[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 26 20:47:22 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72f09de9 by Salvatore Bonaccorso at 2024-02-26T21:46:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,42 +33,42 @@ CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src
 	NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
 	NOTE: check, unclear upstream report status
 CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...)
-	TODO: check
+	NOT-FOR-US: Fluent Bit
 CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability in SYSBA ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25913 (Unrestricted Upload of File with Dangerous Type vulnerability in Skymo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability in JoomU ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/src/act ...)
 	- ming <removed>
 CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...)
 	- opendmarc <unfixed>
 	NOTE: https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md
 CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/s ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c ...)
 	TODO: check
 CVE-2024-25760 (yasm 1.3.0 contains a memory leak via /yasm/tools/genmacro/genmacro.c.)
 	TODO: check
 CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dan ...)
-	TODO: check
+	NOT-FOR-US: flusity-CMS
 CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit v.43248 ...)
-	TODO: check
+	NOT-FOR-US: ITFlow.org
 CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command injection via  ...)
 	TODO: check
 CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command injection via  ...)
 	TODO: check
 CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability in bPlug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	TODO: check
 CVE-2024-24528
 	REJECTED
 CVE-2024-24402 (An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate p ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote att ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	TODO: check
 CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...)
@@ -82,7 +82,7 @@ CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF li
 CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
 	TODO: check
 CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...)
-	TODO: check
+	NOT-FOR-US: Tencent Blueking CMDB
 CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...)
 	TODO: check
 CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
@@ -94,21 +94,21 @@ CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF li
 CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <= 2.1.0 coul ...)
 	TODO: check
 CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link to an au ...)
-	TODO: check
+	NOT-FOR-US: Sunny WebBox firmware
 CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster Controller, af ...)
-	TODO: check
+	NOT-FOR-US: SMA Cluster Controller
 CVE-2024-1622 (Due to a mistake in error checking, Routinator will terminate when an  ...)
 	TODO: check
 CVE-2024-1436 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0387 (The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding  ...)
-	TODO: check
+	NOT-FOR-US: EDS-4000/G4000 Series
 CVE-2023-49960 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vuln ...)
-	TODO: check
+	NOT-FOR-US: Indo-Sol PROFINET-INspektor NT
 CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection v ...)
-	TODO: check
+	NOT-FOR-US: Indo-Sol PROFINET-INspektor NT
 CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify VMS Client ...)
-	TODO: check
+	NOT-FOR-US: Qognify VMS Client Viewer
 CVE-2023-51518
 	NOT-FOR-US: Apache James
 CVE-2023-52474 (In the Linux kernel, the following vulnerability has been resolved:  I ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f09de9ef9f7bd1306091078fe6bdd7facbf808

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f09de9ef9f7bd1306091078fe6bdd7facbf808
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240226/9d558de2/attachment.htm>

More information about the debian-security-tracker-commits mailing list