[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 30 Jul 2024 13:30:16 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
43b5580e by Salvatore Bonaccorso at 2024-07-30T22:29:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,59 +1,59 @@
 CVE-2024-7297 (Langflow versions prior to 1.0.13 suffer from a Privilege 
Escalation v ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2024-7226 (A vulnerability was found in SourceCodester Medicine Tracker 
System 1. ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Medicine Tracker System
 CVE-2024-7225 (A vulnerability was found in SourceCodester Insurance 
Management Syste ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Insurance Management System
 CVE-2024-7209 (A vulnerability exists in the use of shared SPF records in 
multi-tenan ...)
        TODO: check
 CVE-2024-7208 (Hosted services do not verify the sender of an email against 
authentic ...)
        TODO: check
 CVE-2024-7127 (Improper Neutralization of Input During Web Page Generation 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Stackposts Social Marketing Tool
 CVE-2024-6699 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Mikafon Electronic Inc. Mikafon MA7
 CVE-2024-5486 (A vulnerability exists in ClearPass Policy Manager that allows 
for an  ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2024-5250 (In versions of Akana API Platform prior to 2024.1.0 overly 
verbose err ...)
-       TODO: check
+       NOT-FOR-US: Akana API Platform
 CVE-2024-5249 (In versions of Akana API Platform prior to 2024.1.0, SAML 
tokens can b ...)
-       TODO: check
+       NOT-FOR-US: Akana API Platform
 CVE-2024-4188 (Unprotected Transport of Credentials vulnerability in 
OpenText\u2122 D ...)
-       TODO: check
+       NOT-FOR-US: OpenText Documentum Server
 CVE-2024-41945 (fuels-ts is a library for interacting with Fuel v2.  The 
typescript SD ...)
        TODO: check
 CVE-2024-41944 (Xibo is a content management system (CMS). An SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Xibo
 CVE-2024-41943 (I, Librarian is an open-source version of a PDF managing SaaS. 
PDF not ...)
        TODO: check
 CVE-2024-41924 (Acceptance of extraneous untrusted data with trusted data 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: EC-CUBE
 CVE-2024-41916 (A vulnerability exists in ClearPass Policy Manager that allows 
for an  ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2024-41915 (A vulnerability in the web-based management interface of 
ClearPass Pol ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2024-41804 (Xibo is a content management system (CMS). An SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Xibo
 CVE-2024-41803 (Xibo is a content management system (CMS). An SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Xibo
 CVE-2024-41802 (Xibo is a content management system (CMS). An SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Xibo
 CVE-2024-41702 (SiberianCMS - CWE-89: Improper Neutralization of Special 
Elements used ...)
-       TODO: check
+       NOT-FOR-US: SiberianCMS
 CVE-2024-41701 (AccuPOS - CWE-200: Exposure of Sensitive Information to an 
Unauthorize ...)
-       TODO: check
+       NOT-FOR-US: AccuPOS
 CVE-2024-41696 (Priority   PRI WEB PortalAdd-On for Priority ERP on prem  - 
CWE-200: E ...)
-       TODO: check
+       NOT-FOR-US: Priority PRI WEB Portal Add-On for Priority ERP on prem
 CVE-2024-41695 (Cybonet - CWE-22: Improper Limitation of a Pathname to a 
Restricted Di ...)
-       TODO: check
+       NOT-FOR-US: Cybonet
 CVE-2024-41694 (Cybonet - CWE-200: Exposure of Sensitive Information to an 
Unauthorize ...)
-       TODO: check
+       NOT-FOR-US: Cybonet
 CVE-2024-41693 (Mashov - CWE-80: Improper Neutralization of Script-Related 
HTML Tags i ...)
-       TODO: check
+       NOT-FOR-US: Mashov
 CVE-2024-41611 (In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet 
service c ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-41610 (D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains 
hardcoded cr ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-41443 (A stack overflow in the function cp_dynamic() 
(/vendor/cute_png.h) of  ...)
        TODO: check
 CVE-2024-41440 (A heap buffer overflow in the function png_quantize() of 
hicolor v0.5. ...)
@@ -65,19 +65,19 @@ CVE-2024-41438 (A heap buffer overflow in the function 
cp_stored() (/vendor/cute
 CVE-2024-41437 (A heap buffer overflow in the function cp_unfilter() 
(/vendor/cute_png ...)
        TODO: check
 CVE-2024-41305 (A Server-Side Request Forgery (SSRF) in the Plugins Page of 
WonderCMS  ...)
-       TODO: check
+       NOT-FOR-US: WonderCMS
 CVE-2024-41304 (An arbitrary file upload vulnerability in the 
uploadFileAction() funct ...)
-       TODO: check
+       NOT-FOR-US: WonderCMS
 CVE-2024-41141 (Stored cross-site scripting vulnerability exists in EC-CUBE 
Web API Pl ...)
-       TODO: check
+       NOT-FOR-US: EC-CUBE
 CVE-2024-41109 (Pimcore's Admin Classic Bundle provides a backend user 
interface for P ...)
-       TODO: check
+       NOT-FOR-US: Pimcore
 CVE-2024-40895 (FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that 
implement/ ...)
-       TODO: check
+       NOT-FOR-US: FFRI AMC
 CVE-2024-3930 (In versions of Akana API Platform prior to 2024.1.0a flaw 
resulting in ...)
-       TODO: check
+       NOT-FOR-US: Akana API Platform
 CVE-2024-39320 (Discourse is an open source discussion platform. Prior to 
3.2.5 and 3. ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-39012 (ais-ltd strategyen v0.4.0 was discovered to contain a 
prototype pollut ...)
        TODO: check
 CVE-2024-39011 (Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows 
attackers  ...)
@@ -85,11 +85,11 @@ CVE-2024-39011 (Prototype Pollution in chargeover redoc 
v2.0.9-rc.69 allows atta
 CVE-2024-39010 (chase-moskal snapstate v0.0.9 was discovered to contain a 
prototype po ...)
        TODO: check
 CVE-2024-38986 (Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers 
to execu ...)
-       TODO: check
+       NOT-FOR-US: 75lb deep-merge
 CVE-2024-38984 (Prototype Pollution in lukebond json-override 0.2.0 allows 
attackers t ...)
        TODO: check
 CVE-2024-38909 (Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access 
Control. C ...)
-       TODO: check
+       NOT-FOR-US: Studio 42 elFinder
 CVE-2024-38432 (MatrixTafnit v8   -     CWE-646: Reliance on File Name or 
Extension of ...)
        TODO: check
 CVE-2024-38431 (MatrixTafnit v8   -   CWE-204: Observable Response Discrepancy)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b5580e1db32a632fc9126439257a5f7f5570f4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b5580e1db32a632fc9126439257a5f7f5570f4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to