[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd02ce70 by Moritz Muehlenhoff at 2024-04-04T11:36:04+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,18 +37,18 @@ CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earli
 CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated  ...)
 	NOT-FOR-US: SEEnergy Corp SVR-116
 CVE-2024-29008 (A problem has been identified in the CloudStack additional VM configur ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2024-29007 (The CloudStack management server and secondary storage VM could be tri ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2024-29006 (By default the CloudStack management server honours the x-forwarded-fo ...)
-	TODO: check
+	NOT-FOR-US: Apache CloudStack
 CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	- suricata 1:7.0.4-1
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8
 	NOTE: https://redmine.openinfosecfoundation.org/issues/6800
 	NOTE: https://redmine.openinfosecfoundation.org/issues/6801
 CVE-2024-28520 (File Upload vulnerability in Byzoro Networks Smart multi-service secur ...)
-	TODO: check
+	NOT-FOR-US: Byzoro
 CVE-2024-27706 (Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows a ...)
 	NOT-FOR-US: Huily Platform
 CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers ...)
@@ -58,7 +58,7 @@ CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and
 CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...)
 	NOT-FOR-US: WRC-X3200GST3-B
 CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17. ...)
-	TODO: check
+	NOT-FOR-US: Advanced REST Client
 CVE-2024-1418 (The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensiti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-52043 (An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home M ...)
@@ -100,13 +100,13 @@ CVE-2024-3179 (Concrete CMS version 9 before 9.2.8 and previous versions before
 CVE-2024-3178 (Concrete CMS versions 9 below 9.2.8 and versions below8.5.16 are vulne ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2024-31420 (A NULL pointer dereference flaw was found in KubeVirt. This flaw allow ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2024-31419 (An information disclosure flaw was found in OpenShift Virtualization.  ...)
 	NOT-FOR-US: Red Hat OpenShift Virtualization
 CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to be loa ...)
-	TODO: check
+	- firefox <not-affected> (Only affects Firefox for iOS)
 CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...)
-	TODO: check
+	- firefox <not-affected> (Only affects Firefox for iOS)
 CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
@@ -154,9 +154,9 @@ CVE-2024-2758 (Tempesta FW rate limits are not enabled by default. They are eith
 CVE-2024-2753 (Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5 ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2024-2653 (amphp/http will collect CONTINUATION frames in an unbounded buffer and ...)
-	TODO: check
+	NOT-FOR-US: amphp/http
 CVE-2024-29477 (Lack of sanitization during Installation Process in Dolibarr ERP CRM u ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2024-28782 (IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pa ...)
 	NOT-FOR-US: IBM
 CVE-2024-28275 (Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovere ...)
@@ -252,7 +252,7 @@ CVE-2024-1180 (TP-Link Omada ER605 Access Control Command Injection Remote Code
 CVE-2024-0394 (Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege esca ...)
 	NOT-FOR-US: Rapid7 Minerva Armor
 CVE-2024-0335 (ABB has internally identified a vulnerability in the ABB VPNI feature  ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2024-0172 (Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an imp ...)
 	NOT-FOR-US: Dell
 CVE-2023-5755
@@ -260,17 +260,17 @@ CVE-2023-5755
 CVE-2023-52296 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
 	NOT-FOR-US: IBM
 CVE-2023-45552 (In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulner ...)
-	TODO: check
+	NOT-FOR-US: VeridiumID
 CVE-2023-44040 (In VeridiumID before 3.5.0, the identity provider page is susceptible  ...)
-	TODO: check
+	NOT-FOR-US: VeridiumID
 CVE-2023-44039 (In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauth ...)
-	TODO: check
+	NOT-FOR-US: VeridiumID
 CVE-2023-44038 (In VeridiumID before 3.5.0, the identity provider page allows an unaut ...)
-	TODO: check
+	NOT-FOR-US: VeridiumID
 CVE-2023-38729 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)10.5, ...)
 	NOT-FOR-US: IBM
 CVE-2023-35812 (An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 fo ...)
-	TODO: check
+	NOT-FOR-US: Incomplate OpenSSH backport in Amazon Linux
 CVE-2024-26779 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f (6.8-rc2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd02ce7046b91a4fecd118d8333b4b277972968e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd02ce7046b91a4fecd118d8333b4b277972968e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240404/105babca/attachment.htm>