[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 14 15:19:38 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60931f05 by Moritz Muehlenhoff at 2024-02-14T16:12:11+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -671,7 +671,7 @@ CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage wik
 CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an executables. Any ...)
-	TODO: check
+	NOT-FOR-US: Node pkg
 CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -695,7 +695,7 @@ CVE-2024-23323 (Envoy is a high-performance edge/middle/service proxy. The regex
 CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy will cras ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framework wri ...)
-	TODO: check
+	NOT-FOR-US: nonebot2
 CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...)
 	- angular.js <unfixed>
 	[buster] - angular.js <postponed> (Fix along with the next DLA)
@@ -730,7 +730,7 @@ CVE-2024-25711 (diffoscope before 256 allows directory traversal via an embedded
 	NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
 	NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476 (256)
 CVE-2024-25679 (In PQUIC before 5bde5bb, retention of unused initial encryption keys a ...)
-	TODO: check
+	NOT-FOR-US: pquic
 CVE-2024-25678 (In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mi ...)
 	NOT-FOR-US: LiteSpeed QUIC (LSQUIC) Library
 CVE-2024-25677 (In Min before 1.31.0, local files are not correctly treated as unique  ...)
@@ -1861,7 +1861,7 @@ CVE-2024-22202 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and
 CVE-2024-1225 (A vulnerability classified as critical was found in QiboSoft QiboCMS X ...)
 	NOT-FOR-US: QiboSoft QiboCMS X1
 CVE-2024-0953 (When a user scans a QR Code with the QR Code Scanner feature, the user ...)
-	TODO: check
+	- firefox <not-affected> (Only affects Firefox for iOS)
 CVE-2024-0323 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R  ...)
 	NOT-FOR-US: B&R Industrial Automation Automation Runtime (SDM modules)
 CVE-2023-7216 (A path traversal vulnerability was found in the CPIO utility. This iss ...)
@@ -54155,7 +54155,7 @@ CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows malicio
 CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version < 14 allo ...)
 	NOT-FOR-US: HCL
 CVE-2023-28018 (HCL Connections is vulnerable to a denial of service, caused by improp ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack where a ...)
 	NOT-FOR-US: HCL
 CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...)
@@ -58074,7 +58074,7 @@ CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable t
 CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesys ...)
 	NOT-FOR-US: Syncfusion
 CVE-2023-26562 (In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2 ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2023-26561
 	RESERVED
 CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of aut ...)
@@ -61575,7 +61575,7 @@ CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell
 CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive informati ...)
 	NOT-FOR-US: Dell
 CVE-2023-25535 (Dell SupportAssist for Home PCs Installer Executable file version prio ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-22660 (A heap-based buffer overflow vulnerability exists in the way Ichitaro  ...)
 	NOT-FOR-US: Ichitaro
 CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored  ...)
@@ -87448,7 +87448,7 @@ CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially
 	NOTE: https://xenbits.xen.org/xsa/advisory-439.html
 	NOTE: https://github.com/xen-project/xen/commit/d7b78041dc819efde0350f27754a61cb01a93496
 CVE-2023-20587 (Improper Access Control in System Management Mode (SMM) may allow an a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software Crimso ...)
 	NOT-FOR-US: AMD
 CVE-2023-20585
@@ -87464,7 +87464,7 @@ CVE-2023-20581
 CVE-2023-20580
 	RESERVED
 CVE-2023-20579 (Improper Access Control in the AMD SPI protection feature may allow a  ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20578
 	RESERVED
 CVE-2023-20577
@@ -87482,7 +87482,7 @@ CVE-2023-20572
 CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...)
 	NOT-FOR-US: AMD
 CVE-2023-20570 (Insufficient verification of data authenticity in the configuration st ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...)
 	{DSA-5475-1 DLA-3525-1}
 	- amd64-microcode 3.20230719.1
@@ -132731,7 +132731,7 @@ CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution
 CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD Secure  ...)
 	NOT-FOR-US: AMD
 CVE-2021-46757 (Insufficient checking of memory buffer in ASP Secure OS may allow an a ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...)
 	NOT-FOR-US: AMD
 CVE-2021-46755 (Failure to unmap certain SysHub mappings in error paths of the ASP (AM ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60931f05cbec4f129bde22e7b66dd9045f87f877

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60931f05cbec4f129bde22e7b66dd9045f87f877
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240214/0c24a074/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list