[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 2 12:04:33 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ef9641b by Moritz Muehlenhoff at 2024-04-02T13:04:03+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -409,7 +409,7 @@ CVE-2024-26653 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7c9631969287a5366bc8e39cd5abff154b35fb80 (6.9-rc2)
 CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...)
-	TODO: check
+	NOT-FOR-US: Java JWT
 CVE-2024-2278 (Themify  WordPress plugin before 1.4.4 does not sanitise and escape so ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2263 (Themify  WordPress plugin before 1.4.4 does not sanitise and escape a  ...)
@@ -927,7 +927,7 @@ CVE-2024-28960 (An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-03/
 	NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
 CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus monitoring syste ...)
-	TODO: check
+	NOT-FOR-US: swift-prometheus
 CVE-2024-28714 (SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 al ...)
 	NOT-FOR-US: CRMEB_Java e-commerce system
 CVE-2024-28456 (Cross Site Scripting vulnerability in Campcodes Online Marriage Regist ...)
@@ -1992,7 +1992,7 @@ CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability in Artbe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed  ...)
-	TODO: check
+	NOT-FOR-US: precomp
 CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port 4000  ...)
 	NOT-FOR-US: TeslaMate
 CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...)
@@ -2278,9 +2278,9 @@ CVE-2024-2303 (The Easy Textillate plugin for WordPress is vulnerable to Stored
 CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-29442 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...)
-	TODO: check
+	NOTE: Bogus report on ROS, lacks all details and apparently never reported either
 CVE-2024-29440 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...)
-	TODO: check
+	NOTE: Bogus report on ROS, lacks all details and apparently never reported either
 CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task Management  ...)
 	NOT-FOR-US: SourceCodester PHP Task Management System
 CVE-2024-29302 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...)
@@ -2365,7 +2365,7 @@ CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cro
 CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...)
 	NOT-FOR-US: Vehicle Monitoring platform system CMSV6
 CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: @thi.ng/paths
 CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...)
 	NOT-FOR-US: Lepton CMS
 CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...)
@@ -2402,7 +2402,7 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web.
 	NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w
 	NOTE: https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 (v0.16.10)
 CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
 	NOT-FOR-US: phpMyFAQ
 CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
@@ -2661,7 +2661,7 @@ CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS Comman
 CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...)
 	NOT-FOR-US: HGW BL1500HM
 CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable to Prot ...)
-	TODO: check
+	NOT-FOR-US: Node web3
 CVE-2024-1962 (The CM Download Manager  WordPress plugin before 2.9.1 does not have C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not validate pos ...)
@@ -65289,7 +65289,7 @@ CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in process
 CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands from QDA ...)
 	NOT-FOR-US: Qualcomm
 CVE-2023-28547 (Memory corruption in SPS Application while requesting for public key i ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-28546 (Memory Corruption in SPS Application while exporting public key in sor ...)
 	NOT-FOR-US: Qualcomm
 CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef9641bf751bf5d5678d9f5352829f165851b6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef9641bf751bf5d5678d9f5352829f165851b6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240402/3115cf96/attachment.htm>

More information about the debian-security-tracker-commits mailing list