[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6412586a by Moritz Muehlenhoff at 2024-02-26T11:40:51+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...)
 	TODO: check
 CVE-2024-27455 (In the Bentley ALIM Web application, certain configuration settings ca ...)
-	TODO: check
+	NOT-FOR-US: Bentley
 CVE-2024-27454 (orjson.loads in orjson before 3.9.15 does not limit recursion for deep ...)
-	TODO: check
+	- python-orjson <itp> (bug #1002996)
 CVE-2024-27447 (pretix before 2024.1.1 mishandles file validation.)
-	TODO: check
+	NOT-FOR-US: pretix
 CVE-2024-27444 (langchain_experimental (aka LangChain Experimental) in LangChain befor ...)
-	TODO: check
+	NOT-FOR-US: langchain_experimental
 CVE-2024-1886 (This vulnerability allows remote attackers to traverse the directory o ...)
-	TODO: check
+	NOT-FOR-US: LG Electronics
 CVE-2024-1885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: LG Electronics
 CVE-2024-1878 (A vulnerability was found in SourceCodester Employee Management System ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2024-1877 (A vulnerability was found in SourceCodester Employee Management System ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2024-1876 (A vulnerability was found in SourceCodester Employee Management System ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2024-1875 (A vulnerability was found in SourceCodester Complaint Management Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2024-1735 (A vulnerability has been identified in armeria-saml versions less than ...)
-	TODO: check
+	NOT-FOR-US: armeria-saml
 CVE-2024-0798 (A user with a `default` role given to them by the admin can sent `DELE ...)
-	TODO: check
+	NOT-FOR-US: mintplex-labs/anything-llm
 CVE-2024-0455 (The inclusion of the web scraper for AnythingLLM means that any user w ...)
-	TODO: check
+	NOT-FOR-US: mintplex-labs/anything-llm
 CVE-2024-0440 (Attacker, with permission to submit a link or submits a link via POST  ...)
-	TODO: check
+	NOT-FOR-US: mintplex-labs/anything-llm
 CVE-2024-0439 (As a manager, you should not be able to modify a series of settings. I ...)
-	TODO: check
+	NOT-FOR-US: mintplex-labs/anything-llm
 CVE-2024-0436 (Theoretically, it would be possible for an attacker to brute-force the ...)
-	TODO: check
+	NOT-FOR-US: mintplex-labs/anything-llm
 CVE-2024-0435 (User can send a chat that contains an XSS opportunity that will then r ...)
-	TODO: check
+	NOT-FOR-US: mintplex-labs/anything-llm
 CVE-2022-48626 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 5.16.10-1
 	[buster] - linux 4.19.232-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6412586a434839acfec2825a1ee7b18419407952

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6412586a434839acfec2825a1ee7b18419407952
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240226/65b35bab/attachment.htm>