[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 13 08:51:14 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f06d8050 by Moritz Muehlenhoff at 2024-09-13T09:50:55+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -134,9 +134,9 @@ CVE-2024-8706 (A vulnerability was found in JFinalCMS up to 20240903. It has bee
CVE-2024-8705 (A vulnerability was found in Shandong Star Measurement and Control Equ ...)
NOT-FOR-US: Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System
CVE-2024-8696 (A remote code execution (RCE) vulnerability via crafted extension publ ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2024-8695 (A remote code execution (RCE) vulnerability via crafted extension desc ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2024-8694 (A vulnerability, which was classified as problematic, was found in JFi ...)
NOT-FOR-US: JFinalCMS
CVE-2024-8641 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -226,27 +226,27 @@ CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions st
CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0 or newer ...)
NOT-FOR-US: Cleanlab project
CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all versions of t ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45855 (Deserialization of untrusted data can occur in versions 23.10.2.0 and ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45854 (Deserialization of untrusted data can occur in versions 23.10.3.0 and ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45853 (Deserialization of untrusted data can occur in versions 23.10.2.0 and ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45852 (Deserialization of untrusted data can occur in versions 23.3.2.0 and n ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45851 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45850 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45849 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45848 (An arbitrary code execution vulnerability exists in versions 23.12.4.0 ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45847 (An arbitrary code execution vulnerability exists in versions 23.11.4.2 ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45846 (An arbitrary code execution vulnerability exists in versions 23.10.3.0 ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2024-45826 (CVE-2024-45826 IMPACT Due to improper input validation, a path travers ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-45825 (CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the ...)
@@ -259,7 +259,7 @@ CVE-2024-45624 (Exposure of sensitive information due to incompatible policies i
- pgpool2 <unfixed>
NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.5.4.2C_4.4.9.2C_4.3.12.2C_4.2.19_and_4.1.22_officially_released_.282024.2F09.2F09.29
CVE-2024-45607 (whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official AP ...)
- TODO: check
+ NOT-FOR-US: whatsapp-api-js
CVE-2024-45383 (A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA ...)
NOT-FOR-US: Microsoft High Definition Audio Bus Driver
CVE-2024-45303 (Discourse Calendar plugin adds the ability to create a dynamic calenda ...)
@@ -269,17 +269,17 @@ CVE-2024-45182 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey
CVE-2024-45181 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey befor ...)
NOT-FOR-US: WIBU-SYSTEMS WibuKey
CVE-2024-44460 (An invalid read size in Nanomq v0.21.9 allows attackers to cause a Den ...)
- TODO: check
+ NOT-FOR-US: Nanomq
CVE-2024-44459 (A memory allocation issue in vernemq v2.0.1 allows attackers to cause ...)
- TODO: check
+ NOT-FOR-US: VerneMQ
CVE-2024-42484 (ESP-NOW Component provides a connectionless Wi-Fi communication protoc ...)
- TODO: check
+ NOT-FOR-US: ESP-NOW
CVE-2024-42483 (ESP-NOW Component provides a connectionless Wi-Fi communication protoc ...)
- TODO: check
+ NOT-FOR-US: ESP-NOW
CVE-2024-41629 (An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 a ...)
NOT-FOR-US: Texas Instruments Fusion Digital Power Designer
CVE-2024-40457 (No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that ...)
- TODO: check
+ NOT-FOR-US: No-IP Dynamic Update Client (DUC)
CVE-2024-3306 (Authorization Bypass Through User-Controlled Key vulnerability in Utar ...)
NOT-FOR-US: Utarit Information SoliClub
CVE-2024-3305 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -291,7 +291,7 @@ CVE-2024-38222 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerabi
CVE-2024-37397 (An External XML Entity (XXE) vulnerability in the provisioning web ser ...)
NOT-FOR-US: Ivanti
CVE-2024-36066 (The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets o ...)
- TODO: check
+ NOT-FOR-US: KeyFactor EJBCA
CVE-2024-34785 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
NOT-FOR-US: Ivanti
CVE-2024-34783 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
@@ -319,7 +319,7 @@ CVE-2024-32840 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or t
CVE-2024-2743 (An issue was discovered in GitLab-EE starting with version 13.3 before ...)
- gitlab <not-affected> (Specific to EE)
CVE-2024-2010 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: TE Informatics V5
CVE-2024-29847 (Deserialization of untrusted data in the agent portal of Ivanti EPM be ...)
NOT-FOR-US: Ivanti
CVE-2024-28991 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...)
@@ -329,9 +329,9 @@ CVE-2024-28990 (SolarWinds Access Rights Manager (ARM) was found to contain a ha
CVE-2024-28981 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
NOT-FOR-US: Hitachi
CVE-2024-27321 (An arbitrary code execution vulnerability exists in versions 0.0.8 and ...)
- TODO: check
+ NOT-FOR-US: Refuel Autolabel
CVE-2024-27320 (An arbitrary code execution vulnerability exists in versions 0.0.8 and ...)
- TODO: check
+ NOT-FOR-US: Refuel Autolabel
CVE-2024-25270 (An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit ...)
NOT-FOR-US: Mirapolis LMS
CVE-2024-20430 (A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f06d805046ed3ff609fad0f26993c367ad03f230
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f06d805046ed3ff609fad0f26993c367ad03f230
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/ac556057/attachment.htm>
More information about the debian-security-tracker-commits
mailing list