[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 25 22:49:48 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45889a64 by Moritz Muehlenhoff at 2024-06-25T23:49:09+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,69 +46,69 @@ CVE-2024-5261 (Improper Certificate Validation vulnerability in LibreOffice "Lib
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261/
 	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=fa4ceeb487f89671efc8bf533192bf237c35b51e
 CVE-2024-5216 (A vulnerability in mintplex-labs/anything-llm allows for a Denial of S ...)
-	TODO: check
+	NOT-FOR-US: anything-llm
 CVE-2024-5011 (In WhatsUp Gold versions released before 2023.1.3, an uncontrolled res ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2024-5010 (In WhatsUp Gold versions released before 2023.1.3, a vulnerability exi ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2024-5009 (In WhatsUp Gold versions released before 2023.1.3,an Improper Access C ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2024-5008 (In WhatsUp Gold versions released before 2023.1.3,   an authenticated  ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2024-4885 (In WhatsUp Gold versions released before 2023.1.3,an unauthenticated R ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2024-4884 (In WhatsUp Gold versions released before 2023.1.3,an unauthenticated R ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2024-4883 (In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execu ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2024-4846 (Authentication bypass in the 2FA feature in Devolutions Server 2024.1. ...)
-	TODO: check
+	NOT-FOR-US: Devolutions Server
 CVE-2024-4641 (OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been  ...)
-	TODO: check
+	NOT-FOR-US: OnCell G3470A-LTE
 CVE-2024-4640 (OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been  ...)
-	TODO: check
+	NOT-FOR-US: OnCell G3470A-LTE
 CVE-2024-4639 (OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been  ...)
-	TODO: check
+	NOT-FOR-US: OnCell G3470A-LTE
 CVE-2024-4638 (OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been  ...)
-	TODO: check
+	NOT-FOR-US: OnCell G3470A-LTE
 CVE-2024-4498 (A Path Traversal and Remote File Inclusion (RFI) vulnerability exists  ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-38952 (PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via  ...)
-	TODO: check
+	NOT-FOR-US: PX4-Autopilot
 CVE-2024-38951 (A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: PX4-Autopilot
 CVE-2024-37894 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and  ...)
 	TODO: check
 CVE-2024-37820 (A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b al ...)
-	TODO: check
+	NOT-FOR-US: PingCAP TiDB
 CVE-2024-37167 (Tuleap is an Open Source Suite to improve management of software devel ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2024-37087 (The vCenter Server contains a denial-of-service vulnerability.A malici ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-37086 (VMware ESXi contains an out-of-bounds read vulnerability.A  malicious  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-37085 (VMware ESXi contains an authentication bypass vulnerability.A maliciou ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-36819 (MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). ...)
 	TODO: check
 CVE-2024-34142 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34141 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-32111 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	TODO: check
 CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2024-28832 (Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7 ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2024-28831 (Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3 ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2024-21827 (A leftover debug code vulnerability exists in the cli_server debug fun ...)
 	TODO: check
 CVE-2024-0171 (Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-37541 (HCL Connections contains a broken access control vulnerability that ma ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-39471 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.94-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45889a645cdf9a0b314f3b930adeea304032aee0

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45889a645cdf9a0b314f3b930adeea304032aee0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240625/325aa4ed/attachment.htm>

More information about the debian-security-tracker-commits mailing list