[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 17 21:49:45 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bcf0d3bc by Salvatore Bonaccorso at 2024-06-17T22:49:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,17 +31,17 @@ CVE-2024-37902 (DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framewo
 CVE-2024-37896 (Gin-vue-admin is a backstage management system based on vue and gin. G ...)
 	TODO: check
 CVE-2024-37895 (Lobe Chat is an open-source LLMs/AI chat framework. In affected versio ...)
-	TODO: check
+	NOT-FOR-US: Lobe Chat
 CVE-2024-37893 (Firefly III is a free and open source personal finance manager. In aff ...)
-	TODO: check
+	NOT-FOR-US: Firefly
 CVE-2024-37891 (urllib3 is a user-friendly HTTP client library for Python. When using  ...)
 	TODO: check
 CVE-2024-37890 (ws is an open source WebSocket client and server for Node.js. A reques ...)
 	TODO: check
 CVE-2024-37848 (SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 al ...)
-	TODO: check
+	NOT-FOR-US: Online-Bookstore-Project-In-PHP
 CVE-2024-37840 (SQL injection vulnerability in processscore.php in Itsourcecode Learni ...)
-	TODO: check
+	NOT-FOR-US: Itsourcecode Learning Management System Project In PHP With Source Code
 CVE-2024-37795 (A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a ...)
 	TODO: check
 CVE-2024-37794 (Improper input validation in CVC5 Solver v1.1.3 allows attackers to ca ...)
@@ -51,23 +51,23 @@ CVE-2024-37664 (Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking
 CVE-2024-37663 (Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect messag ...)
 	TODO: check
 CVE-2024-37662 (TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attac ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2024-37661 (TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect messa ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2024-37625 (zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site ...)
-	TODO: check
+	NOT-FOR-US: zhimengzhe iBarn
 CVE-2024-37624 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...)
-	TODO: check
+	NOT-FOR-US: Xinhu RockOA
 CVE-2024-37623 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...)
-	TODO: check
+	NOT-FOR-US: Xinhu RockOA
 CVE-2024-37622 (Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site s ...)
-	TODO: check
+	NOT-FOR-US: Xinhu RockOA
 CVE-2024-37621 (StrongShop v1.0 was discovered to contain a Server-Side Template Injec ...)
-	TODO: check
+	NOT-FOR-US: StrongShop
 CVE-2024-37620 (PHPVOD v4.0 was discovered to contain a reflected cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: PHPVOD
 CVE-2024-37619 (StrongShop v1.0 was discovered to contain a reflected cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: StrongShop
 CVE-2024-37305 (oqs-provider is a provider for the OpenSSL 3 cryptography library that ...)
 	TODO: check
 CVE-2024-37159 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...)
@@ -172,7 +172,7 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in situ
 	[buster] - global <postponed> (Minor issue, -d/dbpath unlikely to be untrusted)
 	NOTE: https://lists.gnu.org/archive/html/bug-global/2024-05/msg00009.html
 CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3 ...)
-	TODO: check
+	NOT-FOR-US: The Algorithms - C
 CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...)
 	TODO: check
 CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcf0d3bc0f37d85d4082c4c79eb6ed9ca2d00ffd

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcf0d3bc0f37d85d4082c4c79eb6ed9ca2d00ffd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240617/4f560897/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list