[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 21 Aug 2024 13:24:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
72916122 by Salvatore Bonaccorso at 2024-08-21T22:23:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
 CVE-2024-7795 (Autel MaxiCharger AC Elite Business C50 
AppAuthenExchangeRandomNum Sta ...)
-       TODO: check
+       NOT-FOR-US: Autel
 CVE-2024-7757
        REJECTED
 CVE-2024-7725 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Foxit PDF Reader
 CVE-2024-7724 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Foxit PDF Reader
 CVE-2024-7723 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Foxit PDF Reader
 CVE-2024-7722 (Foxit PDF Reader Doc Object Use-After-Free Information 
Disclosure Vuln ...)
-       TODO: check
+       NOT-FOR-US: Foxit PDF Reader
 CVE-2024-7604 (Logsign Unified SecOps Platform Incorrect Authorization 
Authentication ...)
-       TODO: check
+       NOT-FOR-US: Logsign
 CVE-2024-7603 (Logsign Unified SecOps Platform Directory Traversal Arbitrary 
Director ...)
-       TODO: check
+       NOT-FOR-US: Logsign
 CVE-2024-7602 (Logsign Unified SecOps Platform Directory Traversal Information 
Disclo ...)
-       TODO: check
+       NOT-FOR-US: Logsign
 CVE-2024-7601 (Logsign Unified SecOps Platform Directory 
data_export_delete_all Trave ...)
-       TODO: check
+       NOT-FOR-US: Logsign
 CVE-2024-7600 (Logsign Unified SecOps Platform Directory Traversal Arbitrary 
File Del ...)
-       TODO: check
+       NOT-FOR-US: Logsign
 CVE-2024-7448 (Magnet Forensics AXIOM Command Injection Remote Code Execution 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Magnet Forensics
 CVE-2024-6814 (NETGEAR ProSAFE Network Management System getFilterString SQL 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2024-6813 (NETGEAR ProSAFE Network Management System getSortString SQL 
Injection  ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2024-6812 (IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code 
Execution V ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2024-6811 (IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code 
Execution V ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2024-6141 (Windscribe Directory Traversal Local Privilege Escalation 
Vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Windscribe
 CVE-2024-5930 (VIPRE Advanced Security Incorrect Permission Assignment Local 
Privileg ...)
-       TODO: check
+       NOT-FOR-US: VIPRE
 CVE-2024-5929 (VIPRE Advanced Security PMAgent Uncontrolled Search Path 
Element Local ...)
-       TODO: check
+       NOT-FOR-US: VIPRE
 CVE-2024-5928 (VIPRE Advanced Security PMAgent Link Following Local Privilege 
Escalat ...)
-       TODO: check
+       NOT-FOR-US: VIPRE
 CVE-2024-5762 (Zen Cart findPluginAdminPage Local File Inclusion Remote Code 
Executio ...)
-       TODO: check
+       NOT-FOR-US: Zen Cart
 CVE-2024-5725 (Centreon initCurveList SQL Injection Remote Code Execution 
Vulnerabili ...)
        TODO: check
 CVE-2024-5723 (Centreon updateServiceHost SQL Injection Remote Code Execution 
Vulnera ...)
        TODO: check
 CVE-2024-5335 (The Ultimate Store Kit Elementor Addons, Woocommerce Builder, 
EDD Buil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-43411 (CKEditor4 is an open source what-you-see-is-what-you-get HTML 
editor.  ...)
        TODO: check
 CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an 
untrusted a ...)
@@ -53,39 +53,39 @@ CVE-2024-43410 (Russh is a Rust SSH client & server 
library. Allocating an untru
 CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML 
editor.  ...)
        TODO: check
 CVE-2024-43371 (CKAN is an open-source data management system for powering 
data hubs a ...)
-       TODO: check
+       NOT-FOR-US: CKAN
 CVE-2024-43027 (DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 
before v1. ...)
-       TODO: check
+       NOT-FOR-US: DrayTek
 CVE-2024-43022 (An issue in the downloader.php component of TOSEI online store 
managem ...)
-       TODO: check
+       NOT-FOR-US: TOSEI online store management system
 CVE-2024-42786 (A SQL injection vulnerability in "/music/view_user.php" in 
Kashipara M ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42785 (A SQL injection vulnerability in 
/music/index.php?page=view_playlist i ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42784 (A SQL injection vulnerability in 
"/music/controller.php?page=view_musi ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42783 (Kashipara Music Management System v1.0 is vulnerable to SQL 
Injection  ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42782 (A SQL injection vulnerability in 
"/music/ajax.php?action=find_music" i ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42781 (A SQL injection vulnerability in 
"/music/ajax.php?action=login" of Kas ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42780 (An Unrestricted file upload vulnerability was found in 
"/music/ajax.ph ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42779 (An Unrestricted file upload vulnerability was found in 
"/music/ajax.ph ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42778 (An Unrestricted file upload vulnerability was found in 
"/music/ajax.ph ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42777 (An Unrestricted file upload vulnerability was found in 
"/music/ajax.ph ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42550 (A cross-site scripting (XSS) vulnerability in the component 
/email/wel ...)
-       TODO: check
+       NOT-FOR-US: Mini Inventory and Sales Management System
 CVE-2024-41937 (Apache Airflow, versions before 2.10.0, have a vulnerability 
that allo ...)
        TODO: check
 CVE-2024-41675 (CKAN is an open-source data management system for powering 
data hubs a ...)
-       TODO: check
+       NOT-FOR-US: CKAN
 CVE-2024-41674 (CKAN is an open-source data management system for powering 
data hubs a ...)
-       TODO: check
+       NOT-FOR-US: CKAN
 CVE-2024-41572 (Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site 
Scripting  ...)
        TODO: check
 CVE-2024-40453 (squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was 
discovered to  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72916122e1633997150da76aab353c8ec9752284

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72916122e1633997150da76aab353c8ec9752284
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to