[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 3 20:22:40 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7aa3c240 by Salvatore Bonaccorso at 2024-01-03T21:22:07+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by a cross-site scri
 	- tinymce <removed>
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39
 CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of ...)
-	TODO: check
+	NOT-FOR-US: PeterO.Cbor
 CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-site scri ...)
 	- tinymce <removed>
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg
@@ -16,19 +16,19 @@ CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In
 CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...)
 	TODO: check
 CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...)
 	TODO: check
 CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6984 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-5881 (Unauthenticated access permitted to web interface page The Genie Compa ...)
 	TODO: check
 CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrofit-Ki ...)
@@ -36,39 +36,39 @@ CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrof
 CVE-2023-5879 (Users\u2019 product account authentication data was stored in clear te ...)
 	TODO: check
 CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in convert_shape_com ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before 2.6.0. Th ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52312 (Nullptr dereference in paddle.cropin PaddlePaddle before 2.6.0. This f ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52311 (PaddlePaddle before 2.6.0 has a command injection in _wget_download. T ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52310 (PaddlePaddle before 2.6.0 has a command injection in get_online_pass_i ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52309 (Heap buffer overflow in paddle.repeat_interleavein PaddlePaddle before ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52308 (FPE in paddle.aminin PaddlePaddle before 2.6.0. This flaw can cause a  ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52307 (Stack overflow in paddle.linalg.lu_unpackin PaddlePaddle before 2.6.0. ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52306 (FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can cause a  ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52305 (FPE in paddle.topkin PaddlePaddle before 2.6.0. This flaw can cause a  ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52304 (Stack overflow in paddle.searchsortedin PaddlePaddle before 2.6.0. Thi ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52303 (Nullptr in paddle.put_along_axisin PaddlePaddle before 2.6.0. This fla ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This flaw can ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers ca ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet devices
 CVE-2023-50253 (Laf is a cloud development platform. In the Laf version design, the lo ...)
 	TODO: check
 CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7
 CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7
 CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile method of ure ...)
 	TODO: check
 CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box ...)
@@ -84,23 +84,23 @@ CVE-2023-46739 (CubeFS is an open-source cloud-native file storage system. A vul
 CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A security  ...)
 	TODO: check
 CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send cra ...)
-	TODO: check
+	NOT-FOR-US: Tamaki_hamanoki Line
 CVE-2023-39655 (A host header injection vulnerability exists in the NPM package @perfo ...)
 	TODO: check
 CVE-2023-38678 (OOB access in paddle.modein PaddlePaddle before 2.6.0. This flaw can c ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-38677 (FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can c ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-38676 (Nullptr in paddle.dotin PaddlePaddle before 2.6.0. This flaw can cause ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-38675 (FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This fl ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-38674 (FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can ca ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-37608 (An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows ...)
-	TODO: check
+	NOT-FOR-US: Automatic Systems SOC FL9600 FastLine v.lego_T04E00
 CVE-2023-37607 (Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E ...)
-	TODO: check
+	NOT-FOR-US: Automatic-Systems SOC FL9600 FastLine lego_T04E00
 CVE-2023-51785 (Deserialization of Untrusted Data vulnerability in Apache InLong.This  ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-51784 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa3c2407b793a30f89584794109f2b6c483682f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa3c2407b793a30f89584794109f2b6c483682f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240103/bd089932/attachment.htm>

More information about the debian-security-tracker-commits mailing list