[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 13 08:51:14 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f06d8050 by Moritz Muehlenhoff at 2024-09-13T09:50:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -134,9 +134,9 @@ CVE-2024-8706 (A vulnerability was found in JFinalCMS up to 20240903. It has bee
 CVE-2024-8705 (A vulnerability was found in Shandong Star Measurement and Control Equ ...)
 	NOT-FOR-US: Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System
 CVE-2024-8696 (A remote code execution (RCE) vulnerability via crafted extension publ ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop
 CVE-2024-8695 (A remote code execution (RCE) vulnerability via crafted extension desc ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop
 CVE-2024-8694 (A vulnerability, which was classified as problematic, was found in JFi ...)
 	NOT-FOR-US: JFinalCMS
 CVE-2024-8641 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -226,27 +226,27 @@ CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions st
 CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0 or newer ...)
 	NOT-FOR-US: Cleanlab project
 CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all versions of t ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45855 (Deserialization of untrusted data can occur in versions 23.10.2.0 and  ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45854 (Deserialization of untrusted data can occur in versions 23.10.3.0 and  ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45853 (Deserialization of untrusted data can occur in versions 23.10.2.0 and  ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45852 (Deserialization of untrusted data can occur in versions 23.3.2.0 and n ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45851 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45850 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45849 (An arbitrary code execution vulnerability exists in versions 23.10.5.0 ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45848 (An arbitrary code execution vulnerability exists in versions 23.12.4.0 ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45847 (An arbitrary code execution vulnerability exists in versions 23.11.4.2 ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45846 (An arbitrary code execution vulnerability exists in versions 23.10.3.0 ...)
-	TODO: check
+	NOT-FOR-US: MindsDB
 CVE-2024-45826 (CVE-2024-45826 IMPACT Due to improper input validation, a path travers ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-45825 (CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the  ...)
@@ -259,7 +259,7 @@ CVE-2024-45624 (Exposure of sensitive information due to incompatible policies i
 	- pgpool2 <unfixed>
 	NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#Pgpool-II_4.5.4.2C_4.4.9.2C_4.3.12.2C_4.2.19_and_4.1.22_officially_released_.282024.2F09.2F09.29
 CVE-2024-45607 (whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official AP ...)
-	TODO: check
+	NOT-FOR-US: whatsapp-api-js
 CVE-2024-45383 (A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA ...)
 	NOT-FOR-US: Microsoft High Definition Audio Bus Driver
 CVE-2024-45303 (Discourse Calendar plugin adds the ability to create a dynamic calenda ...)
@@ -269,17 +269,17 @@ CVE-2024-45182 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey
 CVE-2024-45181 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey befor ...)
 	NOT-FOR-US: WIBU-SYSTEMS WibuKey
 CVE-2024-44460 (An invalid read size in Nanomq v0.21.9 allows attackers to cause a Den ...)
-	TODO: check
+	NOT-FOR-US: Nanomq
 CVE-2024-44459 (A memory allocation issue in vernemq v2.0.1 allows attackers to cause  ...)
-	TODO: check
+	NOT-FOR-US: VerneMQ
 CVE-2024-42484 (ESP-NOW Component provides a connectionless Wi-Fi communication protoc ...)
-	TODO: check
+	NOT-FOR-US: ESP-NOW
 CVE-2024-42483 (ESP-NOW Component provides a connectionless Wi-Fi communication protoc ...)
-	TODO: check
+	NOT-FOR-US: ESP-NOW
 CVE-2024-41629 (An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 a ...)
 	NOT-FOR-US: Texas Instruments Fusion Digital Power Designer
 CVE-2024-40457 (No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that ...)
-	TODO: check
+	NOT-FOR-US: No-IP Dynamic Update Client (DUC)
 CVE-2024-3306 (Authorization Bypass Through User-Controlled Key vulnerability in Utar ...)
 	NOT-FOR-US: Utarit Information SoliClub
 CVE-2024-3305 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -291,7 +291,7 @@ CVE-2024-38222 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerabi
 CVE-2024-37397 (An External XML Entity (XXE) vulnerability in the provisioning web ser ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-36066 (The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets o ...)
-	TODO: check
+	NOT-FOR-US: KeyFactor EJBCA
 CVE-2024-34785 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-34783 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
@@ -319,7 +319,7 @@ CVE-2024-32840 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or t
 CVE-2024-2743 (An issue was discovered in GitLab-EE starting with version 13.3 before ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2024-2010 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: TE Informatics V5
 CVE-2024-29847 (Deserialization of untrusted data in the agent portal of Ivanti EPM be ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-28991 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to  ...)
@@ -329,9 +329,9 @@ CVE-2024-28990 (SolarWinds Access Rights Manager (ARM) was found to contain a ha
 CVE-2024-28981 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
 	NOT-FOR-US: Hitachi
 CVE-2024-27321 (An arbitrary code execution vulnerability exists in versions 0.0.8 and ...)
-	TODO: check
+	NOT-FOR-US: Refuel Autolabel
 CVE-2024-27320 (An arbitrary code execution vulnerability exists in versions 0.0.8 and ...)
-	TODO: check
+	NOT-FOR-US: Refuel Autolabel
 CVE-2024-25270 (An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit ...)
 	NOT-FOR-US: Mirapolis LMS
 CVE-2024-20430 (A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f06d805046ed3ff609fad0f26993c367ad03f230

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f06d805046ed3ff609fad0f26993c367ad03f230
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/ac556057/attachment.htm>

More information about the debian-security-tracker-commits mailing list