[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 30 21:41:16 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0427fa32 by Salvatore Bonaccorso at 2024-07-30T22:40:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2024-5249 (In versions of Akana API Platform prior to 2024.1.0, SAML tokens
 CVE-2024-4188 (Unprotected Transport of Credentials vulnerability in OpenText\u2122 D ...)
 	NOT-FOR-US: OpenText Documentum Server
 CVE-2024-41945 (fuels-ts is a library for interacting with Fuel v2.  The typescript SD ...)
-	TODO: check
+	NOT-FOR-US: fuels-ts
 CVE-2024-41944 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
 	NOT-FOR-US: Xibo
 CVE-2024-41943 (I, Librarian is an open-source version of a PDF managing SaaS. PDF not ...)
@@ -55,15 +55,15 @@ CVE-2024-41611 (In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet ser
 CVE-2024-41610 (D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded cr ...)
 	NOT-FOR-US: D-Link
 CVE-2024-41443 (A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of  ...)
-	TODO: check
+	NOT-FOR-US: hicolor
 CVE-2024-41440 (A heap buffer overflow in the function png_quantize() of hicolor v0.5. ...)
-	TODO: check
+	NOT-FOR-US: hicolor
 CVE-2024-41439 (A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) ...)
-	TODO: check
+	NOT-FOR-US: hicolor
 CVE-2024-41438 (A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h ...)
-	TODO: check
+	NOT-FOR-US: hicolor
 CVE-2024-41437 (A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png ...)
-	TODO: check
+	NOT-FOR-US: hicolor
 CVE-2024-41305 (A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS  ...)
 	NOT-FOR-US: WonderCMS
 CVE-2024-41304 (An arbitrary file upload vulnerability in the uploadFileAction() funct ...)
@@ -79,35 +79,35 @@ CVE-2024-3930 (In versions of Akana API Platform prior to 2024.1.0a flaw resulti
 CVE-2024-39320 (Discourse is an open source discussion platform. Prior to 3.2.5 and 3. ...)
 	NOT-FOR-US: Discourse
 CVE-2024-39012 (ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollut ...)
-	TODO: check
+	NOT-FOR-US: ais-ltd strategyen
 CVE-2024-39011 (Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: chargeover redoc
 CVE-2024-39010 (chase-moskal snapstate v0.0.9 was discovered to contain a prototype po ...)
-	TODO: check
+	NOT-FOR-US: chase-moskal snapstate
 CVE-2024-38986 (Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execu ...)
 	NOT-FOR-US: 75lb deep-merge
 CVE-2024-38984 (Prototype Pollution in lukebond json-override 0.2.0 allows attackers t ...)
-	TODO: check
+	NOT-FOR-US: lukebond json-override
 CVE-2024-38909 (Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. C ...)
 	NOT-FOR-US: Studio 42 elFinder
 CVE-2024-38432 (MatrixTafnit v8   -     CWE-646: Reliance on File Name or Extension of ...)
-	TODO: check
+	NOT-FOR-US: Matrix Tafnit
 CVE-2024-38431 (MatrixTafnit v8   -   CWE-204: Observable Response Discrepancy)
-	TODO: check
+	NOT-FOR-US: Matrix Tafnit
 CVE-2024-38430 (Matrix - CWE-79: Improper Neutralization of Input During Web Page Gene ...)
-	TODO: check
+	NOT-FOR-US: Matrix Tafnit
 CVE-2024-38429 (MatrixTafnit v8   - CWE-552: Files or Directories Accessible to Extern ...)
-	TODO: check
+	NOT-FOR-US: Matrix Tafnit
 CVE-2024-37299 (Discourse is an open source discussion platform. Prior to 3.2.5 and 3. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-37165 (Discourse is an open source discussion platform. Prior to 3.2.3 and 3. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-36572 (Prototype pollution in allpro form-manager 0.7.4 allows attackers to r ...)
-	TODO: check
+	NOT-FOR-US: allpro form-manager
 CVE-2024-23091 (Weak password hashing using MD5 in funzioni.php in HotelDruid before 1 ...)
 	TODO: check
 CVE-2023-48396 (Web Authentication vulnerability in Apache SeaTunnel.Since the jwt key ...)
-	TODO: check
+	NOT-FOR-US: Apache SeaTunnel
 CVE-2023-38001 (IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forg ...)
 	NOT-FOR-US: IBM
 CVE-2023-33976 (TensorFlow is an end-to-end open source platform for machine learning. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0427fa327f2560b3956a7ba7b0d9b1103b999e90

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0427fa327f2560b3956a7ba7b0d9b1103b999e90
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240730/8f0593bb/attachment.htm>

More information about the debian-security-tracker-commits mailing list