[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 08 Aug 2024 13:55:11 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
65279530 by Salvatore Bonaccorso at 2024-08-08T22:54:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106,7 +106,7 @@ CVE-2024-3958 (An issue has been discovered in GitLab CE/EE 
affecting all versio
        NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/456988
        NOTE: https://hackerone.com/reports/2437784
 CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: KAON AR2140 routers
 CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
        - gitlab <unfixed>
        NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/452547
@@ -120,31 +120,31 @@ CVE-2024-39815 (Improper check or handling of exceptional 
conditions vulnerabili
 CVE-2024-39791 (Stack-based buffer overflow vulnerabilities affecting Vonets   
     in ...)
        NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-39287 (Dorsett Controls Central Server update server has potential 
informatio ...)
-       TODO: check
+       NOT-FOR-US: Dorsett Controls Central Server
 CVE-2024-37382 (An issue discovered in import host feature in Ab Initio 
Metadata Hub a ...)
-       TODO: check
+       NOT-FOR-US: Ab Initio Metadata Hub and Authorization Gateway
 CVE-2024-37023 (Multiple OS command injection vulnerabilities affecting Vonets 
   indu ...)
-       TODO: check
+       NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-2800 (ReDoS flaw in RefMatcher when matching branch names using 
wildcards in ...)
        - gitlab <unfixed>
        NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/451293
        NOTE: https://hackerone.com/reports/2416332
 CVE-2024-29082 (Improper access control vulnerability affecting Vonets   
industrial wi ...)
-       TODO: check
+       NOT-FOR-US: Vonets industrial wifi bridge relays and wifi bridge 
repeaters
 CVE-2024-0108 (NVIDIA Jetson Linux contains a vulnerability in NvGPU where 
error hand ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Jetson Linux
 CVE-2024-0107 (NVIDIA GPU Display Driver for Windows contains a vulnerability 
in the  ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA GPU Display Driver for Windows
 CVE-2024-0104 (NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC 
contain a v ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC
 CVE-2024-0101 (NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC 
contain a v ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC
 CVE-2023-7265 (Permission verification vulnerability in the lock screen module 
Impact ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2023-40261 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 
SR17, 4.0.0  ...)
-       TODO: check
+       NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-33206 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 
SR16, 4.0.0  ...)
-       TODO: check
+       NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2024-7348 (Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in 
Postgr ...)
        - postgresql-16 16.4-1
        - postgresql-15 <removed>
@@ -104661,7 +104661,7 @@ CVE-2023-28866 (In the Linux kernel through 6.2.8, 
net/bluetooth/hci_sync.c allo
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        [buster] - linux <not-affected> (Vulnerable code not present)
 CVE-2023-28865 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 
SR15, 4.0.0  ...)
-       TODO: check
+       NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker 
to expl ...)
        - chef <removed>
        [buster] - chef <not-affected> (chef package does not include upstream 
chef-server)
@@ -119481,11 +119481,11 @@ CVE-2023-24066
 CVE-2023-24065 (NOSH 4a5cfdb allows stored XSS via the create user page. For 
example,  ...)
        NOT-FOR-US: NOSH
 CVE-2023-24064 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 
fails to ...)
-       TODO: check
+       NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-24063 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 
fails t ...)
-       TODO: check
+       NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-24062 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 
SR12, 4.0.0  ...)
-       TODO: check
+       NOT-FOR-US: Diebold Nixdorf Vynamic Security Suite (VSS)
 CVE-2023-24061
        RESERVED
 CVE-2023-24060 (Haven 5d15944 allows Server-Side Request Forgery (SSRF) via 
the feed[u ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6527953076fe08a35f9a4b281c6601afafd99167

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6527953076fe08a35f9a4b281c6601afafd99167
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to