[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 30 21:30:34 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b48fbfb3 by Salvatore Bonaccorso at 2024-09-30T22:30:08+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2024-9158 (A stored cross site scripting vulnerability exists in Nessus Network M ...)
 	TODO: check
 CVE-2024-6394 (A Local File Inclusion vulnerability exists in parisneo/lollms-webui v ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-6051 (Cross Application Scripting vulnerability in Vercom S.A. Redlink SDKin ...)
-	TODO: check
+	NOT-FOR-US: Vercom S.A. Redlink SDK
 CVE-2024-47641 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-47536 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
 	TODO: check
 CVE-2024-47532 (RestrictedPython is a restricted execution environment for Python to r ...)
@@ -17,33 +17,33 @@ CVE-2024-47530 (Scout is a web-based visualizer for VCF-files. Open redirect vul
 CVE-2024-47178 (basic-auth-connect is Connect's Basic Auth middleware in its own modul ...)
 	TODO: check
 CVE-2024-47172 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
-	TODO: check
+	NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2024-47067 (AList is a file list program that supports multiple storages. AList co ...)
-	TODO: check
+	NOT-FOR-US: AList
 CVE-2024-47064 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
-	TODO: check
+	NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2024-47063 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
-	TODO: check
+	NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2024-46635 (An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INRO ...)
-	TODO: check
+	NOT-FOR-US: INROAD
 CVE-2024-46549 (An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-46548 (TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-46540 (A remote code execution (RCE) vulnerability in the component /admin/st ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2024-46511 (LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure perm ...)
-	TODO: check
+	NOT-FOR-US: LoadZilla LLC LoadLogic
 CVE-2024-46510 (ESAFENET CDG v5 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET CDG
 CVE-2024-46475 (A reflected cross-site scripting (XSS) vulnerability on the homepage o ...)
-	TODO: check
+	NOT-FOR-US: Metronic Admin Dashboard Template
 CVE-2024-46313 (TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid para ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-46293 (Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to In ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Online Medicine Ordering System
 CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access  ...)
-	TODO: check
+	NOT-FOR-US: PIX-LINK
 CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2 ...)
 	TODO: check
 CVE-2024-45920 (A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 al ...)
@@ -51,19 +51,19 @@ CVE-2024-45920 (A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.
 CVE-2024-45792 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a ...)
 	TODO: check
 CVE-2024-42017 (An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The ...)
-	TODO: check
+	NOT-FOR-US: Atos Eviden iCare
 CVE-2024-35495 (An Information Disclosure vulnerability in the Telemetry component in  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-28813 (An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented pri ...)
-	TODO: check
+	NOT-FOR-US: Infinera hiT 7300
 CVE-2024-28812 (An issue was discovered in Infinera hiT 7300 5.60.50. A hidden SSH ser ...)
-	TODO: check
+	NOT-FOR-US: Infinera hiT 7300
 CVE-2024-28811 (An issue was discovered in Infinera hiT 7300 5.60.50. A web applicatio ...)
-	TODO: check
+	NOT-FOR-US: Infinera hiT 7300
 CVE-2024-28810 (An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Infinera hiT 7300
 CVE-2024-28809 (An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storag ...)
-	TODO: check
+	NOT-FOR-US: Infinera hiT 7300
 CVE-2024-46869 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48fbfb36faee71e639dc677c970247b50e21bce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48fbfb36faee71e639dc677c970247b50e21bce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240930/404679bf/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list