[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Sep 17 22:29:16 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2869b9b by Moritz Muehlenhoff at 2024-09-17T23:28:56+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2024-8945 (A vulnerability has been found in CodeCanyon RISE Ultimate Projec
 CVE-2024-8944 (A vulnerability, which was classified as critical, was found in code-p ...)
 	NOT-FOR-US: Hospital Management System
 CVE-2024-8939 (A vulnerability was found in the ilab model serve component, where imp ...)
-	TODO: check
+	NOT-FOR-US: RHEL AI
 CVE-2024-8900 (An attacker could write data to the user's clipboard, bypassing the us ...)
 	TODO: check
 CVE-2024-8897 (Under certain conditions, an attacker with the ability to redirect use ...)
@@ -39,7 +39,7 @@ CVE-2024-8761 (The Share This Image plugin for WordPress is vulnerable to Open R
 CVE-2024-8660 (Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2024-7873 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Veribase Order
 CVE-2024-7788 (Improper Digital Signature Invalidation vulnerability in Zip Repair Mo ...)
 	- libreoffice 4:24.2.5-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788
@@ -56,23 +56,23 @@ CVE-2024-46362 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Fo
 CVE-2024-46085 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
 	NOT-FOR-US: FrogCMS
 CVE-2024-45812 (Vite a frontend build tooling framework for javascript. Affected versi ...)
-	TODO: check
+	NOT-FOR-US: Vite
 CVE-2024-45811 (Vite a frontend build tooling framework for javascript. In affected ve ...)
-	TODO: check
+	NOT-FOR-US: Vite
 CVE-2024-45804
 	REJECTED
 CVE-2024-45803 (Wire UI is a library of components and resources to empower Laravel an ...)
-	TODO: check
+	NOT-FOR-US: Wire UI
 CVE-2024-45798 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
-	TODO: check
+	NOT-FOR-US: arduino-esp32
 CVE-2024-45682 (There is a command injection vulnerability that may allow an attacker  ...)
-	TODO: check
+	NOT-FOR-US: Proroute H685t-w
 CVE-2024-45612 (Contao is an Open Source CMS. In affected versions an untrusted user c ...)
 	NOT-FOR-US: Contao CMS
 CVE-2024-45606 (Sentry is a developer-first error tracking and performance monitoring  ...)
-	TODO: check
+	NOT-FOR-US: Sentry
 CVE-2024-45605 (Sentry is a developer-first error tracking and performance monitoring  ...)
-	TODO: check
+	NOT-FOR-US: Sentry
 CVE-2024-45604 (Contao is an Open Source CMS. In affected versions authenticated users ...)
 	NOT-FOR-US: Contao CMS
 CVE-2024-45537 (Apache Druid allows users with certain permissions to read data from o ...)
@@ -84,25 +84,25 @@ CVE-2024-45384 (Padding Oracle vulnerability in Apache Druid extension, druid-pa
 CVE-2024-43460 (Improper authorization in Dynamics 365 Business Central resulted in a  ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-42503 (Authenticated command execution vulnerability exist in the  ArubaOS co ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-42502 (Authenticated command injection vulnerability exists in the ArubaOS co ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-42501 (An authenticated Path Traversal vulnerabilities exists in the ArubaOS. ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-38860 (Improper neutralization of input in Checkmk before versions 2.3.0p16 a ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2024-38813 (The vCenter Server contains a privilege escalation vulnerability.A mal ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-38812 (ThevCenter Server contains a heap-overflow vulnerability in the implem ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-38380 (This vulnerability occurs when user-supplied input is improperly sanit ...)
-	TODO: check
+	NOT-FOR-US: Proroute H685t-w
 CVE-2024-38183 (An improper access control vulnerability in GroupMe allows an a unauth ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-22303 (Incorrect Privilege Assignment vulnerability in favethemes Houzez houz ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-21743 (Privilege Escalation vulnerability in favethemes Houzez Login Register ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8421
 	NOT-FOR-US: Red Hat specific golang.org/x/net/http2 CVE relating to CVE-2023-39325
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309710#c7



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2869b9b80db363ee3b2c4a743e628f595ab6deb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2869b9b80db363ee3b2c4a743e628f595ab6deb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240917/90990706/attachment.htm>

More information about the debian-security-tracker-commits mailing list