[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 12 17:40:02 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f27cc17a by Moritz Muehlenhoff at 2024-06-12T18:39:08+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -133,7 +133,7 @@ CVE-2024-5830 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allo
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-5851 (A vulnerability classified as problematic has been found in playSMS up ...)
-	TODO: check
+	NOT-FOR-US: playSMS
 CVE-2024-5829 (A vulnerability classified as problematic was found in smallweigit Avu ...)
 	NOT-FOR-US: smallweigit Avue
 CVE-2024-5825
@@ -159,17 +159,17 @@ CVE-2024-4190 (Stored Cross-Site Scripting (XSS) vulnerabilities have been ident
 CVE-2024-4155
 	REJECTED
 CVE-2024-37325 (Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Azure
 CVE-2024-37301 (Document Merge Service is a document template merge service providing  ...)
-	TODO: check
+	NOT-FOR-US: Document Merge Service
 CVE-2024-37296 (The Aimeos HTML client provides Aimeos HTML components for e-commerce  ...)
-	TODO: check
+	NOT-FOR-US: Aimeos
 CVE-2024-37295 (Aimeos is an Open Source e-commerce framework for online shops. Starti ...)
-	TODO: check
+	NOT-FOR-US: Aimeos
 CVE-2024-37294 (Aimeos is an Open Source e-commerce framework for online shops. All Sa ...)
-	TODO: check
+	NOT-FOR-US: Aimeos
 CVE-2024-37293 (The AWS Deployment Framework (ADF) is a framework to manage and deploy ...)
-	TODO: check
+	NOT-FOR-US: AWS Deployment Framework
 CVE-2024-37161 (MeterSphere is an open source continuous testing platform. Prior to ve ...)
 	NOT-FOR-US: MeterSphere
 CVE-2024-36821 (Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 a ...)
@@ -221,7 +221,7 @@ CVE-2024-35249 (Microsoft Dynamics 365 Business Central Remote Code Execution Vu
 CVE-2024-35248 (Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnera ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-35213 (An improper input validation vulnerability in the SGI Image Codec of Q ...)
-	TODO: check
+	NOT-FOR-US: QNX
 CVE-2024-35212 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
 	NOT-FOR-US: Siemens
 CVE-2024-35211 (A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822 ...)
@@ -530,7 +530,7 @@ CVE-2024-37169 (@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions
 CVE-2024-37168 (@grpc/grps-js implements the core functionality of gRPC purely in Java ...)
 	NOT-FOR-US: @grpc/grps-js
 CVE-2024-37166 (ghtml is software that uses tagged templates for template engine funct ...)
-	TODO: check
+	NOT-FOR-US: ghtml
 CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...)
 	NOT-FOR-US: Dell
 CVE-2024-36473 (Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerabl ...)
@@ -1374,17 +1374,17 @@ CVE-2024-3380
 CVE-2024-3133
 	REJECTED
 CVE-2024-37388 (An XML External Entity (XXE) vulnerability in the ebookmeta.get_metada ...)
-	TODO: check
+	NOT-FOR-US: ebookmeta
 CVE-2024-37163 (SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resou ...)
 	NOT-FOR-US: SkyScrape
 CVE-2024-37162 (zsa is a library for building typesafe server actions in Next.js. All  ...)
-	TODO: check
+	NOT-FOR-US: zsa
 CVE-2024-37160 (Formwork is a flat file-based Content Management System (CMS). An atta ...)
 	NOT-FOR-US: Formwork CMS
 CVE-2024-36827 (An XML External Entity (XXE) vulnerability in the ebookmeta.get_metada ...)
-	TODO: check
+	NOT-FOR-US: ebookmeta
 CVE-2024-36811 (An arbitrary file upload vulnerability in the image upload function of ...)
-	TODO: check
+	NOT-FOR-US: Aimeos
 CVE-2024-36792 (An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/ ...)
 	NOT-FOR-US: Netgear
 CVE-2024-36790 (Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store  ...)
@@ -158027,7 +158027,7 @@ CVE-2022-32899 (The issue was addressed with improved memory handling. This issu
 CVE-2022-32898 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2022-32897 (A memory corruption issue was addressed with improved validation. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2022-32896 (This issue was addressed by enabling hardened runtime. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2022-32895 (A race condition was addressed with improved state handling. This issu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f27cc17a08a7a2485b476cb2fce60c7633a57735

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f27cc17a08a7a2485b476cb2fce60c7633a57735
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240612/124e6a6c/attachment.htm>


More information about the debian-security-tracker-commits mailing list