[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Sep 12 08:56:31 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e66dada by Moritz Muehlenhoff at 2024-09-12T09:56:14+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,9 +15,9 @@ CVE-2024-8687 (An information exposure vulnerability exists in Palo Alto Network
 CVE-2024-8686 (A command injection vulnerability in Palo Alto Networks PAN-OS softwar ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2024-8646 (In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulne ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Glassfish
 CVE-2024-8642 (In Eclipse Dataspace Components, from version 0.5.0 and before version ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Dataspace Components
 CVE-2024-8306 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2024-8277 (The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerab ...)
@@ -73,39 +73,39 @@ CVE-2024-44466 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in
 CVE-2024-43793 (Halo is an open source website building tool. A security vulnerability ...)
 	NOT-FOR-US: Halo
 CVE-2024-42760 (SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote at ...)
-	TODO: check
+	NOT-FOR-US: Ellevo
 CVE-2024-41868 (Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-39378 (Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-27115 (A unauthenticated Remote Code Execution (RCE) vulnerability is found i ...)
-	TODO: check
+	NOT-FOR-US: Simple Online Planning
 CVE-2024-27114 (A unauthenticated Remote Code Execution (RCE) vulnerability is found i ...)
-	TODO: check
+	NOT-FOR-US: Simple Online Planning
 CVE-2024-27113 (An unauthenticated Insecure Direct Object Reference (IDOR) to the data ...)
-	TODO: check
+	NOT-FOR-US: Simple Online Planning
 CVE-2024-27112 (A unauthenticated SQL Injection has been found in the SO Planning tool ...)
-	TODO: check
+	NOT-FOR-US: Simple Online Planning
 CVE-2024-20489 (A vulnerability in the storage method of the PON Controller configurat ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20483 (Multiple vulnerabilities in Cisco Routed PON Controller Software, whic ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20406 (A vulnerability in the segment routing feature for the Intermediate Sy ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20398 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20390 (A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Sof ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20381 (A vulnerability in the JSON-RPC API feature in ConfD that is used by t ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20343 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20317 (A vulnerability in the handling of specific Ethernet frames by Cisco I ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20304 (A vulnerability in the multicast traceroute version 2 (Mtrace2) featur ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-25212 (The video carousel slider with lightbox plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-46672 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -273,7 +273,7 @@ CVE-2024-23906 (Improper Neutralization of Input During Web Page Generation (CWE
 CVE-2024-23716 (In DevmemIntPFNotify of devicemem_server.c, there is a possible use-af ...)
 	TODO: check
 CVE-2024-21529 (Versions of the package dset before 3.1.4 are vulnerable to Prototype  ...)
-	TODO: check
+	NOT-FOR-US: Node dset
 CVE-2024-1656 (Affected versions of Octopus Server had a weak content security policy ...)
 	NOT-FOR-US: Octopus Server
 CVE-2024-8096 (When curl is told to use the Certificate Status Request TLS extension, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e66dada338f0d9c54e0528b2a6be933ef41cd14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e66dada338f0d9c54e0528b2a6be933ef41cd14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240912/5458e274/attachment.htm>

More information about the debian-security-tracker-commits mailing list