[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 1 21:35:38 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91b6aebb by Salvatore Bonaccorso at 2024-07-01T22:35:08+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2024-6425 (Incorrect Provision of Specified Functionality vulnerability in MESboo ...)
-	TODO: check
+	NOT-FOR-US: MESbook
 CVE-2024-6424 (External server-side request vulnerability in MESbook 20221021.03 vers ...)
-	TODO: check
+	NOT-FOR-US: MESbook
 CVE-2024-6376 (MongoDB Compass may be susceptible to code injection due to insufficie ...)
-	TODO: check
+	NOT-FOR-US: MongoDB Compass
 CVE-2024-6375 (A command for refining a collection shard key is missing an authorizat ...)
 	- mongodb <removed>
 CVE-2024-6050 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: SOKRATES-software SOWA OPAC
 CVE-2024-4007 (Default credential in install package in ABB ASPECT; NEXUS Series; MAT ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2024-39879 (In JetBrains TeamCity before 2024.03.3 application token could be expo ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-39878 (In JetBrains TeamCity before 2024.03.3 private key could be exposed vi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-39853 (adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype p ...)
 	TODO: check
 CVE-2024-39430 (In faceid servive, there is a possible out of bounds write due to a mi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39429 (In faceid servive, there is a possible out of bounds write due to a mi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39428 (In trusty service, there is a possible out of bounds write due to a mi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39427 (In trusty service, there is a possible out of bounds write due to a mi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39303 (Weblate is a web based localization tool. Prior to version 5.6.2, Webl ...)
 	TODO: check
 CVE-2024-39251 (An issue in the component ControlCenter.sys/ControlCenter64.sys of Thu ...)
-	TODO: check
+	NOT-FOR-US: ThundeRobot Control Center
 CVE-2024-39249 (Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expressio ...)
-	TODO: check
+	NOT-FOR-US: async Node.js module
 CVE-2024-39236 (Gradio v4.36.1 was discovered to contain a code injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2024-39018 (harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a pr ...)
 	TODO: check
 CVE-2024-39017 (agreejs shared v0.0.1 was discovered to contain a prototype pollution  ...)
@@ -75,9 +75,9 @@ CVE-2024-38990 (Tada5hi sp-common v0.5.4 was discovered to contain a prototype p
 CVE-2024-38987 (aofl cli-lib v3.14.0 was discovered to contain a prototype pollution v ...)
 	TODO: check
 CVE-2024-38953 (phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: phpok
 CVE-2024-38513 (Fiber is an Express-inspired web framework written in Go A vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Fiber
 CVE-2024-37298 (gorilla/schema converts structs to and from form values. Prior to vers ...)
 	TODO: check
 CVE-2024-37146 (Flowise is a drag & drop user interface to build a customized large la ...)
@@ -85,85 +85,85 @@ CVE-2024-37146 (Flowise is a drag & drop user interface to build a customized la
 CVE-2024-37145 (Flowise is a drag & drop user interface to build a customized large la ...)
 	TODO: check
 CVE-2024-36997 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36996 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36995 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36994 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36993 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36992 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36991 (In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.1 ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36990 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36989 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36987 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36986 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36985 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-pr ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36984 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Window ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36983 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36982 (In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splun ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2024-36423 (Flowise is a drag & drop user interface to build a customized large la ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2024-36422 (Flowise is a drag & drop user interface to build a customized large la ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2024-36421 (Flowise is a drag & drop user interface to build a customized large la ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2024-36420 (Flowise is a drag & drop user interface to build a customized large la ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2024-36401 (GeoServer is an open source server that allows users to share and edit ...)
-	TODO: check
+	NOT-FOR-US: GeoServer
 CVE-2024-34696 (GeoServer is an open source server that allows users to share and edit ...)
-	TODO: check
+	NOT-FOR-US: GeoServer
 CVE-2024-24749 (GeoServer is an open source server that allows users to share and edit ...)
-	TODO: check
+	NOT-FOR-US: GeoServer
 CVE-2024-23380 (Memory corruption while handling user packets during VBO bind operatio ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23373 (Memory corruption when IOMMU unmap operation fails, the DMA and anon b ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23372 (Memory corruption while invoking IOCTL call for GPU memory allocation  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23368 (Memory corruption when allocating and accessing an entry in an SMEM pa ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21586 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Juniper Networks
 CVE-2024-21482 (Memory corruption during the secure boot process, when the `bootm` com ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21469 (Memory corruption when an invoke call and a TEE call are bound for the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21466 (Information disclosure while parsing sub-IE length during new IE gener ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21465 (Memory corruption while processing key blob passed by the user.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21462 (Transient DOS while loading the TA ELF file.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21461 (Memory corruption while performing finish HMAC operation when context  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21460 (Information disclosure when ASLR relocates the IMEM and Secure DDR por ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21458 (Information disclosure while handling SA query action frame.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21457 (INformation disclosure while handling Multi-link IE in beacon frame.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21456 (Information Disclosure while parsing beacon frame in STA.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-20399 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-0153 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
 	TODO: check
 CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-39573 (Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier ...)
 	- apache2 2.4.60-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39573



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91b6aebb07ab7a8f0ef464a8d1691a0caf50f6d7

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91b6aebb07ab7a8f0ef464a8d1691a0caf50f6d7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240701/dffcfe2a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list