[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 28 08:28:26 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
805ecc5a by Moritz Muehlenhoff at 2024-02-28T09:28:03+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -203,7 +203,7 @@ CVE-2020-36776 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-27508 (Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/cryp ...)
 	TODO: check
 CVE-2024-27507 (libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2l ...)
-	TODO: check
+	- liblas <removed>
 CVE-2024-27099 (The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Ser ...)
 	TODO: check
 CVE-2024-26473 (A reflected cross-site scripting (XSS) vulnerability in SocialMediaWeb ...)
@@ -235,15 +235,15 @@ CVE-2024-25841 (In the module "So Flexibilite" (soflexibilite) from Common-Servi
 CVE-2024-25840 (In the module "Account Manager | Sales Representative & Dealers | CRM" ...)
 	NOT-FOR-US: PrestaShop module
 CVE-2024-25723 (ZenML Server in the ZenML machine learning package before 0.46.7 for P ...)
-	TODO: check
+	NOT-FOR-US: ZenML
 CVE-2024-25400 (Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.ph ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2024-25399 (Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via admi ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2024-25398 (In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted n ...)
-	TODO: check
+	NOT-FOR-US: Srelay
 CVE-2024-24323 (SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a re ...)
-	TODO: check
+	NOT-FOR-US: linlinjava litemall
 CVE-2024-22251 (VMware Workstation and Fusion contain an out-of-bounds read vulnerabil ...)
 	NOT-FOR-US: VMware
 CVE-2024-21742 (Improper input validation allows for header injection in MIME4J librar ...)
@@ -402,7 +402,7 @@ CVE-2024-1686 (The Thank You Page Customizer for WooCommerce \u2013 Increase You
 CVE-2024-1323 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0759 (Should an instance of AnythingLLM be hosted on an internal network and ...)
-	TODO: check
+	NOT-FOR-US: anythingllm
 CVE-2023-7033 (Insufficient Resource Pool vulnerability in Ethernet function of Mitsu ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2023-41506 (An arbitrary file upload vulnerability in the Update/Edit Student's Pr ...)
@@ -567,13 +567,13 @@ CVE-2024-27084
 CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security misconfi ...)
 	NOT-FOR-US: ESPHome
 CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the component  ...)
-	TODO: check
+	NOT-FOR-US: urlpages
 CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the component  ...)
-	TODO: check
+	NOT-FOR-US: tabatkins/railroad-diagrams
 CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the component  ...)
-	TODO: check
+	NOT-FOR-US: web-platform-tests/wpt
 CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the component  ...)
-	TODO: check
+	NOT-FOR-US: beep.js
 CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
 	- krb5 <unfixed>
 	NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
@@ -681,9 +681,9 @@ CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion Prev
 	NOTE: https://github.com/OISF/suricata/commit/b0d762d2675a2441b74e039d54bfa5b050641f8e (suricata-7.0.3)
 	NOTE: https://github.com/OISF/suricata/commit/61a32360eba3c032de51029a05515ab46690286f (suricata-7.0.3)
 CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	TODO: check
+	NOT-FOR-US: llama.cpp
 CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	TODO: check
+	NOT-FOR-US: llama.cpp
 CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...)
 	NOT-FOR-US: Tencent Blueking CMDB
 CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...)
@@ -691,13 +691,13 @@ CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 S
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
 	NOTE: https://github.com/jetty/jetty.project/issues/11256
 CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	TODO: check
+	NOT-FOR-US: llama.cpp
 CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	TODO: check
+	NOT-FOR-US: llama.cpp
 CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF library  ...)
-	TODO: check
+	NOT-FOR-US: llama.cpp
 CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <= 2.1.0 coul ...)
-	TODO: check
+	NOT-FOR-US: Showdownjs
 CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link to an au ...)
 	NOT-FOR-US: Sunny WebBox firmware
 CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster Controller, af ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/805ecc5ab40b7e9f61a44d3d639d0599e76eaaf7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/805ecc5ab40b7e9f61a44d3d639d0599e76eaaf7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240228/7c28b4ae/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list