[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 26 Aug 2024 22:25:25 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a75a6b3f by Salvatore Bonaccorso at 2024-08-27T07:24:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2024-7988 (A remote code execution vulnerability exists 
in the Rockwell Auto
 CVE-2024-7987 (A remote code execution vulnerability exists in the Rockwell 
Automatio ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2024-7401 (Netskope was notified about a security gap in Netskope Client 
enrollme ...)
-       TODO: check
+       NOT-FOR-US: Netskope
 CVE-2024-7313 (The Shield Security  WordPress plugin before 20.0.6 does not 
sanitise  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6879 (The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.1 
fails  ...)
@@ -59,21 +59,21 @@ CVE-2024-6879 (The Quiz and Survey Master (QSM)  WordPress 
plugin before 9.1.1 f
 CVE-2024-45265 (A SQL injection vulnerability in the poll component in 
SkySystem Arfa- ...)
        NOT-FOR-US: SkySystem Arfa-CMS
 CVE-2024-45258 (The req package before 3.43.4 for Go may send an unintended 
request wh ...)
-       TODO: check
+       NOT-FOR-US: imroc/req
 CVE-2024-45256 (An arbitrary file write issue in the exfiltration endpoint in 
BYOB (Bu ...)
-       TODO: check
+       NOT-FOR-US: BYOB (Build Your Own Botnet)
 CVE-2024-45241 (A traversal vulnerability in GeneralDocs.aspx in CentralSquare 
CryWolf ...)
        NOT-FOR-US: CentralSquare CryWolf (False Alarm Management)
 CVE-2024-44797 (A cross-site scripting (XSS) vulnerability in the component 
/managers/ ...)
-       TODO: check
+       NOT-FOR-US: Gazelle torrent tracker
 CVE-2024-44796 (A cross-site scripting (XSS) vulnerability in the component 
/auth/Azur ...)
-       TODO: check
+       NOT-FOR-US: Gazelle torrent tracker
 CVE-2024-44795 (A cross-site scripting (XSS) vulnerability in the component 
/login/dis ...)
-       TODO: check
+       NOT-FOR-US: Gazelle torrent tracker
 CVE-2024-44794 (A cross-site scripting (XSS) vulnerability in the component 
/master/au ...)
-       TODO: check
+       NOT-FOR-US: PicUploader
 CVE-2024-44793 (A cross-site scripting (XSS) vulnerability in the component 
/managers/ ...)
-       TODO: check
+       NOT-FOR-US: Gazelle torrent tracker
 CVE-2024-44565 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the 
serverName par ...)
        NOT-FOR-US: Tenda
 CVE-2024-44563 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the 
iptv.stb.port  ...)
@@ -121,7 +121,7 @@ CVE-2024-43283 (Exposure of Sensitive Information to an 
Unauthorized Actor vulne
 CVE-2024-42913 (RuoYi CMS v4.7.9 was discovered to contain a SQL injection 
vulnerabili ...)
        NOT-FOR-US: RuoYi CMS
 CVE-2024-42906 (TestLink before v.1.9.20 is vulnerable to Cross Site Scripting 
(XSS) v ...)
-       TODO: check
+       NOT-FOR-US: TestLink
 CVE-2024-42818 (A cross-site scripting (XSS) vulnerability in the 
Config-Create functi ...)
        TODO: check
 CVE-2024-42816 (A cross-site scripting (XSS) vulnerability in the Create 
Product funct ...)
@@ -147,13 +147,13 @@ CVE-2024-41444 (SeaCMS v12.9 has a SQL injection 
vulnerability in the key parame
 CVE-2024-41285 (A stack overflow in FAST FW300R v1.3.13 Build 141023 
Rel.61347n allows ...)
        NOT-FOR-US: FAST FW300R
 CVE-2024-39097 (There is an Open Redirect vulnerability in Gnuboard v6.0.4 and 
below v ...)
-       TODO: check
+       NOT-FOR-US: Gnuboard
 CVE-2024-38859 (XSS in the view page with the SLA column configured in Checkmk 
version ...)
        TODO: check
 CVE-2024-34087 (An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 
6.0.24. ...)
-       TODO: check
+       NOT-FOR-US: BPQ32 HTTP Server in BPQ32
 CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet 
devices. S ...)
-       TODO: check
+       NOT-FOR-US: GL-iNet devices
 CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on 
Unix pla ...)
        - apr <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1
@@ -117229,7 +117229,7 @@ CVE-2023-26317 (A vulnerability has been discovered 
in Xiaomi routers that could
 CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service 
Application pro ...)
        NOT-FOR-US: Xiaomi
 CVE-2023-26315 (The Xiaomi router AX9000 has a post-authentication command 
injection v ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi
 CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: MedData Informatics MedDataPACS
 CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent 
Sandbox CLI f ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a75a6b3fdc038d89fa1f16d734c247c0a0c44994

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a75a6b3fdc038d89fa1f16d734c247c0a0c44994
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to