[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 20 09:30:10 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4b433c5 by Moritz Muehlenhoff at 2024-09-20T10:29:53+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2024-8652 (A vulnerability in NetCat CMS allows an attacker to execute JavaS
 CVE-2024-8651 (A vulnerability in NetCat CMS allows an attacker to send a specially c ...)
 	NOT-FOR-US: NetCat CMS
 CVE-2024-8375 (There exists a use after free vulnerability in Reverb.Reverb supports  ...)
-	TODO: check
+	NOT-FOR-US: Google Reverb
 CVE-2024-8354 (A flaw was found in QEMU. An assertion failure was present in the usb_ ...)
 	- qemu <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313497
@@ -39,9 +39,9 @@ CVE-2024-8354 (A flaw was found in QEMU. An assertion failure was present in the
 CVE-2024-7785 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: Ece Software Electronic Ticket System
 CVE-2024-7737 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in  ...)
-	TODO: check
+	NOT-FOR-US: 3DSwymer
 CVE-2024-7736 (A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA  ...)
-	TODO: check
+	NOT-FOR-US: ENOVIA
 CVE-2024-47162 (In JetBrains YouTrack before 2024.3.44799 token could be revealed on I ...)
 	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-47160 (In JetBrains YouTrack before 2024.3.44799 access to global app config  ...)
@@ -55,13 +55,13 @@ CVE-2024-47000 (Zitadel is an open source identity management platform. ZITADEL'
 CVE-2024-46999 (Zitadel is an open source identity management platform. ZITADEL's user ...)
 	NOT-FOR-US: Zitadel
 CVE-2024-46984 (The reference validator is a tool to perform advanced validation of FH ...)
-	TODO: check
+	NOT-FOR-US: Gematik
 CVE-2024-46983 (sofa-hessian is an internal improved version of Hessian3/4 powered by  ...)
-	TODO: check
+	NOT-FOR-US: sofa-hessian
 CVE-2024-46394 (FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
 	NOT-FOR-US: FrogCMS
 CVE-2024-46382 (A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a re ...)
-	TODO: check
+	NOT-FOR-US: litemall
 CVE-2024-45862 (Kastle Systems firmware prior to May 1, 2024, stored machine credentia ...)
 	NOT-FOR-US: Kastle Systems firmware
 CVE-2024-45861 (Kastle Systems firmware prior to May 1, 2024, contained a hard-coded c ...)
@@ -81,23 +81,23 @@ CVE-2024-45752 (logiops through 0.3.4, in its default configuration, allows any
 CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In affected vers ...)
 	TODO: check
 CVE-2024-43496 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43489 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-41721 (An insufficient boundary validation in the USB code could lead to an o ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-40125 (An arbitrary file upload vulnerability in the Media Manager function o ...)
-	TODO: check
+	NOT-FOR-US: Closed-Loop Technology CLESS Server
 CVE-2024-38221 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38016 (Microsoft Office Visio Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-33109 (Directory Traversal in the web interface of the Tiptel IP 286 with fir ...)
-	TODO: check
+	NOT-FOR-US: Tiptel
 CVE-2024-31570 (libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffe ...)
 	TODO: check
 CVE-2024-25673 (Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earli ...)
-	TODO: check
+	NOT-FOR-US: Couchbase Server
 CVE-2024-8986 (The grafana plugin SDK bundles build metadata into the binaries it com ...)
 	NOT-FOR-US: Grafana plugin
 CVE-2024-8883 (A misconfiguration flaw was found in Keycloak. This issue can allow an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4b433c51a8d153a6d4c335c0bea4fb449426f9e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4b433c51a8d153a6d4c335c0bea4fb449426f9e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240920/15be333d/attachment.htm>

More information about the debian-security-tracker-commits mailing list