[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Apr 5 12:52:47 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc6c1ce0 by Moritz Muehlenhoff at 2024-04-05T13:52:22+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2024-3311 (A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has be
 CVE-2024-3217 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-31498 (ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge ...)
-	TODO: check
+	NOT-FOR-US: ykman-gui
 CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL  ...)
 	NOT-FOR-US: InstantCMS
 CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possible fo ...)
@@ -22,43 +22,43 @@ CVE-2024-31210 (WordPress is an open publishing platform for the Web. It's possi
 	NOTE: https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x79f-xrjv-jx5r
 CVE-2024-31206 (dectalk-tts is a Node package to interact with the aeiou Dectalk web A ...)
-	TODO: check
+	NOT-FOR-US: Node dectalk-tts
 CVE-2024-31204 (mailcow: dockerized is an open source groupware/email suite based on d ...)
-	TODO: check
+	NOT-FOR-US: mailcow
 CVE-2024-30891 (A command injection vulnerability exists in /goform/exeCommand in Tend ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-30849 (Arbitrary file upload vulnerability in Sourcecodester Complete E-Comme ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite based on d ...)
-	TODO: check
+	NOT-FOR-US: mailcow
 CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected cross-site scri ...)
-	TODO: check
+	NOT-FOR-US: Typebot
 CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks  WordPress plugin before 3.2.26 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29981 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-29863 (A race condition in the installer executable in Qlik Qlikview before v ...)
-	TODO: check
+	NOT-FOR-US: Qlikview
 CVE-2024-29672 (Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 al ...)
-	TODO: check
+	NOT-FOR-US: zly2006 Reden
 CVE-2024-29049 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-27981 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...)
-	TODO: check
+	NOT-FOR-US: Unifi
 CVE-2024-27448 (MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Con ...)
-	TODO: check
+	NOT-FOR-US: MailDev 2
 CVE-2024-26329 (Chilkat before v9.5.0.98, allows attackers to obtain sensitive informa ...)
-	TODO: check
+	NOT-FOR-US: Chilkat
 CVE-2024-22363 (SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expre ...)
-	TODO: check
+	NOT-FOR-US: SheetJS
 CVE-2024-21894 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-5973 (Brocade  Web Interface in Brocade Fabric OS v9.x and before v9.2.0 doe ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2023-52235 (SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish  ...)
-	TODO: check
+	NOT-FOR-US: SpaceX
 CVE-2024-3299 (Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free  ...)
 	NOT-FOR-US: Solidworks
 CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the fi ...)
@@ -69,15 +69,15 @@ CVE-2024-3262 (Information exposure vulnerability in RT software affecting versi
 	NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a
 	NOTE: https://github.com/bestpractical/rt/commit/468f86bd3e82c3b5b5ef7087d416a7509d4b1abe
 CVE-2024-3250 (It was discovered that Canonical's Pebble service manager read-file AP ...)
-	TODO: check
+	NOT-FOR-US: Canonical pebble
 CVE-2024-3116 (pgAdmin <= 8.4 is affected by a  Remote Code Execution (RCE) vulnerabi ...)
 	- pgadmin4 <itp> (bug #834129)
 CVE-2024-31215 (Mobile Security Framework (MobSF) is a security research platform for  ...)
 	NOT-FOR-US: Mobile Security Framework (MobSF)
 CVE-2024-31209 (oidcc is the OpenID Connect client library for Erlang. Denial of Servi ...)
-	TODO: check
+	NOT-FOR-US: oidcc
 CVE-2024-31207 (Vite (French word for "quick", pronounced /vit/, like "veet") is a fro ...)
-	TODO: check
+	NOT-FOR-US: vitejs
 CVE-2024-30565 (An issue was discovered in SeaCMS version 12.9, allows remote attacker ...)
 	NOT-FOR-US: SeaCMS
 CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime  ...)
@@ -96,19 +96,19 @@ CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for Node.js.
 	NOTE: https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f (v5.28.4)
 	NOTE: https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75 (v6.11.1)
 CVE-2024-30254 (MesonLSP is an unofficial, unendorsed language server for meson writte ...)
-	TODO: check
+	NOT-FOR-US: MesonLSP
 CVE-2024-30252 (Livemarks is a browser extension that provides RSS feed bookmark folde ...)
-	TODO: check
+	NOT-FOR-US: Livemarks
 CVE-2024-30250 (Astro-Shield is an integration to enhance website security with SubRes ...)
-	TODO: check
+	NOT-FOR-US: Astro-Shield
 CVE-2024-30249 (Cloudburst Network provides network components used within Cloudburst  ...)
-	TODO: check
+	NOT-FOR-US: Cloudburst
 CVE-2024-2759 (Improper access control vulnerability in Apaczka plugin for PrestaShop ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop addon
 CVE-2024-2660 (Vault and Vault Enterprise TLS certificates auth method did not correc ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible when logge ...)
-	TODO: check
+	NOT-FOR-US: Schweitzer Engineering Laboratories
 CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code executi ...)
 	TODO: check
 CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL injection vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc6c1ce0d6f1fe8938704fd00c8ed64ad37a6b56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc6c1ce0d6f1fe8938704fd00c8ed64ad37a6b56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240405/416f7110/attachment.htm>

More information about the debian-security-tracker-commits mailing list