[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 08 Aug 2024 13:25:12 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cb8f9fee by Salvatore Bonaccorso at 2024-08-08T22:24:06+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2024-7554 (An issue has been discovered in GitLab CE/EE 
affecting all versio
        - gitlab <unfixed>
        NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/471555
 CVE-2024-7490 (Improper Input Validation vulnerability in Microchip Techology 
Advance ...)
-       TODO: check
+       NOT-FOR-US: Microchip
 CVE-2024-7480 (AnImproper access control vulnerability was found in Avaya Aura 
System ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2024-7477 (A SQL injection vulnerability was found which could allow a 
command li ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2024-7394 (Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2024-7123
        REJECTED
 CVE-2024-7121
@@ -37,67 +37,67 @@ CVE-2024-4207 (A cross-site scripting issue has been 
discovered in GitLab affect
        NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/458236
        NOTE: https://hackerone.com/reports/2473917
 CVE-2024-42493 (Dorsett Controls InfoScan is vulnerable due to a leak of 
possible  sen ...)
-       TODO: check
+       NOT-FOR-US: Dorsett Controls InfoScan
 CVE-2024-42408 (The InfoScan client download page can be intercepted with a 
proxy, to  ...)
-       TODO: check
+       NOT-FOR-US: Dorsett Controls InfoScan
 CVE-2024-42366 (VRCX is an assistant/companion application for VRChat. In 
versions pri ...)
-       TODO: check
+       NOT-FOR-US: VRCX
 CVE-2024-42365 (Asterisk is an open source private branch exchange (PBX) and 
telephony ...)
        TODO: check
 CVE-2024-42357 (Shopware is an open commerce platform. Prior to versions 
6.6.5.1 and 6 ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2024-42356 (Shopware is an open commerce platform. Prior to versions 
6.6.5.1 and 6 ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2024-42355 (Shopware, an open ecommerce platform, has a new Twig Tag 
`sw_silent_fe ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2024-42354 (Shopware is an open commerce platform. The store-API works 
with regula ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2024-42038 (Vulnerability of PIN enhancement failures in the screen lock 
module Im ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42037 (Vulnerability of uncaught exceptions in the Graphics module 
Impact: Su ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42036 (Access permission verification vulnerability in the Notepad 
module Imp ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42035 (Permission control vulnerability in the App Multiplier module 
Impact:S ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42034 (LaunchAnywhere vulnerability in the account module. Impact: 
Successful ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42033 (Access control vulnerability in the security verification 
module mpact ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42032 (Access permission verification vulnerability in the Contacts 
module Im ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42031 (Access permission verification vulnerability in the Settings 
module. I ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42030 (Access permission verification vulnerability in the content 
sharing po ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2024-42001 (An improper authentication vulnerability affecting Vonets      
    ind ...)
-       TODO: check
+       NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-41942 (JupyterHub is software that allows one to create a multi-user 
server f ...)
        TODO: check
 CVE-2024-41936 (A directory traversal vulnerability affecting Vonets 
industrial wifi b ...)
-       TODO: check
+       NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-41238 (A SQL injection vulnerability in /smsa/student_login.php in 
Kashipara  ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Responsive School Management System
 CVE-2024-41161 (Use of hard-coded credentials vulnerability affecting Vonets 
industria ...)
-       TODO: check
+       NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-40488 (A Cross-Site Request Forgery (CSRF) vulnerability was found in 
the Kas ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Live Membership System
 CVE-2024-40487 (A Stored Cross Site Scripting (XSS) vulnerability was found in 
"/view_ ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Live Membership System
 CVE-2024-40486 (A SQL injection vulnerability in "/index.php" of Kashipara 
Live Member ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Live Membership System
 CVE-2024-40484 (A Reflected Cross Site Scripting (XSS) vulnerability was found 
in "/oa ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Old Age Home Management System
 CVE-2024-40482 (An Unrestricted file upload vulnerability was found in 
"/Membership/ed ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Live Membership System
 CVE-2024-40481 (A Stored Cross Site Scripting (XSS) vulnerability was found in 
"/admin ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Old Age Home Management System
 CVE-2024-40477 (A SQL injection vulnerability in 
"/oahms/admin/forgot-password.php" in ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Old Age Home Management System
 CVE-2024-40476 (A Cross-Site Request Forgery (CSRF) vulnerability was found in 
SourceC ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Best House Rental Management System
 CVE-2024-40475 (SourceCodester Best House Rental Management System v1.0 is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Best House Rental Management System
 CVE-2024-3958 (An issue has been discovered in GitLab CE/EE affecting all 
versions be ...)
        TODO: check
 CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is 
vulnerable t ...)
@@ -107,9 +107,9 @@ CVE-2024-3114 (An issue was discovered in GitLab CE/EE 
affecting all versions st
 CVE-2024-3035 (A permission check vulnerability in GitLab CE/EE affecting all 
version ...)
        TODO: check
 CVE-2024-39815 (Improper check or handling of exceptional conditions 
vulnerability  af ...)
-       TODO: check
+       NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-39791 (Stack-based buffer overflow vulnerabilities affecting Vonets   
     in ...)
-       TODO: check
+       NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-39287 (Dorsett Controls Central Server update server has potential 
informatio ...)
        TODO: check
 CVE-2024-37382 (An issue discovered in import host feature in Ab Initio 
Metadata Hub a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb8f9feeee82724cadb8d4b1bade9ca788f92a3d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb8f9feeee82724cadb8d4b1bade9ca788f92a3d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to