[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2eefd8e9 by Moritz Muehlenhoff at 2024-06-03T18:02:41+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application 
Security Gat ...)
-       TODO: check
+       NOT-FOR-US: Netentsec
 CVE-2024-5589 (A vulnerability was found in Netentsec NS-ASG Application 
Security Gat ...)
-       TODO: check
+       NOT-FOR-US: Netentsec
 CVE-2024-5311 (DigiWin EasyFlow .NET lacks validation for certain input 
parameters. A ...)
-       TODO: check
+       NOT-FOR-US: DigiWin EasyFlow .NET
 CVE-2024-37031 (The Active Admin (aka activeadmin) framework before 3.2.2 for 
Ruby on  ...)
-       TODO: check
+       NOT-FOR-US: Active Admin (aka activeadmin) framework
 CVE-2024-36964 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
        - linux 6.8.11-1
        [bullseye] - linux 5.10.218-1
@@ -32,47 +32,47 @@ CVE-2024-36960 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux 5.10.218-1
        NOTE: 
https://git.kernel.org/linus/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c (6.9-rc7)
 CVE-2024-36042 (Silverpeas before 6.3.5 allows authentication bypass by 
omitting the P ...)
-       TODO: check
+       NOT-FOR-US: Silverpeas
 CVE-2024-35643 (Cross Site Scripting (XSS) vulnerability in Xabier Miranda WP 
Back But ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-35642 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-35641 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-35640 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-31493 (An improper removal of sensitive information before storage or 
transfe ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2024-23107 (An exposure of sensitive information to an unauthorized actor 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2024-20075 (In eemgpu, there is a possible out of bounds write due to a 
missing bo ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20074 (In dmc, there is a possible out of bounds write due to a 
missing bound ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20073 (In wlan service, there is a possible out of bounds write due 
to improp ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20072 (In wlan driver, there is a possible out of bounds write due to 
imprope ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20071 (In wlan driver, there is a possible out of bounds read due to 
improper ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20070 (In modem, there is a possible information disclosure due to 
using risk ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20069 (In modem, there is a possible selection of less-secure 
algorithm durin ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20068 (In modem, there is a possible system crash due to improper 
input valid ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20067 (In modem, there is a possible out of bounds write due to 
improper inpu ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20066 (In modem, there is a possible out of bounds write due to an 
incorrect  ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2024-20065 (In telephony, there is a possible information disclosure due 
to a miss ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2023-51436 (Cross-site scripting vulnerability exists in UNIVERSAL 
PASSPORT RX ver ...)
-       TODO: check
+       NOT-FOR-US: UNIVERSAL PASSPORT RX
 CVE-2023-48789 (A client-side enforcement of server-side security in Fortinet 
FortiPor ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2023-42427 (Cross-site scripting vulnerability exists in UNIVERSAL 
PASSPORT RX ver ...)
-       TODO: check
+       NOT-FOR-US: UNIVERSAL PASSPORT RX
 CVE-2024-5588 (A vulnerability was found in itsourcecode Learning Management 
System 1 ...)
        NOT-FOR-US: itsourcecode Learning Management System
 CVE-2024-5587 (A vulnerability was found in Casdoor up to 1.335.0. It has been 
classi ...)
@@ -205,7 +205,7 @@ CVE-2024-36843 (libmodbus v3.1.6 was discovered to contain 
a heap overflow via t
 CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation 
techniqu ...)
        TODO: check
 CVE-2024-36108 (casgate is an Open Source Identity and Access Management 
system. In af ...)
-       TODO: check
+       NOT-FOR-US: casgate
 CVE-2024-35196 (Sentry is a developer-first error tracking and performance 
monitoring  ...)
        NOT-FOR-US: Sentry
 CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could 
allow a  ...)
@@ -307,7 +307,7 @@ CVE-2024-37017 (asdcplib (aka AS-DCP Lib) 2.13.1 has a 
heap-based buffer over-re
 CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and 
Unifier Cast ...)
        NOT-FOR-US: Unifier and Unifier Cast
 CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building 
website ...)
-       TODO: check
+       NOT-FOR-US: Statamic
 CVE-2024-32850 (Improper neutralization of special elements used in a command 
('Comman ...)
        NOT-FOR-US: SkyBridge
 CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management 
\u2013 ...)
@@ -976,7 +976,7 @@ CVE-2024-36016 (In the Linux kernel, the following 
vulnerability has been resolv
 CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of 
Service ( ...)
        TODO: check
 CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a 
NULL point ...)
-       TODO: check
+       NOT-FOR-US: Cesenta Mongoose
 CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer 
overflow ...)
        - sngrep <unfixed> (unimportant)
        NOTE: 
https://github.com/inputzero/Security-Advisories/blob/main/CVE-XXXX-XXXX.md
@@ -986,7 +986,7 @@ CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to 
contain a heap buffer ov
 CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the 
read_charset_decl  ...)
        TODO: check
 CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series 
before 5.7.0 ...)
-       TODO: check
+       NOT-FOR-US: Yubico YubiKey
 CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel 
MiContact Center ...)
        NOT-FOR-US: Mitel
 CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact 
Center Busi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eefd8e9fdf6be3768a86e5febfc7fcff60a97d9

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eefd8e9fdf6be3768a86e5febfc7fcff60a97d9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits