[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 14 15:57:29 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ba032bd by Moritz Muehlenhoff at 2024-11-14T16:56:41+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -284,85 +284,85 @@ CVE-2024-50853 (Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command in
 CVE-2024-50852 (Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injectio ...)
 	NOT-FOR-US: Tenda
 CVE-2024-49506 (Insecure creation of temporary files allows local users on systems wit ...)
-	TODO: check
+	NOT-FOR-US: OpenSuSE
 CVE-2024-49505 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
 	NOT-FOR-US: openSUSE Tumbleweed MirrorCache
 CVE-2024-49504 (grub2 allowed attackers with access to the grub shell to access files  ...)
 	TODO: check
 CVE-2024-49379 (Umbrel is a home server OS for self-hosting. The login functionality o ...)
-	TODO: check
+	NOT-FOR-US: Umbrel
 CVE-2024-48989 (A vulnerability in the PROFINET stack implementation of the IndraDrive ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2024-48900 (A vulnerability was found in Moodle. Additional checks are required to ...)
 	- moodle <removed>
 CVE-2024-48510 (Directory Traversal vulnerability in DotNetZip v.1.16.0 and before all ...)
-	TODO: check
+	NOT-FOR-US: DotNetZip
 CVE-2024-47574 (A authentication bypass using an alternate path or channel in Fortinet ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-45594 (Decidim is a participatory democracy framework. The meeting embeds fea ...)
-	TODO: check
+	NOT-FOR-US: Decidim
 CVE-2024-43093 (In shouldHideDocument of ExternalStorageProvider.java, there is a poss ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43091 (In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bo ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43090 (In multiple locations, there is a possible cross-user image read due t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43089 (In updateInternal of MediaProvider.java , there is a possible access o ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43088 (In multiple functions in AppInfoBase.java, there is a possible way to  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43087 (In getInstalledAccessibilityPreferences of AccessibilitySettings.java, ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43086 (In validateAccountsInternal of AccountManagerService.java, there is a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43085 (In handleMessage of UsbDeviceManager.java, there is a possible method  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43084 (In visitUris of multiple files, there is a possible information disclo ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43083 (In validate of WifiConfigurationUtil.java , there is a possible persis ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43082 (In onActivityResult of EditUserPhotoController.java, there is a possib ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43081 (In installExistingPackageAsUser of InstallPackageHelper.java, there is ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-43080 (In onReceive of AppRestrictionsFragment.java, there is a possible esca ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-42834 (A stored cross-site scripting (XSS) vulnerability in the Create Custom ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40671 (In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible w ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40661 (In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, th ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40660 (In setTransactionState of SurfaceFlinger.cpp, there is a possible way  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40443 (SQL Injection vulnerability in Simple Laboratory Management System usi ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34747 (In DevmemXIntMapPages of devicemem_server.c, there is a possible use-a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34729 (In multiple locations, there is a possible arbitrary code execution du ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34719 (In multiple locations, there is a possible permissions bypass due to a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31337 (In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary cod ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-23715 (In PMRWritePMPageList of pmr.c, there is a possible out of bounds writ ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-11175 (A vulnerability was found in Public CMS 5.202406.d and classified as p ...)
-	TODO: check
+	NOT-FOR-US: Public CMS
 CVE-2024-11165 (An information disclosure vulnerability exists in the backup configura ...)
-	TODO: check
+	NOT-FOR-US: Yugabyte
 CVE-2024-11028 (The MultiManager WP \u2013 Manage All Your WordPress Sites Easily plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10013 (In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4. ...)
-	TODO: check
+	NOT-FOR-US: Telerik UI
 CVE-2024-10012 (In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111) ...)
-	TODO: check
+	NOT-FOR-US: Telerik UI
 CVE-2023-38920 (Cross Site Scripting vulnerability in Cyber Cafe Management System v.1 ...)
-	TODO: check
+	NOT-FOR-US: Cyber Cafe Management System
 CVE-2023-35686 (In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary cod ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-35659 (In DevmemIntChangeSparse of devicemem_server.c, there is a possible ar ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-11159 (Using remote content in OpenPGP encrypted messages can lead to the dis ...)
 	- thunderbird 1:128.4.3esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/#CVE-2024-11159



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba032bdd85e4c781d439ada7290301bff66a7c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba032bdd85e4c781d439ada7290301bff66a7c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241114/4d6809d1/attachment.htm>

More information about the debian-security-tracker-commits mailing list