check
+	NOT-FOR-US: Qualitor
 CVE-2024-44725 (AutoCMS v5.4 was discovered to contain a SQL injection vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: AutoCMS
 CVE-2024-44724 (AutoCMS v5.4 was discovered to contain a PHP code injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: AutoCMS
 CVE-2024-44721 (SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) vi ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-44720 (SeaCMS v13.1 was discovered to an arbitrary file read vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-44375 (D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the d ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-44335 (D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.0 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-44334 (D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-44333 (D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-44085 (ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Docs
 CVE-2024-42759 (An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate  ...)
-	TODO: check
+	NOT-FOR-US: Ellevo
 CVE-2024-42500 (HPE has identified a denial of service vulnerability in HPE HP-UX Syst ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-40643 (Joplin is a free, open source note taking and to-do application. Jopli ...)
 	TODO: check
 CVE-2024-37288 (A deserialization issue in Kibana can lead to arbitrary code execution ...)
 	TODO: check
 CVE-2024-27387 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27383 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27368 (An issue was discovered in Samsung Mobile Processor Exynos Mobile Proc ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27367 (An issue was discovered in Samsung Mobile Processor Exynos Wearable Pr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27366 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27364 (An issue was discovered in Mobile Processor, Wearable Processor Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows ...)
 	TODO: check
 CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediat ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Docs
 CVE-2024-8586 (WebITR from Uniong has an Open Redirect vulnerability, which allows un ...)
 	NOT-FOR-US: WebITR
 CVE-2024-8585 (Orca HCM from LEARNING DIGITA does not properly restrict a specific pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb74a2ae77341cced2eb65b43c1852b54e3a93d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb74a2ae77341cced2eb65b43c1852b54e3a93d6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240910/13a92bf6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list