[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 3 17:03:12 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2eefd8e9 by Moritz Muehlenhoff at 2024-06-03T18:02:41+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
-	TODO: check
+	NOT-FOR-US: Netentsec
 CVE-2024-5589 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
-	TODO: check
+	NOT-FOR-US: Netentsec
 CVE-2024-5311 (DigiWin EasyFlow .NET lacks validation for certain input parameters. A ...)
-	TODO: check
+	NOT-FOR-US: DigiWin EasyFlow .NET
 CVE-2024-37031 (The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on  ...)
-	TODO: check
+	NOT-FOR-US: Active Admin (aka activeadmin) framework
 CVE-2024-36964 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.8.11-1
 	[bullseye] - linux 5.10.218-1
@@ -32,47 +32,47 @@ CVE-2024-36960 (In the Linux kernel, the following vulnerability has been resolv
 	[bullseye] - linux 5.10.218-1
 	NOTE: https://git.kernel.org/linus/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c (6.9-rc7)
 CVE-2024-36042 (Silverpeas before 6.3.5 allows authentication bypass by omitting the P ...)
-	TODO: check
+	NOT-FOR-US: Silverpeas
 CVE-2024-35643 (Cross Site Scripting (XSS) vulnerability in Xabier Miranda WP Back But ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35642 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35641 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35640 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31493 (An improper removal of sensitive information before storage or transfe ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-23107 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-20075 (In eemgpu, there is a possible out of bounds write due to a missing bo ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20074 (In dmc, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20073 (In wlan service, there is a possible out of bounds write due to improp ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20072 (In wlan driver, there is a possible out of bounds write due to imprope ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20071 (In wlan driver, there is a possible out of bounds read due to improper ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20070 (In modem, there is a possible information disclosure due to using risk ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20069 (In modem, there is a possible selection of less-secure algorithm durin ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20068 (In modem, there is a possible system crash due to improper input valid ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20067 (In modem, there is a possible out of bounds write due to improper inpu ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20066 (In modem, there is a possible out of bounds write due to an incorrect  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20065 (In telephony, there is a possible information disclosure due to a miss ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-51436 (Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX ver ...)
-	TODO: check
+	NOT-FOR-US: UNIVERSAL PASSPORT RX
 CVE-2023-48789 (A client-side enforcement of server-side security in Fortinet FortiPor ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-42427 (Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX ver ...)
-	TODO: check
+	NOT-FOR-US: UNIVERSAL PASSPORT RX
 CVE-2024-5588 (A vulnerability was found in itsourcecode Learning Management System 1 ...)
 	NOT-FOR-US: itsourcecode Learning Management System
 CVE-2024-5587 (A vulnerability was found in Casdoor up to 1.335.0. It has been classi ...)
@@ -205,7 +205,7 @@ CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain a heap overflow via t
 CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation techniqu ...)
 	TODO: check
 CVE-2024-36108 (casgate is an Open Source Identity and Access Management system. In af ...)
-	TODO: check
+	NOT-FOR-US: casgate
 CVE-2024-35196 (Sentry is a developer-first error tracking and performance monitoring  ...)
 	NOT-FOR-US: Sentry
 CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a  ...)
@@ -307,7 +307,7 @@ CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-re
 CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and Unifier Cast ...)
 	NOT-FOR-US: Unifier and Unifier Cast
 CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building website ...)
-	TODO: check
+	NOT-FOR-US: Statamic
 CVE-2024-32850 (Improper neutralization of special elements used in a command ('Comman ...)
 	NOT-FOR-US: SkyBridge
 CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...)
@@ -976,7 +976,7 @@ CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Service ( ...)
 	TODO: check
 CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...)
-	TODO: check
+	NOT-FOR-US: Cesenta Mongoose
 CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow ...)
 	- sngrep <unfixed> (unimportant)
 	NOTE: https://github.com/inputzero/Security-Advisories/blob/main/CVE-XXXX-XXXX.md
@@ -986,7 +986,7 @@ CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer ov
 CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset_decl  ...)
 	TODO: check
 CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...)
-	TODO: check
+	NOT-FOR-US: Yubico YubiKey
 CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
 	NOT-FOR-US: Mitel
 CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact Center Busi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eefd8e9fdf6be3768a86e5febfc7fcff60a97d9

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eefd8e9fdf6be3768a86e5febfc7fcff60a97d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240603/f17c60a6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list