[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6befb2d by Moritz Mühlenhoff at 2024-10-16T17:05:49+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116,24 +116,24 @@ CVE-2024-45216 (Improper Authentication vulnerability in Apache Solr.  Solr inst
 CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial of serv ...)
 	NOT-FOR-US: IBM
 CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service ...)
-	TODO: check
+	NOT-FOR-US: kmqtt
 CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decodi ...)
 	- libheif 1.18.1-1
 	NOTE: https://github.com/strukturag/libheif/issues/1226
 	NOTE: https://github.com/strukturag/libheif/pull/1227
 	NOTE: https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36 (v1.18.0)
 CVE-2024-38204 (Improper Access Control in Imagine Cup allows an authorized attacker t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38190 (Missing authorization in Power Platform allows an unauthenticated atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38139 (Improper authentication in Microsoft Dataverse allows an authorized at ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-31955 (An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB ...)
 	NOT-FOR-US: MicrosoftSamsung
 CVE-2024-10018 (Improper permission control in the mobile application (com.transsion.a ...)
-	TODO: check
+	NOT-FOR-US: com.transsion.aivoiceassistant
 CVE-2024-10004 (Opening an external link to an HTTP website when Firefox iOS was previ ...)
-	TODO: check
+	- firefox <not-affected> (Specific to iOS)
 CVE-2023-7296 (The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7295 (The Video Grid plugin for WordPress is vulnerable to Reflected Cross-S ...)
@@ -338,17 +338,17 @@ CVE-2024-47771 (Element Desktop is a Matrix client for desktop platforms. Elemen
 CVE-2024-47080 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...)
 	NOT-FOR-US: matrix-js-sdk
 CVE-2024-45276 (An unauthenticated remote attacker can get read access to files in the ...)
-	TODO: check
+	NOT-FOR-US: MB connect line GmbH
 CVE-2024-45275 (The devices contain two hard coded user accounts with hardcoded passwo ...)
-	TODO: check
+	NOT-FOR-US: MB connect line GmbH
 CVE-2024-45274 (An unauthenticated remote attacker can execute OS commands via UDP on  ...)
-	TODO: check
+	NOT-FOR-US: MB connect line GmbH
 CVE-2024-45273 (An unauthenticated local attacker can decrypt the devices config file  ...)
-	TODO: check
+	NOT-FOR-US: MB connect line GmbH
 CVE-2024-45272 (An unauthenticated remote attacker can perform a brute-force attack on ...)
-	TODO: check
+	NOT-FOR-US: MB connect line GmbH
 CVE-2024-45271 (An unauthenticated local attacker can gain admin privileges by deployi ...)
-	TODO: check
+	NOT-FOR-US: MB connect line GmbH
 CVE-2024-44337 (The package `github.com/gomarkdown/markdown` is a Go library for parsi ...)
 	TODO: check
 CVE-2024-41344 (A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6befb2d8931469f00c2c8a4ba91ef5707848db0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6befb2d8931469f00c2c8a4ba91ef5707848db0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/f3c464d0/attachment.htm>