[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 21 16:11:28 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6bac27b by Salvatore Bonaccorso at 2024-04-21T17:11:05+02:00
Process some NFUs
- - - - -
354aca69 by Salvatore Bonaccorso at 2024-04-21T17:11:06+02:00
Add CVE-2024-31744/jasper
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
CVE-2024-4020 (A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro Smart ...)
- TODO: check
+ NOT-FOR-US: Byzoro Smart S80 Management Platform
CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust U-Series Appliance
CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...)
- TODO: check
+ NOT-FOR-US: BeyondTrust U-Series Appliance
CVE-2024-32392 (Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote ...)
- TODO: check
+ NOT-FOR-US: CmSimple
CVE-2024-32391 (Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 all ...)
- TODO: check
+ NOT-FOR-US: MacCMS
CVE-2024-31994 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...)
- TODO: check
+ NOT-FOR-US: Mealie
CVE-2024-31993 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...)
- TODO: check
+ NOT-FOR-US: Mealie
CVE-2024-31992 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...)
- TODO: check
+ NOT-FOR-US: Mealie
CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...)
- TODO: check
+ NOT-FOR-US: Mealie
CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the ...)
TODO: check
CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...)
TODO: check
CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: ARM mbed-os
CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1480 (Unitronics Vision Standard line of controllers allow the Information M ...)
- TODO: check
+ NOT-FOR-US: Unitronics
CVE-2024-1057 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...)
- vsomeip <itp> (bug #997892)
CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...)
@@ -77,7 +77,7 @@ CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the compone
CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...)
TODO: check
CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application ...)
NOT-FOR-US: Italtel Embrace
CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server fails ...)
@@ -87,7 +87,9 @@ CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a
CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap use-after-free via th ...)
TODO: check
CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/j ...)
- TODO: check
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/381
+ NOTE: https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5
CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an ...)
NOT-FOR-US: SecuSTATION Camera
CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file download vulner ...)
@@ -97,7 +99,7 @@ CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to SQL
CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...)
NOT-FOR-US: Computer Laboratory Management System
CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single user liv ...)
- TODO: check
+ NOT-FOR-US: Owncast
CVE-2024-30938 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...)
NOT-FOR-US: SEMCMS
CVE-2024-30929 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1dfd3daf75bc3ba721daea25b47b75d80bafd89...354aca6966df943875e525cdeade4edb53433d1a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1dfd3daf75bc3ba721daea25b47b75d80bafd89...354aca6966df943875e525cdeade4edb53433d1a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240421/68c56867/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list