[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Apr 5 13:39:31 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c2f14b1 by Moritz Muehlenhoff at 2024-04-05T14:39:03+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -110,57 +110,57 @@ CVE-2024-2660 (Vault and Vault Enterprise TLS certificates auth method did not c
 CVE-2024-2103 (Inclusion of undocumented features vulnerability accessible when logge ...)
 	NOT-FOR-US: Schweitzer Engineering Laboratories
 CVE-2024-29387 (projeqtor up to 11.2.0 was discovered to contain a remote code executi ...)
-	TODO: check
+	NOT-FOR-US: projeqtor
 CVE-2024-29386 (projeqtor up to 11.2.0 was discovered to contain a SQL injection vulne ...)
-	TODO: check
+	NOT-FOR-US: projeqtor
 CVE-2024-29193 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...)
-	TODO: check
+	NOT-FOR-US: gotortc
 CVE-2024-29192 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...)
-	TODO: check
+	NOT-FOR-US: gotortc
 CVE-2024-29191 (gotortc is a camera streaming application. Versions 1.8.5 and prior ar ...)
-	TODO: check
+	NOT-FOR-US: gotortc
 CVE-2024-29182 (Collabora Online is a collaborative online office suite based on Libre ...)
-	TODO: check
+	NOT-FOR-US: Collabora Online
 CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...)
 	TODO: check
 CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...)
 	NOT-FOR-US: IBM
 CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...)
-	TODO: check
+	NOT-FOR-US: INOTEC
 CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is  ...)
 	NOT-FOR-US: IBM
 CVE-2024-25709 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25708 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25706 (There is an HTML injection vulnerability in Esri Portal for ArcGIS <=1 ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25705 (There is a cross site scripting vulnerability in the Esri Portal for A ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25704 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25703 (There is a reflected cross site scripting vulnerability in the home ap ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25700 (There is a stored Cross-site Scripting vulnerability in Esri Portal fo ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25699 (There is a difficult to exploit improper authentication issue in the H ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25698 (There is a reflected cross site scripting vulnerability in the home ap ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25697 (There is a Cross-site Scripting vulnerabilityin Portal for ArcGIS in v ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25696 (There is a Cross-site Scripting vulnerability in Portal for ArcGIS in  ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25695 (There is a Cross-site Scripting vulnerability in Portal for ArcGIS in  ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25693 (There is a path traversal in Esri Portal for ArcGIS versions <= 11.2.  ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25692 (There is a cross-site-request forgery vulnerability in Esri Portal for ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25690 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...)
-	TODO: check
+	NOT-FOR-US: Esri Portal
 CVE-2024-25007 (Ericsson Network Manager (ENM), versions prior to 23.1, contains a vul ...)
-	TODO: check
+	NOT-FOR-US: Ericsson Network Manager
 CVE-2024-22189 (quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...)
 	- golang-github-lucas-clemente-quic-go 0.38.2-1
 	[bookworm] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
@@ -169,21 +169,21 @@ CVE-2024-22189 (quic-go is an implementation of the QUIC protocol in Go. Prior t
 	NOTE: https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a (v0.42.0)
 	NOTE: https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management
 CVE-2024-22053 (A heap overflow vulnerability in IPSec component of Ivanti Connect Sec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-22052 (A null pointer dereference vulnerability in IPSec component of Ivanti  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-22023 (An XML entity expansion or XEE vulnerability in SAML component of Ivan ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-20800 (Adobe Experience Manager versions 6.5.19 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2023-3454 (Remote code execution (RCE) vulnerability in Brocade Fabric OS after v ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2023-36645 (SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote a ...)
-	TODO: check
+	NOT-FOR-US: ITB-GmbH TradePro
 CVE-2023-36644 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote atta ...)
-	TODO: check
+	NOT-FOR-US: ITB-GmbH TradePro
 CVE-2023-36643 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote atta ...)
-	TODO: check
+	NOT-FOR-US: ITB-GmbH TradePro
 CVE-2024-26809 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c2f14b154cff30d9e34624a436c22aa27b03991

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c2f14b154cff30d9e34624a436c22aa27b03991
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240405/e9cc1641/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list