[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 17 Sep 2024 14:29:25 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c2869b9b by Moritz Muehlenhoff at 2024-09-17T23:28:56+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2024-8945 (A vulnerability has been found in CodeCanyon 
RISE Ultimate Projec
 CVE-2024-8944 (A vulnerability, which was classified as critical, was found in 
code-p ...)
        NOT-FOR-US: Hospital Management System
 CVE-2024-8939 (A vulnerability was found in the ilab model serve component, 
where imp ...)
-       TODO: check
+       NOT-FOR-US: RHEL AI
 CVE-2024-8900 (An attacker could write data to the user's clipboard, bypassing 
the us ...)
        TODO: check
 CVE-2024-8897 (Under certain conditions, an attacker with the ability to 
redirect use ...)
@@ -39,7 +39,7 @@ CVE-2024-8761 (The Share This Image plugin for WordPress is 
vulnerable to Open R
 CVE-2024-8660 (Concrete CMS versions 9.0.0 through 9.3.3 are affected by a 
stored XSS ...)
        NOT-FOR-US: Concrete CMS
 CVE-2024-7873 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: Veribase Order
 CVE-2024-7788 (Improper Digital Signature Invalidation vulnerability in Zip 
Repair Mo ...)
        - libreoffice 4:24.2.5-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788
@@ -56,23 +56,23 @@ CVE-2024-46362 (FrogCMS V0.9.5 was discovered to contain a 
Cross-Site Request Fo
 CVE-2024-46085 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request 
Forgery  ...)
        NOT-FOR-US: FrogCMS
 CVE-2024-45812 (Vite a frontend build tooling framework for javascript. 
Affected versi ...)
-       TODO: check
+       NOT-FOR-US: Vite
 CVE-2024-45811 (Vite a frontend build tooling framework for javascript. In 
affected ve ...)
-       TODO: check
+       NOT-FOR-US: Vite
 CVE-2024-45804
        REJECTED
 CVE-2024-45803 (Wire UI is a library of components and resources to empower 
Laravel an ...)
-       TODO: check
+       NOT-FOR-US: Wire UI
 CVE-2024-45798 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, 
ESP32-S3, ES ...)
-       TODO: check
+       NOT-FOR-US: arduino-esp32
 CVE-2024-45682 (There is a command injection vulnerability that may allow an 
attacker  ...)
-       TODO: check
+       NOT-FOR-US: Proroute H685t-w
 CVE-2024-45612 (Contao is an Open Source CMS. In affected versions an 
untrusted user c ...)
        NOT-FOR-US: Contao CMS
 CVE-2024-45606 (Sentry is a developer-first error tracking and performance 
monitoring  ...)
-       TODO: check
+       NOT-FOR-US: Sentry
 CVE-2024-45605 (Sentry is a developer-first error tracking and performance 
monitoring  ...)
-       TODO: check
+       NOT-FOR-US: Sentry
 CVE-2024-45604 (Contao is an Open Source CMS. In affected versions 
authenticated users ...)
        NOT-FOR-US: Contao CMS
 CVE-2024-45537 (Apache Druid allows users with certain permissions to read 
data from o ...)
@@ -84,25 +84,25 @@ CVE-2024-45384 (Padding Oracle vulnerability in Apache 
Druid extension, druid-pa
 CVE-2024-43460 (Improper authorization in Dynamics 365 Business Central 
resulted in a  ...)
        NOT-FOR-US: Microsoft
 CVE-2024-42503 (Authenticated command execution vulnerability exist in the  
ArubaOS co ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2024-42502 (Authenticated command injection vulnerability exists in the 
ArubaOS co ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2024-42501 (An authenticated Path Traversal vulnerabilities exists in the 
ArubaOS. ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2024-38860 (Improper neutralization of input in Checkmk before versions 
2.3.0p16 a ...)
-       TODO: check
+       - check-mk <removed>
 CVE-2024-38813 (The vCenter Server contains a privilege escalation 
vulnerability.A mal ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2024-38812 (ThevCenter Server contains a heap-overflow vulnerability in 
the implem ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2024-38380 (This vulnerability occurs when user-supplied input is 
improperly sanit ...)
-       TODO: check
+       NOT-FOR-US: Proroute H685t-w
 CVE-2024-38183 (An improper access control vulnerability in GroupMe allows an 
a unauth ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-22303 (Incorrect Privilege Assignment vulnerability in favethemes 
Houzez houz ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-21743 (Privilege Escalation vulnerability in favethemes Houzez Login 
Register ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8421
        NOT-FOR-US: Red Hat specific golang.org/x/net/http2 CVE relating to 
CVE-2023-39325
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309710#c7



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2869b9b80db363ee3b2c4a743e628f595ab6deb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2869b9b80db363ee3b2c4a743e628f595ab6deb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to