[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Wed Jul 31 21:54:07 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e449d7ed by Salvatore Bonaccorso at 2024-07-31T22:53:27+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,11 +45,11 @@ CVE-2024-41952 (Zitadel is an open source identity management system. ZITADEL ad
 CVE-2024-41951 (Pheonix App is a Python application designed to streamline various tas ...)
 	NOT-FOR-US: Pheonix App
 CVE-2024-41950 (Haystack is an end-to-end LLM framework that allows you to build appli ...)
-	TODO: check
+	NOT-FOR-US: deepset-ai/haystack
 CVE-2024-41947 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2024-41660 (slpd-lite is a unicast SLP UDP server. Any OpenBMC system that include ...)
-	TODO: check
+	NOT-FOR-US: slpd-lite
 CVE-2024-41630 (Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN ...)
 	NOT-FOR-US: Tenda
 CVE-2024-41108 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
@@ -57,9 +57,9 @@ CVE-2024-41108 (FOG is a free open-source cloning/imaging/rescue suite/inventory
 CVE-2024-40645 (FOG is a cloning/imaging/rescue suite/inventory management system. An  ...)
 	NOT-FOR-US: FOG
 CVE-2024-3083 (A \u201cCWE-352: Cross-Site Request Forgery (CSRF)\u201d can be exploi ...)
-	TODO: check
+	NOT-FOR-US: Sensor Net Connect V2
 CVE-2024-3082 (A \u201cCWE-256: Plaintext Storage of a Password\u201d affecting the a ...)
-	TODO: check
+	NOT-FOR-US: Sensor Net Connect V2
 CVE-2024-39694 (Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ...)
 	NOT-FOR-US: Duende IdentityServer
 CVE-2024-39379 (Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an ...)
@@ -89,9 +89,9 @@ CVE-2024-31202 (A \u201cCWE-732: Incorrect Permission Assignment for Critical Re
 CVE-2024-31201 (A \u201cCWE-428: Unquoted Search Path or Element\u201d affects the The ...)
 	NOT-FOR-US: ThermoscanIP
 CVE-2024-31200 (A \u201cCWE-201: Insertion of Sensitive Information Into Sent Data\u20 ...)
-	TODO: check
+	NOT-FOR-US: Sensor Net Connect V2
 CVE-2024-31199 (A \u201cCWE-79: Improper Neutralization of Input During Web Page Gener ...)
-	TODO: check
+	NOT-FOR-US: Sensor Net Connect V2
 CVE-2024-2508 (The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-23444 (It was discovered by Elastic engineering that when elasticsearch-certu ...)
@@ -177,7 +177,7 @@ CVE-2024-39945 (A vulnerability has been found in Dahua products.After obtaining
 CVE-2024-39944 (A vulnerability has been found in Dahua products.Attackers can send ca ...)
 	NOT-FOR-US: Dahua
 CVE-2024-38983 (Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an att ...)
-	TODO: check
+	NOT-FOR-US: alykoshin mini-deep-assign
 CVE-2024-37281 (An issue was discovered in Kibana where a user with Viewer role could  ...)
 	- kibana <itp> (bug #700337)
 CVE-2024-7264 (libcurl's ASN1 parser code has the `GTime2str()` function, used for pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e449d7ed77e9e5e36f6596678d131aab5b1c39b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e449d7ed77e9e5e36f6596678d131aab5b1c39b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240731/edd5280e/attachment-0001.htm>
