[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Oct 10 14:21:00 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82d80971 by Moritz Muehlenhoff at 2024-10-10T15:20:43+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -216,7 +216,7 @@ CVE-2024-47816 (ImportDump is a mediawiki extension designed to automate user im
 CVE-2024-47815 (IncidentReporting is a MediaWiki extension for moving incident reports ...)
 	NOT-FOR-US: IncidentReporting MediaWiki extension
 CVE-2024-47813 (Wasmtime is an open source runtime for WebAssembly. Under certain conc ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2024-47812 (ImportDump is an extension for mediawiki designed to automate user imp ...)
 	NOT-FOR-US: ImportDump MediaWiki extension
 CVE-2024-47780 (TYPO3 is a free and open source Content Management Framework. Backend  ...)
@@ -224,7 +224,7 @@ CVE-2024-47780 (TYPO3 is a free and open source Content Management Framework. Ba
 CVE-2024-47773 (Discourse is an open source platform for community discussion. An atta ...)
 	NOT-FOR-US: Discourse
 CVE-2024-47763 (Wasmtime is an open source runtime for WebAssembly. Wasmtime's impleme ...)
-	TODO: check
+	NOT-FOR-US: wasmtime
 CVE-2024-47673 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	TODO: check
 CVE-2024-47672 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
@@ -612,19 +612,19 @@ CVE-2024-43453 (Windows Routing and Remote Access Service (RRAS) Remote Code Exe
 CVE-2024-42988 (Lack of access control in ChallengeSolves (/api/v1/challenges/<challen ...)
 	NOT-FOR-US: ChallengeSolves
 CVE-2024-41981 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-41902 (A vulnerability has been identified in JT2Go (All versions < V2406.000 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-41798 (A vulnerability has been identified in SENTRON 7KM PAC3200 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-3656 (A flaw was found in Keycloak. Certain endpoints in Keycloak's admin RE ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2024-3506 (A possible buffer overflow in selected cameras' drivers from XProtect  ...)
-	TODO: check
+	NOT-FOR-US: XProtect Device Pack
 CVE-2024-3057 (A flaw exists whereby a user can make a specific call to a FlashArray  ...)
-	TODO: check
+	NOT-FOR-US: FlashArray
 CVE-2024-39586 (Dell AppSync Server, version 4.3 through 4.6, contains an XML External ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-39525 (AnImproper Handling of Exceptional Conditions vulnerability in the rou ...)
 	TODO: check
 CVE-2024-39516 (An Out-of-Bounds Read vulnerability in  the routing protocol daemon (r ...)
@@ -632,85 +632,85 @@ CVE-2024-39516 (An Out-of-Bounds Read vulnerability in  the routing protocol dae
 CVE-2024-39515 (An Improper Validation of Consistency within Input vulnerability in th ...)
 	TODO: check
 CVE-2024-39440 (In DRM service, there is a possible system crash due to null pointer d ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39439 (In DRM service, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39438 (In linkturbonative service, there is a possible command injection due  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39437 (In linkturbonative service, there is a possible command injection due  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39436 (In linkturbonative service, there is a possible command injection due  ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-38818 (VMware NSX contains a local privilege escalation vulnerability.  An au ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-38817 (VMware NSX contains a command injection vulnerability.  A malicious ac ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-38815 (VMware NSX contains a content spoofing vulnerability.  An unauthentica ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-38265 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38262 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38261 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38229 (.NET and Visual Studio Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38212 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38179 (Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38149 (BranchCache Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38129 (Windows Kerberos Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38124 (Windows Netlogon Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38097 (Azure Monitor Agent Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38029 (Microsoft OpenSSH for Windows Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-37983 (Windows Resume Extensible Firmware Interface Security Feature Bypass V ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-37982 (Windows Resume Extensible Firmware Interface Security Feature Bypass V ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-37979 (Windows Kernel Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-37976 (Windows Resume Extensible Firmware Interface Security Feature Bypass V ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-36814 (An arbitrary file read vulnerability in Adguard Home before v0.107.52  ...)
-	TODO: check
+	NOT-FOR-US: Adguard Home
 CVE-2024-35288 (Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local ...)
-	TODO: check
+	NOT-FOR-US: Nitro PDF Pro
 CVE-2024-35215 (NULL pointer dereference in IP socket options processing of the Networ ...)
-	TODO: check
+	NOT-FOR-US: QNX
 CVE-2024-33506 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-30118 (HCL Connections is vulnerable to an information disclosure vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-30092 (Windows Hyper-V Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-27457 (Improper check for unusual or exceptional conditions in Intel(R) TDX M ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-25885 (An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 all ...)
 	TODO: check
 CVE-2024-25825 (FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 1 ...)
-	TODO: check
+	NOT-FOR-US: FydeOS
 CVE-2024-25286 (3DSecure 2.0 allows CSRF in the Authorization Method via modified Orig ...)
-	TODO: check
+	NOT-FOR-US: 3DSecure
 CVE-2024-25285 (3DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeD ...)
-	TODO: check
+	NOT-FOR-US: 3DSecure
 CVE-2024-25284 (3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via  ...)
-	TODO: check
+	NOT-FOR-US: 3DSecure
 CVE-2024-25283 (3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge v ...)
-	TODO: check
+	NOT-FOR-US: 3DSecure
 CVE-2024-25282 (3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified ...)
-	TODO: check
+	NOT-FOR-US: 3DSecure
 CVE-2024-20787 (Substance3D - Painter versions 10.0.1 and earlier are affected by an o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-20659 (Windows Hyper-V Security Feature Bypass Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-52952 (A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-28168 (Improper Restriction of XML External Entity Reference ('XXE') vulnerab ...)
 	- fop <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2024/10/09/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82d80971b6c4a32b5b5442ed919ac98f74dc3271

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82d80971b6c4a32b5b5442ed919ac98f74dc3271
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241010/9116b19a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list