[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jul 29 22:28:27 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
efee28ae by Moritz Muehlenhoff at 2024-07-29T23:15:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44,7 +44,7 @@ CVE-2024-41881 (SDoP versions prior to 1.11 fails to handle appropriately some p
 CVE-2024-41819 (Note Mark is a web-based Markdown notes app. A stored cross-site scrip ...)
 	NOT-FOR-US: Note Mark
 CVE-2024-41818 (fast-xml-parser is an open source, pure javascript xml parser. a ReDOS ...)
-	TODO: check
+	NOT-FOR-US: fast-xml-parser
 CVE-2024-41817 (ImageMagick is a free and open-source software suite, used for editing ...)
 	- imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8
@@ -89,13 +89,13 @@ CVE-2024-37857 (SQL Injection vulnerability in Lost and Found Information System
 CVE-2024-37856 (Cross Site Scripting vulnerability in Lost and Found Information Syste ...)
 	NOT-FOR-US: Lost and Found Information System
 CVE-2024-33365 (Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-28806 (An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote u ...)
-	TODO: check
+	NOT-FOR-US: Italtel i-MCS NFV
 CVE-2024-28805 (An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is ...)
-	TODO: check
+	NOT-FOR-US: Italtel i-MCS NFV
 CVE-2024-28804 (An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored C ...)
-	TODO: check
+	NOT-FOR-US: Italtel i-MCS NFV
 CVE-2024-42098 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.9.8-1
 	[bookworm] - linux 6.1.98-1
@@ -619,7 +619,7 @@ CVE-2024-41637 (RaspAP before 3.1.5 allows an attacker to escalate privileges: t
 CVE-2024-37381 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-32671 (Heap-based Buffer Overflow vulnerability in Samsung Open Source Escarg ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-41019 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.9.12-1
 	NOTE: https://git.kernel.org/linus/50c47879650b4c97836a0086632b3a2e300b0f06 (6.11-rc1)
@@ -1952,7 +1952,7 @@ CVE-2024-39963 (AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3
 CVE-2024-39962 (D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 w ...)
 	NOT-FOR-US: D-Link
 CVE-2024-39906 (A command injection vulnerability was found in the IndieAuth functiona ...)
-	TODO: check
+	NOT-FOR-US: Haven
 CVE-2024-39457 (Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerabi ...)
 	NOT-FOR-US: Cybozu
 CVE-2024-39123 (In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments functi ...)
@@ -2003,7 +2003,7 @@ CVE-2024-40724 (Heap-based buffer overflow vulnerability in Assimp versions prio
 	[bullseye] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/commit/ddb74c2bbdee1565dda667e85f0c82a0588c8053 (v5.4.2)
 CVE-2024-40642 (The netty incubator codec.bhttp is a java language binary http parser. ...)
-	TODO: check
+	NOT-FOR-US: codec.bhttp
 CVE-2024-38156 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-35199 (TorchServe is a flexible and easy-to-use tool for serving and scaling  ...)
@@ -2013,9 +2013,9 @@ CVE-2024-35198 (TorchServe is a flexible and easy-to-use tool for serving and sc
 CVE-2024-30130 (HCL Nomad server on Domino is vulnerable to the cache containing sensi ...)
 	NOT-FOR-US: HCL
 CVE-2024-21583 (Versions of the package github.com/gitpod-io/gitpod/components/server/ ...)
-	TODO: check
+	NOT-FOR-US: gitpod
 CVE-2024-21527 (Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenber ...)
-	TODO: check
+	NOT-FOR-US: gotenberg
 CVE-2023-7269 (The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7268 (The ArtPlacer Widget WordPress plugin before 2.21.2 does not have auth ...)
@@ -6172,7 +6172,7 @@ CVE-2024-38453 (The Avalara for Salesforce CPQ app before 7.0 for Salesforce all
 CVE-2024-37082 (When deploying Cloud Foundry together with the haproxy-boshrelease and ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung Open Sourc ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-2376 (The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF chec ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2375 (The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and e ...)
@@ -6695,7 +6695,7 @@ CVE-2024-21456 (Information Disclosure while parsing beacon frame in STA.)
 CVE-2024-20399 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
 	NOT-FOR-US: Cisco
 CVE-2024-0153 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
 	NOT-FOR-US: Qualcomm
 CVE-2024-40898 (SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efee28aed27cb5919d996daabd47400a7e28f8ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efee28aed27cb5919d996daabd47400a7e28f8ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240729/2f2f886a/attachment.htm>

More information about the debian-security-tracker-commits mailing list