[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 5 13:25:02 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18239b5e by Moritz Muehlenhoff at 2024-06-05T14:24:33+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -776,7 +776,7 @@ CVE-2024-31907 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-
 CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site s ...)
 	NOT-FOR-US: IBM
 CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote  ...)
-	TODO: check
+	NOT-FOR-US: FreeCoAP
 CVE-2024-29848 (An unrestricted file upload vulnerability in web component of Ivanti A ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
@@ -939,7 +939,7 @@ CVE-2024-4355 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Ant
 CVE-2024-4330 (A path traversal vulnerability was identified in the parisneo/lollms-w ...)
 	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-3924 (A code injection vulnerability exists in the huggingface/text-generati ...)
-	TODO: check
+	NOT-FOR-US: huggingface/text-generation-inference
 CVE-2024-3584 (qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to ...)
 	NOT-FOR-US: qdrant
 CVE-2024-3583 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...)
@@ -951,7 +951,7 @@ CVE-2024-3300 (An unsafe .NET object deserialization vulnerability in DELMIA Apr
 CVE-2024-36118 (MeterSphere is a test management and interface testing tool. In affect ...)
 	NOT-FOR-US: MeterSphere
 CVE-2024-35504 (A cross-site scripting (XSS) vulnerability in the login page of FineSo ...)
-	TODO: check
+	NOT-FOR-US: FineSoft
 CVE-2024-35469 (A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Re ...)
 	NOT-FOR-US: SourceCodester Human Resource Management System
 CVE-2024-35468 (A SQL injection vulnerability in /hrm/index.php in SourceCodester Huma ...)
@@ -1466,7 +1466,7 @@ CVE-2024-3063 (The WPB Elementor Addons plugin for WordPress is vulnerable to St
 CVE-2024-36267 (Path traversal vulnerability exists in Redmine DMSF Plugin versions pr ...)
 	NOT-FOR-US: Redmine DMSF Plugin
 CVE-2024-36114 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...)
-	TODO: check
+	NOT-FOR-US: Aircompressor
 CVE-2024-35221 (Rubygems.org is the Ruby community's gem hosting service. A Gem publis ...)
 	NOT-FOR-US: Rubygems.org gem hosting service
 CVE-2024-2253 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...)
@@ -1521,7 +1521,7 @@ CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.8.12-1
 	NOTE: https://git.kernel.org/linus/47388e807f85948eefc403a8a5fdc5b406a65d5a (6.10-rc1)
 CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Service ( ...)
-	TODO: check
+	NOT-FOR-US: hmq
 CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...)
 	NOT-FOR-US: Cesenta Mongoose
 CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow ...)
@@ -1531,7 +1531,7 @@ CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer ov
 	NOTE: Fixed by: https://github.com/irontec/sngrep/commit/da80ced1e3cf6321f748b08e145a829bcc3c90e5
 	NOTE: Crash in CLI tool, no security impact
 CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset_decl  ...)
-	TODO: check
+	NOT-FOR-US: html2xhtml
 CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...)
 	NOT-FOR-US: Yubico YubiKey
 CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
@@ -168524,19 +168524,19 @@ CVE-2022-28660 (The querier component in Grafana Enterprise Logs 1.1.x through 1
 CVE-2022-28659
 	RESERVED
 CVE-2022-28658 (Apport argument parsing mishandles filename splitting on older kernels ...)
-	TODO: check
+	NOT-FOR-US: Apport
 CVE-2022-28657 (Apport does not disable python crash handler before entering chroot)
-	TODO: check
+	NOT-FOR-US: Apport
 CVE-2022-28656 (is_closing_session() allows users to consume RAM in the Apport process)
-	TODO: check
+	NOT-FOR-US: Apport
 CVE-2022-28655 (is_closing_session() allows users to create arbitrary tcp dbus connect ...)
-	TODO: check
+	NOT-FOR-US: Apport
 CVE-2022-28654 (is_closing_session() allows users to fill up apport.log)
-	TODO: check
+	NOT-FOR-US: Apport
 CVE-2022-28653
 	RESERVED
 CVE-2022-28652 (~/.config/apport/settings parsing is vulnerable to "billion laughs" at ...)
-	TODO: check
+	NOT-FOR-US: Apport
 CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...)
 	NOT-FOR-US: livehelperchat
 CVE-2022-1234 (XSS in livehelperchat in GitHub repository livehelperchat/livehelperch ...)
@@ -194993,7 +194993,7 @@ CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it
 	NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
 	NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x)
 CVE-2021-44534 (Insufficient user input filtering leads to arbitrary file read by non- ...)
-	TODO: check
+	NOT-FOR-US: ExpressionEngine
 CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle m ...)
 	{DSA-5170-1}
 	- nodejs 12.22.9~dfsg-1 (bug #1004177)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18239b5ebe40d6af7f677a8cfb422f17f6f7aa51

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18239b5ebe40d6af7f677a8cfb422f17f6f7aa51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240605/b60d0578/attachment.htm>

More information about the debian-security-tracker-commits mailing list