[Git][security-tracker-team/security-tracker][master] NFUs

Sun Nov 10 20:03:28 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c89cf818 by Moritz Muehlenhoff at 2024-11-10T21:03:08+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1305,7 +1305,7 @@ CVE-2024-6626 (The EleForms \u2013 All In One Form Integration including DB for
 CVE-2024-52043 (Generation of Error Message Containing Sensitive Informationin HumHub  ...)
 	NOT-FOR-US: HumHub
 CVE-2024-51756 (The cap-std project is organized around the eponymous `cap-std` crate, ...)
-	TODO: check
+	NOT-FOR-US: Rust crate cap-std
 CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's file ...)
 	NOT-FOR-US: wasmtime
 CVE-2024-51358 (An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to  ...)
@@ -2820,7 +2820,7 @@ CVE-2024-43933 (Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App
 CVE-2024-43930 (Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch al ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-43383 (Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.R ...)
-	TODO: check
+	NOT-FOR-US: Apache Lucene.Net.Replicator
 CVE-2024-42835 (langflow v1.0.12 was discovered to contain a remote code execution (RC ...)
 	NOT-FOR-US: langflow-ai/langflow
 CVE-2024-42515 (Glossarizer through 1.5.2 improperly tries to convert text into HTML.  ...)
@@ -3138,7 +3138,7 @@ CVE-2024-48063 (In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NO
 	NOTE: https://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
 	NOTE: Non issue as only documented to be used for internal communication:
 	NOTE: https://github.com/pytorch/pytorch/security/policy#using-distributed-features
-	TODO: should probably be rejected, similar as CVE-2024-5480 got rejected, MITRE contacted
+	NOTE: should probably be rejected, similar as CVE-2024-5480 got rejected, MITRE contacted
 CVE-2024-44081 (In Jitsi Meet before 2.0.9779, the functionality to share a video file ...)
 	- jitsi-meet <itp> (bug #760485)
 CVE-2024-44080 (In Jitsi Meet before 2.0.9779, the functionality to share an image usi ...)
@@ -6864,7 +6864,7 @@ CVE-2023-52917 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-8625 (The TS Poll  WordPress plugin before 2.4.0 does not sanitize and escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-49215 (An issue was discovered in Sangoma Asterisk through 18.20.0, 19.x and  ...)
-	TODO: seems bogus, reached out to upstream
+	NOTE: seems bogus, reached out to upstream
 CVE-2024-43689 (Stack-based buffer overflow vulnerability exists in WAB-I1750-PS and W ...)
 	NOT-FOR-US: ELECOM
 CVE-2024-10202 (Administrative Management System from Wellchoose has an OS Command Inj ...)
@@ -353190,7 +353190,7 @@ CVE-2020-11923 (An issue was discovered in WiZ Colors A60 1.14.0. API credential
 CVE-2020-11922 (An issue was discovered in WiZ Colors A60 1.14.0. The device sends unn ...)
 	NOT-FOR-US: WiZ Colors A60
 CVE-2020-11921 (An issue was discovered in Lush 2 through 2020-02-25. Due to the lack  ...)
-	TODO: check
+	NOT-FOR-US: Lush 2
 CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
 	NOT-FOR-US: Svakom Siime Eye
 CVE-2020-11919 (An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c89cf8180c2bf702044908fce693878a5db78073

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c89cf8180c2bf702044908fce693878a5db78073
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241110/4ba0a7e5/attachment.htm>
