[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 4 10:02:27 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e564fbdb by Salvatore Bonaccorso at 2024-12-04T11:02:17+01:00
Process some NFUs

- - - - -
b77dd69f by Salvatore Bonaccorso at 2024-12-04T11:02:18+01:00
Add two "new" matrix-synapse issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -92,11 +92,11 @@ CVE-2024-10663 (The Eleblog \u2013 Elementor Blog And Magazine Addons plugin for
 CVE-2024-10587 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6978 (The WP Job Manager \u2013 Company Profiles plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52944 (Incorrect authorization vulnerability in ActionRule webapi component i ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2023-52943 (Incorrect authorization vulnerability in Alert.Setting webapi componen ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-9978 (in OpenHarmony v4.1.1 and prior versions allow a local attacker cause  ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2024-54000 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
@@ -155,9 +155,12 @@ CVE-2024-41775 (IBM Cognos Controller 11.0.0 and 11.0.1uses weaker than expected
 CVE-2024-40691 (IBM Cognos Controller 11.0.0 and 11.0.1   could be vulnerable to malic ...)
 	NOT-FOR-US: IBM
 CVE-2024-37303 (Synapse is an open-source Matrix homeserver. Synapse before version 1. ...)
-	TODO: check
+	- matrix-synapse 1.116.0-1
+	NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
+	NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3916
 CVE-2024-37302 (Synapse is an open-source Matrix homeserver. Synapse versions before 1 ...)
-	TODO: check
+	- matrix-synapse 1.116.0-1
+	NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
 CVE-2024-29404 (An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.202402 ...)
 	TODO: check
 CVE-2024-25036 (IBM Cognos Controller 11.0.0 and 11.0.1       could allow an authentic ...)
@@ -191,7 +194,7 @@ CVE-2024-11325 (The AWeber Forms by Optin Cat plugin for WordPress is vulnerable
 CVE-2024-11200 (The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10074 (in OpenHarmony v4.1.1 and prior versions allow a local attacker cause  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2023-7255
 	REJECTED
 CVE-2024-45106 (Improper authentication of an HTTP endpoint in the S3 Gateway of Apach ...)
@@ -476105,7 +476108,7 @@ CVE-2018-9451 (In DynamicRefTable::load of ResourceTypes.cpp, there is a possibl
 CVE-2018-9450 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of ...)
 	NOT-FOR-US: Android
 CVE-2018-9449 (In process_service_search_attr_rsp of sdp_discovery.cc, there is a pos ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bou ...)
 	NOT-FOR-US: Android
 CVE-2018-9447
@@ -476121,7 +476124,7 @@ CVE-2018-9443
 CVE-2018-9442
 	RESERVED
 CVE-2018-9441 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of b ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9440 (In parse of M3UParser.cpp there is a possible resource exhaustion due  ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2018-9439
@@ -476133,7 +476136,7 @@ CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read du
 CVE-2018-9436 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
 	NOT-FOR-US: Android
 CVE-2018-9435 (In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bo ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9434
 	RESERVED
 	NOT-FOR-US: Android
@@ -476253,9 +476256,9 @@ CVE-2018-9383
 CVE-2018-9382
 	RESERVED
 CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a possibleinf ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds w ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9379
 	RESERVED
 CVE-2018-9378



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d22546989148af87055467cfeeb6988e4a9fb775...b77dd69faa6ed9dd12babb3ece0a25f44f8d6f1b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d22546989148af87055467cfeeb6988e4a9fb775...b77dd69faa6ed9dd12babb3ece0a25f44f8d6f1b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241204/4af8df8a/attachment.htm>


More information about the debian-security-tracker-commits mailing list