[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Feb 5 08:41:21 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f5aeb80 by Moritz Muehlenhoff at 2024-02-05T09:40:57+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,13 @@
+CVE-2024-0406
+	NOT-FOR-US: mholt/archiver Go package
 CVE-2024-25089 (Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows r ...)
-	TODO: check
+	NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control
 CVE-2024-24870 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24866 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24865 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24864 (A race condition was found in the Linux kernel's media/dvb-core in dvb ...)
 	TODO: check
 CVE-2024-24861 (A race condition was found in the Linux kernel's media/xc4000 device d ...)
@@ -21,17 +23,17 @@ CVE-2024-24857 (A race condition was found in the Linux kernel's net/bluetooth d
 CVE-2024-24855 (A race condition was found in the Linux kernel's scsi device driver in ...)
 	TODO: check
 CVE-2024-24848 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24847 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24838 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23196 (A race condition was found in the Linux kernel's sound/hda  device dri ...)
 	TODO: check
 CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because did_set_ ...)
@@ -39,45 +41,45 @@ CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because di
 CVE-2024-22386 (A race condition was found in the Linux kernel's drm/exynos device dri ...)
 	TODO: check
 CVE-2024-20016 (In ged, there is a possible out of bounds write due to an integer over ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20015 (In telephony, there is a possible escalation of privilege due to a per ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20013 (In keyInstall, there is a possible out of bounds write due to a missin ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20012 (In keyInstall, there is a possible escalation of privilege due to type ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20011 (In alac decoder, there is a possible information disclosure due to an  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20010 (In keyInstall, there is a possible escalation of privilege due to type ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20009 (In alac decoder, there is a possible out of bounds write due to an inc ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20007 (In mp3 decoder, there is a possible out of bounds write due to a race  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20006 (In da, there is a possible out of bounds write due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20004 (In Modem NL1, there is a possible system crash due to an improper inpu ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20003 (In Modem NL1, there is a possible system crash due to an improper inpu ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20002 (In TVAPI, there is a possible out of bounds write due to a missing bou ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2024-20001 (In TVAPI, there is a possible out of bounds write due to a missing bou ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2023-7077 (Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554 ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2023-5800 (Vintage, member of the AXIS OS Bug Bounty Program, has found that the  ...)
-	TODO: check
+	NOT-FOR-US: AXIS
 CVE-2023-5677 (Brandon Rothel from QED Secure Solutions has found that the VAPIX API  ...)
-	TODO: check
+	NOT-FOR-US: AXIS
 CVE-2023-51504 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47170
 	REJECTED
 CVE-2021-46903 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firm ...)
-	TODO: check
+	NOT-FOR-US: Meinberg
 CVE-2021-46902 (An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firm ...)
-	TODO: check
+	NOT-FOR-US: Meinberg
 CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 ...)
 	- libxml2 <unfixed>
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
@@ -100,7 +102,7 @@ CVE-2020-36773 (Artifex Ghostscript before 9.53.0 has an out-of-bounds write and
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702229
 	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?8c7bd787defa071c96289b7da9397f673fddb874 (ghostpdl-9.53.0rc1)
 CVE-2018-25098 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmaso ...)
-	TODO: check
+	NOT-FOR-US: blackmason credit-protocol
 CVE-2023-50947 (IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnera ...)
 	NOT-FOR-US: IBM
 CVE-2023-33851 (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f5aeb80d1b56c2ff87cc135b6897dc09403d9ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f5aeb80d1b56c2ff87cc135b6897dc09403d9ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240205/bb9977ab/attachment.htm>


More information about the debian-security-tracker-commits mailing list