[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Sep 5 10:08:23 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
16f60cc8 by Moritz Muehlenhoff at 2024-09-05T11:07:50+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -585,7 +585,7 @@ CVE-2024-4629 (A vulnerability was found in Keycloak. This flaw allows attackers
CVE-2024-4259 (Improper Privilege Management vulnerability in SAMPA\u015e Holding AKO ...)
TODO: check
CVE-2024-45678 (Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM ...)
- TODO: check
+ NOT-FOR-US: YubiKeys
CVE-2024-45588 (This vulnerability exists in Symphony XTS Web Trading platform version ...)
NOT-FOR-US: Symphony XTS Web Trading platform
CVE-2024-45587 (This vulnerability exists in Symphony XTS Web Trading platform version ...)
@@ -595,11 +595,11 @@ CVE-2024-45586 (This vulnerability exists due to improper access controls on API
CVE-2024-45391 (Tina is an open-source content management system (CMS). Sites building ...)
NOT-FOR-US: Tina CMS
CVE-2024-45390 (@blakeembrey/template is a string template library. Prior to version 1 ...)
- TODO: check
+ NOT-FOR-US: @blakeembrey/template
CVE-2024-45389 (Pagefind, a fully static search library, initializes its dynamic JavaS ...)
TODO: check
CVE-2024-45307 (SudoBot, a Discord moderation bot, is vulnerable to privilege escalati ...)
- TODO: check
+ NOT-FOR-US: SudoBot
CVE-2024-45180 (SquaredUp DS for SCOM 6.2.1.11104 allows XSS.)
NOT-FOR-US: SquaredUp DS for SCOM
CVE-2024-44921 (SeaCMS v12.9 was discovered to contain a SQL injection vulnerability v ...)
@@ -607,7 +607,7 @@ CVE-2024-44921 (SeaCMS v12.9 was discovered to contain a SQL injection vulnerabi
CVE-2024-44920 (A cross-site scripting (XSS) vulnerability in the component admin_coll ...)
NOT-FOR-US: SeaCMS
CVE-2024-43803 (The Bare Metal Operator (BMO) implements a Kubernetes API for managing ...)
- TODO: check
+ NOT-FOR-US: baremetal-operator
CVE-2024-43413 (Xibo is an open source digital signage platform with a web content man ...)
NOT-FOR-US: Xibo
CVE-2024-43412 (Xibo is an open source digital signage platform with a web content man ...)
@@ -629,15 +629,15 @@ CVE-2024-41436 (ClickHouse v24.3.3.102 was discovered to contain a buffer overfl
CVE-2024-41435 (YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via t ...)
NOT-FOR-US: YugabyteDB
CVE-2024-3655 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2024-38811 (VMware Fusion (13.x before 13.6) contains a code-execution vulnerabili ...)
NOT-FOR-US: VMware
CVE-2024-38456 (HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Wi ...)
- TODO: check
+ NOT-FOR-US: HIGH-LEIT
CVE-2024-34463 (BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensit ...)
- TODO: check
+ NOT-FOR-US: BPL Personal Weighing Scale
CVE-2023-49233 (Insufficient access checks in Visual Planning Admin Center 8 before v. ...)
- TODO: check
+ NOT-FOR-US: Visual Planning Admin Center
CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython. Regul ...)
- python3.13 <unfixed>
- python3.12 <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16f60cc8535858054bfa4a9d2037f341292aeb07
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16f60cc8535858054bfa4a9d2037f341292aeb07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240905/4789f4cd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list