[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 12 Sep 2024 00:56:45 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7e66dada by Moritz Muehlenhoff at 2024-09-12T09:56:14+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,9 +15,9 @@ CVE-2024-8687 (An information exposure vulnerability exists 
in Palo Alto Network
 CVE-2024-8686 (A command injection vulnerability in Palo Alto Networks PAN-OS 
softwar ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2024-8646 (In Eclipse Glassfish versions prior to 7.0.10, a URL 
redirection vulne ...)
-       TODO: check
+       NOT-FOR-US: Eclipse Glassfish
 CVE-2024-8642 (In Eclipse Dataspace Components, from version 0.5.0 and before 
version ...)
-       TODO: check
+       NOT-FOR-US: Eclipse Dataspace Components
 CVE-2024-8306 (CWE-269: Improper Privilege Management vulnerability exists 
that could ...)
        NOT-FOR-US: Schneider Electric
 CVE-2024-8277 (The WooCommerce Photo Reviews Premium plugin for WordPress is 
vulnerab ...)
@@ -73,39 +73,39 @@ CVE-2024-44466 (COMFAST CF-XR11 V2.7.2 has a command 
injection vulnerability in
 CVE-2024-43793 (Halo is an open source website building tool. A security 
vulnerability ...)
        NOT-FOR-US: Halo
 CVE-2024-42760 (SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a 
remote at ...)
-       TODO: check
+       NOT-FOR-US: Ellevo
 CVE-2024-41868 (Audition versions 24.4.1, 23.6.6 and earlier are affected by 
an out-of ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-39378 (Audition versions 24.4.1, 23.6.6 and earlier are affected by 
an out-of ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-27115 (A unauthenticated Remote Code Execution (RCE) vulnerability is 
found i ...)
-       TODO: check
+       NOT-FOR-US: Simple Online Planning
 CVE-2024-27114 (A unauthenticated Remote Code Execution (RCE) vulnerability is 
found i ...)
-       TODO: check
+       NOT-FOR-US: Simple Online Planning
 CVE-2024-27113 (An unauthenticated Insecure Direct Object Reference (IDOR) to 
the data ...)
-       TODO: check
+       NOT-FOR-US: Simple Online Planning
 CVE-2024-27112 (A unauthenticated SQL Injection has been found in the SO 
Planning tool ...)
-       TODO: check
+       NOT-FOR-US: Simple Online Planning
 CVE-2024-20489 (A vulnerability in the storage method of the PON Controller 
configurat ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20483 (Multiple vulnerabilities in Cisco Routed PON Controller 
Software, whic ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20406 (A vulnerability in the segment routing feature for the 
Intermediate Sy ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20398 (A vulnerability in the CLI of Cisco IOS XR Software could 
allow an aut ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20390 (A vulnerability in the Dedicated XML Agent feature of Cisco 
IOS XR Sof ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20381 (A vulnerability in the JSON-RPC API feature in ConfD that is 
used by t ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20343 (A vulnerability in the CLI of Cisco IOS XR Software could 
allow an aut ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20317 (A vulnerability in the handling of specific Ethernet frames by 
Cisco I ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20304 (A vulnerability in the multicast traceroute version 2 
(Mtrace2) featur ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2019-25212 (The video carousel slider with lightbox plugin for WordPress 
is vulner ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-46672 (In the Linux kernel, the following vulnerability has been 
resolved:  w ...)
        - linux 6.10.7-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -273,7 +273,7 @@ CVE-2024-23906 (Improper Neutralization of Input During Web 
Page Generation (CWE
 CVE-2024-23716 (In DevmemIntPFNotify of devicemem_server.c, there is a 
possible use-af ...)
        TODO: check
 CVE-2024-21529 (Versions of the package dset before 3.1.4 are vulnerable to 
Prototype  ...)
-       TODO: check
+       NOT-FOR-US: Node dset
 CVE-2024-1656 (Affected versions of Octopus Server had a weak content security 
policy ...)
        NOT-FOR-US: Octopus Server
 CVE-2024-8096 (When curl is told to use the Certificate Status Request TLS 
extension, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e66dada338f0d9c54e0528b2a6be933ef41cd14

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e66dada338f0d9c54e0528b2a6be933ef41cd14
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to