[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 29 08:51:32 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
735e28e8 by Moritz Muehlenhoff at 2024-02-29T09:51:06+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,57 +3,57 @@ CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain sens
 CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker to escala ...)
 	TODO: check
 CVE-2024-26450 (Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a  ...)
-	TODO: check
+	- piwigo <removed>
 CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro Membership Mana ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2024-25868 (A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Man ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2024-25867 (A SQL Injection vulnerability in CodeAstro Membership Management Syste ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2024-25866 (A SQL Injection vulnerability in CodeAstro Membership Management Syste ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2024-25594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25579 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2024-25422 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: SEMCMS
 CVE-2024-25351 (SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGuruku ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-25350 (SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGuruku ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-25292 (Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows a ...)
-	TODO: check
+	NOT-FOR-US: RenderTune
 CVE-2024-25291 (Deskfiler v1.2.3 allows attackers to execute arbitrary code via upload ...)
-	TODO: check
+	NOT-FOR-US: Deskfiler
 CVE-2024-25098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24988 (Mattermost fails to properly validate the length of the emoji value in ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2024-24525 (An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 all ...)
-	TODO: check
+	NOT-FOR-US: EpointWebBuilder
 CVE-2024-24155 (Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, pars ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2024-24150 (A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4. ...)
-	TODO: check
+	- ming <removed>
 CVE-2024-24149 (A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4. ...)
-	TODO: check
+	- ming <removed>
 CVE-2024-24147 (A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v ...)
-	TODO: check
+	- ming <removed>
 CVE-2024-24146 (A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0. ...)
-	TODO: check
+	- ming <removed>
 CVE-2024-23910 (Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2024-23501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23493 (Mattermost fails to properly authorize the requests fetchingteam assoc ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2024-23488 (Mattermost fails to properly restrict the access of files attached to  ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2024-23302 (Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.)
 	TODO: check
 CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor Management System ...)
@@ -83,7 +83,7 @@ CVE-2024-1971 (A vulnerability has been found in Surya2Developer Online Shopping
 CVE-2024-1970 (A vulnerability, which was classified as problematic, was found in Sou ...)
 	TODO: check
 CVE-2024-1887 (Mattermost fails to check if compliance export is enabled when fetchin ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2024-1468 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...)
 	TODO: check
 CVE-2024-1437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/735e28e86b4e7b849591af3750c10a667706c722

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/735e28e86b4e7b849591af3750c10a667706c722
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240229/81dccfc3/attachment.htm>

More information about the debian-security-tracker-commits mailing list