[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 22 11:49:26 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
868ccb12 by Moritz Muehlenhoff at 2024-04-22T12:48:59+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,17 +17,17 @@ CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Au
 CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: flusity CMS
 CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: PX4 Autopilot
 CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3 ...)
-	TODO: check
+	NOT-FOR-US: Innovaphone
 CVE-2023-7252 (The Tickera  WordPress plugin before 3.5.2.5 does not prevent users fr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2018-25101 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Koha Library Management System
 CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment]
 	- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
 	- freerdp2 <unfixed>
@@ -89,7 +89,7 @@ CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior t
 CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the  ...)
 	TODO: check
 CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: autoexpress
 CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote  ...)
 	NOT-FOR-US: ARM mbed-os
 CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider,  ...)
@@ -127,7 +127,7 @@ CVE-2024-3470 (An Improper Privilege Management vulnerability was identified in
 CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability in Wpme ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono application  ...)
-	TODO: check
+	NOT-FOR-US: @hono/node-server
 CVE-2024-32650 (Rustls is a modern TLS library written in Rust. `rustls::ConnectionCom ...)
 	TODO: check
 CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain tha ...)
@@ -144,7 +144,7 @@ CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute arb
 CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the component \af ...)
 	NOT-FOR-US: WUZHICMS
 CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - ...)
-	TODO: check
+	NOT-FOR-US: Webid
 CVE-2024-32038 (Wazuh is a free and open source platform used for threat prevention, d ...)
 	NOT-FOR-US: Wazuh
 CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web application  ...)
@@ -235,13 +235,13 @@ CVE-2024-29957 (When Brocade SANnav before v2.3.1 and v2.3.0a servers are config
 CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component of Ivant ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its protection en ...)
-	TODO: check
+	NOT-FOR-US: OpenRASP
 CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...)
-	TODO: check
+	NOT-FOR-US: memos
 CVE-2024-29029 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...)
-	TODO: check
+	NOT-FOR-US: memos
 CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In memos 0. ...)
-	TODO: check
+	NOT-FOR-US: memos
 CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti Avalanche be ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService compone ...)
@@ -307,9 +307,9 @@ CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the lo
 CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows MPFS   ...)
 	NOT-FOR-US: Electrolink
 CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	TODO: check
 CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
@@ -325,7 +325,7 @@ CVE-2023-51792 (Buffer Overflow vulnerability in libde265 v1.0.12 allows a local
 CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
 	TODO: check
 CVE-2023-50260 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
 	TODO: check
 CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
@@ -341,9 +341,9 @@ CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 all
 CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a  ...)
 	TODO: check
 CVE-2023-49275 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2023-47435 (An issue in the verifyPassword function of hexo-theme-matery v2.0.0 al ...)
-	TODO: check
+	NOT-FOR-US: hexo-theme-matery
 CVE-2023-37400 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to esca ...)
 	NOT-FOR-US: IBM
 CVE-2023-37397 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obta ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/868ccb125648daf3bc380768521b7747b6bffcd2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/868ccb125648daf3bc380768521b7747b6bffcd2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240422/638c20e4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list