[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 7 08:36:50 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a566d14 by Salvatore Bonaccorso at 2024-02-07T09:31:52+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2024-25140 (A default installation of RustDesk 1.2.3 on Windows places a WDKTestCe ...)
-	TODO: check
+	NOT-FOR-US: RustDesk
 CVE-2024-24943 (In JetBrains Toolbox App before 2.2 a DoS attack was possible via a ma ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Toolbox App
 CVE-2024-24942 (In JetBrains TeamCity before 2023.11.3 path traversal allowed reading  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-24941 (In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Spac ...)
 	TODO: check
 CVE-2024-24940 (In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible ...)
 	TODO: check
 CVE-2024-24939 (In JetBrains Rider before 2023.3.3 logging of environment variables co ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Rider
 CVE-2024-24938 (In JetBrains TeamCity before 2023.11.2 limited directory traversal was ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-24937 (In JetBrains TeamCity before 2023.11.2 stored XSS via agent distributi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-24936 (In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifa ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-24810 (WiX toolset lets developers create installers for Windows Installer, t ...)
-	TODO: check
+	NOT-FOR-US: WiX toolset
 CVE-2024-24594 (A cross-site scripting (XSS) vulnerability in all versions of the web  ...)
-	TODO: check
+	NOT-FOR-US: Allegro AI's ClearML platform
 CVE-2024-24593 (A cross-site request forgery (CSRF) vulnerability in all versions of t ...)
-	TODO: check
+	NOT-FOR-US: Allegro AI's ClearML platform
 CVE-2024-24592 (Lack of authentication in all versions of the fileserver component of  ...)
-	TODO: check
+	NOT-FOR-US: Allegro AI's ClearML platform
 CVE-2024-24591 (A path traversal vulnerability in version 1.4.0 or newer of Allegro AI ...)
-	TODO: check
+	NOT-FOR-US: Allegro AI's ClearML platform
 CVE-2024-24590 (Deserialization of untrusted data can occur in version 0.17.0 or newer ...)
-	TODO: check
+	NOT-FOR-US: Allegro AI's ClearML platform
 CVE-2024-24291 (An issue in the component /member/index/login of yzmcms v7.0 allows at ...)
-	TODO: check
+	NOT-FOR-US: yzmcms
 CVE-2024-24255 (A Race Condition discovered in geofence.cpp and mission_feasibility_ch ...)
-	TODO: check
+	NOT-FOR-US: PX4 Autopilot
 CVE-2024-24254 (PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mec ...)
-	TODO: check
+	NOT-FOR-US: PX4 Autopilot
 CVE-2024-24019 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
 	TODO: check
 CVE-2024-24015 (A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prio ...)
@@ -229,7 +229,7 @@ CVE-2024-24808 (pyLoad is an open-source Download Manager written in pure Python
 CVE-2024-24807 (Sulu is a highly extensible open-source PHP content management system  ...)
 	NOT-FOR-US: Sulu
 CVE-2024-24595 (Allegro AI\u2019s open-source version of ClearML stores passwords in p ...)
-	TODO: check
+	NOT-FOR-US: Allegro AI open-source version of ClearML
 CVE-2024-24574 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
 	NOT-FOR-US: phpMyFAQ
 CVE-2024-24559 (Vyper is a Pythonic Smart Contract Language for the EVM. There is an e ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a566d149ae2b9dfa5c519a0fbc8c1df6a4be648

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a566d149ae2b9dfa5c519a0fbc8c1df6a4be648
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240207/10c6c9bb/attachment.htm>

More information about the debian-security-tracker-commits mailing list