[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 21 16:11:28 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6bac27b by Salvatore Bonaccorso at 2024-04-21T17:11:05+02:00
Process some NFUs

- - - - -
354aca69 by Salvatore Bonaccorso at 2024-04-21T17:11:06+02:00
Add CVE-2024-31744/jasper

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2024-4020 (A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4019 (A vulnerability classified as critical has been found in Byzoro Smart  ...)
-	TODO: check
+	NOT-FOR-US: Byzoro Smart S80 Management Platform
 CVE-2024-4014 (The hCaptcha for WordPress plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4018 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust U-Series Appliance
 CVE-2024-4017 (Improper Privilege Management vulnerability in BeyondTrust U-Series Ap ...)
-	TODO: check
+	NOT-FOR-US: BeyondTrust U-Series Appliance
 CVE-2024-32392 (Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote  ...)
-	TODO: check
+	NOT-FOR-US: CmSimple
 CVE-2024-32391 (Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 all ...)
-	TODO: check
+	NOT-FOR-US: MacCMS
 CVE-2024-31994 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2024-31993 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2024-31992 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior to 1.4. ...)
-	TODO: check
+	NOT-FOR-US: Mealie
 CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the  ...)
 	TODO: check
 CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...)
 	TODO: check
 CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote  ...)
-	TODO: check
+	NOT-FOR-US: ARM mbed-os
 CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider,  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1480 (Unitronics Vision Standard line of controllers allow the Information M ...)
-	TODO: check
+	NOT-FOR-US: Unitronics
 CVE-2024-1057 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3979 (A vulnerability, which was classified as problematic, has been found i ...)
 	- vsomeip <itp> (bug #997892)
 CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns &  ...)
@@ -77,7 +77,7 @@ CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the compone
 CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...)
 	TODO: check
 CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application  ...)
 	NOT-FOR-US: Italtel Embrace
 CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web server fails ...)
@@ -87,7 +87,9 @@ CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows a
 CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap use-after-free via th ...)
 	TODO: check
 CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/j ...)
-	TODO: check
+	- jasper <removed>
+	NOTE: https://github.com/jasper-software/jasper/issues/381
+	NOTE: https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5
 CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an  ...)
 	NOT-FOR-US: SecuSTATION Camera
 CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file download vulner ...)
@@ -97,7 +99,7 @@ CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to SQL
 CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...)
 	NOT-FOR-US: Computer Laboratory Management System
 CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single user liv ...)
-	TODO: check
+	NOT-FOR-US: Owncast
 CVE-2024-30938 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...)
 	NOT-FOR-US: SEMCMS
 CVE-2024-30929 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1dfd3daf75bc3ba721daea25b47b75d80bafd89...354aca6966df943875e525cdeade4edb53433d1a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c1dfd3daf75bc3ba721daea25b47b75d80bafd89...354aca6966df943875e525cdeade4edb53433d1a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240421/68c56867/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list