[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 11 13:35:48 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
611c42fa by Moritz Muehlenhoff at 2024-09-11T14:35:30+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,7 +59,7 @@ CVE-2024-40652 (In onCreate of SettingsHomepageActivity.java, there is a possibl
 CVE-2024-40650 (In wifi_item_edit_content of styles.xml , there is a possible FRP bypa ...)
 	TODO: check
 CVE-2024-3899 (The Gallery Plugin for WordPress  WordPress plugin before 1.8.15 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39808 (Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000  ...)
 	TODO: check
 CVE-2024-31336 (Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severi ...)
@@ -73,7 +73,7 @@ CVE-2024-23716 (In DevmemIntPFNotify of devicemem_server.c, there is a possible
 CVE-2024-21529 (Versions of the package dset before 3.1.4 are vulnerable to Prototype  ...)
 	TODO: check
 CVE-2024-1656 (Affected versions of Octopus Server had a weak content security policy ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2024-8096 [OCSP stapling bypass with GnuTLS]
 	- curl <unfixed>
 	[bookworm] - curl <no-dsa> (Minor issue)
@@ -556,7 +556,7 @@ CVE-2024-38270 (An insufficient entropy vulnerability caused by the improper use
 CVE-2024-27365 (An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, ...)
 	NOT-FOR-US: Samsung
 CVE-2024-21528 (All versions of the package node-gettext are vulnerable to Prototype P ...)
-	TODO: check
+	NOT-FOR-US: Node gettext (different from src:node-gettext.js)
 CVE-2024-0067 (Marinus Pfund, member of the AXIS OS Bug Bounty Program,  has found th ...)
 	NOT-FOR-US: Axis
 CVE-2024-8605 (A vulnerability classified as problematic was found in code-projects I ...)
@@ -106745,9 +106745,9 @@ CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) co
 CVE-2023-30757 (A vulnerability has been identified in Totally Integrated Automation P ...)
 	NOT-FOR-US: Siemens
 CVE-2023-30756 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-30755 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-30754 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chu ...)
@@ -112551,7 +112551,7 @@ CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V
 CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
 	NOT-FOR-US: Siemens
 CVE-2023-28827 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-28379 (A memory corruption vulnerability exists in the HTTP Server form bound ...)
 	NOT-FOR-US: Weston Embedded uC-HTTP
 CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the vpnserver Wpc ...)
@@ -141828,7 +141828,7 @@ CVE-2022-45858 (A use of a weak cryptographic algorithm vulnerability [CWE-327]
 CVE-2022-45857 (An incorrect user management vulnerability [CWE-286] in the FortiManag ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-45856 (An improper certificate validation vulnerability [CWE-295] in FortiCli ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2022-45855 (SpringEL injection in the metrics source in Apache Ambari version 2.7. ...)
 	NOT-FOR-US: Apache Ambari
 CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/611c42faa5d754bb4c6efbc5d27bbd6eb78b0088

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/611c42faa5d754bb4c6efbc5d27bbd6eb78b0088
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240911/deeaa783/attachment.htm>

More information about the debian-security-tracker-commits mailing list