[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 23 10:24:13 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ced7c8d by Moritz Muehlenhoff at 2024-02-23T11:23:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -691,13 +691,13 @@ CVE-2024-25260 (elfutils v0.189 was discovered to contain a NULL pointer derefer
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=373f5212677235fc3ca6068b887111554790f944
 	NOTE: Crash in CLI tool, considered only to be a normal bug by upstream
 CVE-2024-25199 (Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node. ...)
-	TODO: check
+	NOT-FOR-US: ROS2 Navigation Framework and System
 CVE-2024-25198 (Inappropriate pointer order of laser_scan_filter_.reset() and tf_liste ...)
-	TODO: check
+	NOT-FOR-US: ROS2 Navigation Framework and System
 CVE-2024-25197 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...)
-	TODO: check
+	NOT-FOR-US: ROS2 Navigation Framework and System
 CVE-2024-25196 (Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versi ...)
-	TODO: check
+	NOT-FOR-US: ROS2 Navigation Framework and System
 CVE-2024-25150 (Information disclosure vulnerability in the Control Panel in Liferay P ...)
 	NOT-FOR-US: Liferay
 CVE-2024-24794 (A use-after-free vulnerability exists in the DICOM Element Parsing as  ...)
@@ -927,7 +927,7 @@ CVE-2024-1172 (The Essential Addons for Elementor \u2013 Best Elementor Template
 CVE-2024-1171 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ service may ...)
-	TODO: check
+	NOT-FOR-US: NI SystemLink server
 CVE-2024-1155 (Incorrect permissions in the installation directories for shared Syste ...)
 	NOT-FOR-US: Silabs
 CVE-2024-1133 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
@@ -1003,11 +1003,11 @@ CVE-2024-0407 (Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers
 CVE-2024-0379 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7245 (The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3. ...)
-	TODO: check
+	NOT-FOR-US: OpenVPN Connect
 CVE-2023-6923 (The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6881 (Possible buffer overflow in is_mount_point)
-	TODO: check
+	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-6806 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6565 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive  ...)
@@ -1054,15 +1054,15 @@ CVE-2023-47635 (Decidim is a participatory democracy framework. Starting in vers
 CVE-2023-47634 (Decidim is a participatory democracy framework. Starting in version 0. ...)
 	NOT-FOR-US: Decidim
 CVE-2023-45318 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2023-42791 (A relative path traversal in Fortinet FortiManager version 7.4.0 and 7 ...)
 	NOT-FOR-US: Fortinet
 CVE-2023-39541 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2023-39540 (A denial of service vulnerability exists in the ICMP and ICMPv6 parsin ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2023-38562 (A double-free vulnerability exists in the IP header loopback parsing f ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2023-37495 (Internet passwords stored in Person documents in the Domino\xae Direct ...)
 	NOT-FOR-US: HCL
 CVE-2023-52434 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
@@ -1097,9 +1097,9 @@ CVE-2024-25149 (Liferay Portal 7.2.0 through 7.4.1, and older unsupported versio
 CVE-2024-22234 (In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x p ...)
 	- libspring-security-2.0-java <removed>
 CVE-2024-1651 (Torrentpier version 2.4.1 allows executing arbitrary commands on the s ...)
-	TODO: check
+	NOT-FOR-US: Torrentpier
 CVE-2024-1648 (electron-pdf version 20.0.0 allows an external attacker to remotely ob ...)
-	TODO: check
+	NOT-FOR-US: electron-pdf
 CVE-2024-1647 (Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtai ...)
 	TODO: check
 CVE-2024-1644 (Suite CRM version 7.14.2 allows including local php files. This is pos ...)
@@ -1111,7 +1111,7 @@ CVE-2024-1559 (The Link Library plugin for WordPress is vulnerable to Stored Cro
 CVE-2024-1510 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1297 (Loomio version 2.22.0 allows executing arbitrary commands on the serve ...)
-	TODO: check
+	NOT-FOR-US: Loomio
 CVE-2024-0715 (Expression Language Injection vulnerability in Hitachi Global Link Man ...)
 	NOT-FOR-US: Hitachi
 CVE-2023-6764 (A format string vulnerability in a function of the IPSec VPN feature i ...)
@@ -1156,13 +1156,13 @@ CVE-2024-25635 (alf.io is an open source ticket reservation system. Prior to ver
 CVE-2024-25634 (alf.io is an open source ticket reservation system. Prior to version 2 ...)
 	NOT-FOR-US: Alf.io
 CVE-2024-25626 (Yocto Project is an open source collaboration project that helps devel ...)
-	TODO: check
+	NOT-FOR-US: Yocto
 CVE-2024-25625 (Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A po ...)
 	NOT-FOR-US: Pimcore's Admin Classic Bundle
 CVE-2024-25623 (Mastodon is a free, open-source social network server based on Activit ...)
 	- mastodon <itp> (bug #859741)
 CVE-2024-1633 (During the secure boot, bl2 (the second stage of the bootloader) loops ...)
-	TODO: check
+	NOT-FOR-US: Renesas
 CVE-2024-1597 (pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if u ...)
 	- libpgjava 42.7.2-1
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ced7c8d2886c88c2a4c6686870dedb48bd7de1e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ced7c8d2886c88c2a4c6686870dedb48bd7de1e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/329e1396/attachment.htm>

More information about the debian-security-tracker-commits mailing list