[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 9 13:39:06 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b3a5ce1 by Moritz Muehlenhoff at 2024-02-09T14:37:02+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -305,7 +305,7 @@ CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed
 CVE-2024-24812 (Frappe is a full-stack web application framework that uses Python and  ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2024-24811 (SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnera ...)
-	TODO: check
+	NOT-FOR-US: SQLAlchemyDA
 CVE-2024-24771 (Open Forms allows users create and publish smart forms. Versions prior ...)
 	NOT-FOR-US: Open Forms
 CVE-2024-24706 (Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp ...)
@@ -627,7 +627,7 @@ CVE-2024-24112 (xmall v1.1 was discovered to contain a SQL injection vulnerabili
 CVE-2024-23304 (Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthentica ...)
 	NOT-FOR-US: Cybozu KUNAI for Android
 CVE-2024-23049 (An issue in symphony v.3.6.3 and before allows a remote attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: symphony forum software
 CVE-2024-22853 (D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password fo ...)
 	NOT-FOR-US: D-LINK
 CVE-2024-22852 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...)
@@ -783,7 +783,7 @@ CVE-2024-0244 (Buffer overflow in CPCA PCFAX number process of Office Multifunct
 CVE-2024-0221 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0202 (A security vulnerability has been identified in the cryptlib cryptogra ...)
-	TODO: check
+	NOT-FOR-US: cryptlib
 CVE-2023-7029 (The WordPress Button Plugin MaxButtons plugin for WordPress is vulnera ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7014 (The Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molo ...)
@@ -962,7 +962,7 @@ CVE-2024-23109 (An improper neutralization of special elements used in an os com
 CVE-2024-23108 (An improper neutralization of special elements used in an os command ( ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-23054 (An issue in Plone Docker Official Image 5.2.13 (5221) open-source soft ...)
-	TODO: check
+	NOT-FOR-US: official Plone Docker image
 CVE-2024-22567 (File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arb ...)
 	NOT-FOR-US: MCMS
 CVE-2024-22202 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
@@ -982,9 +982,9 @@ CVE-2023-6874 (Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service
 CVE-2023-6028 (A reflected cross-site scripting (XSS) vulnerability exists in the SVG ...)
 	NOT-FOR-US: B&R Automation Runtime
 CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. Engrampa is f ...)
 	- engrampa <unfixed> (bug #1063494)
 	NOTE: https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v
@@ -1693,7 +1693,7 @@ CVE-2024-21626 (runc is a CLI tool for spawning and running containers on Linux
 	NOTE: https://github.com/opencontainers/runc/commit/ee73091a8d28692fa4868bac81aa40a0b05f9780
 	NOTE: https://github.com/opencontainers/runc/commit/d8edada9f252873b88043279a71099db71941dea
 CVE-2024-24579 (stereoscope is a go library for processing container images and simula ...)
-	TODO: check
+	NOT-FOR-US: stereoscope
 CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...)
 	NOT-FOR-US: Lobe Chat
 CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...)
@@ -56231,7 +56231,7 @@ CVE-2023-27003
 CVE-2023-27002
 	RESERVED
 CVE-2023-27001 (An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to  ...)
-	TODO: check
+	NOT-FOR-US: Egerie Risk Manager
 CVE-2023-27000 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...)
 	NOT-FOR-US: NetScoutnGeniusOne
 CVE-2023-26999 (An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker ...)
@@ -61193,7 +61193,7 @@ CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered u
 CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...)
 	NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
 CVE-2023-25365 (Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2023-25364
 	RESERVED
 CVE-2023-25363 (A use-after-free vulnerability in WebCore::RenderLayer::updateDescenda ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b3a5ce1c8545722c8dc7d5bb50c267b3af3f6cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b3a5ce1c8545722c8dc7d5bb50c267b3af3f6cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240209/f0b09291/attachment.htm>

More information about the debian-security-tracker-commits mailing list