[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 16 21:37:59 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b599a2cb by Salvatore Bonaccorso at 2024-09-16T22:37:36+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28,21 +28,20 @@ CVE-2024-45801 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer
 	NOTE: Fixed by: https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.1.3)
 	NOTE: Fixed by: https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.5.3)
 CVE-2024-45800 (Snappymail is an open source web-based email client. SnappyMail uses t ...)
-	TODO: check
 CVE-2024-45799 (FluxCP is a web-based Control Panel for rAthena servers written in PHP ...)
-	TODO: check
+	NOT-FOR-US: rAthena FluxCP
 CVE-2024-44623 (An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: TuomoKu SPx-GC
 CVE-2024-44445 (An issue was discovered in BSC Smart Contract 0x0506e571aba3dd4c9d71be ...)
-	TODO: check
+	NOT-FOR-US: BSC Smart Contract
 CVE-2024-42798 (An Incorrect Access Control vulnerability was found in /music/index.ph ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42796 (An Incorrect Access Control vulnerability was found in /music/ajax.php ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42795 (An Incorrect Access Control vulnerability was found in /music/view_use ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42794 (Kashipara Music Management System v1.0 is vulnerable to Incorrect Acce ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Music Management System
 CVE-2024-39910 (decidim is a Free Open-Source participatory democracy, citizen partici ...)
 	TODO: check
 CVE-2024-39772 (Mattermost Desktop App versions <=5.8.0 fail to safeguard screen captu ...)
@@ -50,47 +49,47 @@ CVE-2024-39772 (Mattermost Desktop App versions <=5.8.0 fail to safeguard screen
 CVE-2024-38315 (IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session a ...)
 	NOT-FOR-US: IBM
 CVE-2024-36261 (Improper access control in Intel(R) RAID Web Console software all vers ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-36247 (Improper access control in Intel(R) RAID Web Console all versions may  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-34545 (Improper input validation in some Intel(R) RAID Web Console software a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-34543 (Improper access control in Intel(R) RAID Web Console software for all  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-34153 (Uncontrolled search path element in Intel(R) RAID Web Console software ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-34016 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis Cyber Protect Cloud Agent (Windows)
 CVE-2024-33848 (Uncaught exception in Intel(R) RAID Web Console software all versions  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-32940 (Improper access control in Intel(R) RAID Web Console software for all  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-32666 (NULL pointer dereference in Intel(R) RAID Web Console software for all ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-32034 (decidim is a Free Open-Source participatory democracy, citizen partici ...)
 	TODO: check
 CVE-2024-28170 (Improper access control in Intel(R) RAID Web Console all versions may  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-23599 (Race condition in Seamless Firmware Updates for some Intel(R) referenc ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-22013 (U-Boot environment is read from unauthenticated partition.)
 	TODO: check
 CVE-2024-21871 (Improper input validation in UEFI firmware for some Intel(R) Processor ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-21829 (Improper input validation in UEFI firmware error handler for some Inte ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-21781 (Improper input validation in UEFI firmware for some Intel(R) Processor ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-45854 (A Business Logic vulnerability in Shopkit 1.0 allows an attacker to ad ...)
-	TODO: check
+	NOT-FOR-US: Shopkit
 CVE-2023-43753 (Improper conditions check in some Intel(R) Processors with Intel(R) SG ...)
 	TODO: check
 CVE-2023-43626 (Improper access control in UEFI firmware for some Intel(R) Processors  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-42772 (Untrusted pointer dereference in UEFI firmware for some Intel(R) refer ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-41833 (A race condition in UEFI firmware for some Intel(R) processors may all ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-XXXX [Integer Overflow to Buffer Overflow vulnerability in "string_free_split" functions]
 	- weechat <unfixed> (bug #1081942)
 	[bookworm] - weechat <no-dsa> (Minor issue)
@@ -122541,9 +122540,9 @@ CVE-2023-25933 (A type confusion bug in TypedArray prior to commit e6ed9c1a4b02d
 CVE-2023-25756 (Out-of-bounds read in the BIOS firmware for some Intel(R) Processors m ...)
 	NOT-FOR-US: Intel
 CVE-2023-25546 (Out-of-bounds read in UEFI firmware for some Intel(R) Processors may a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-23904 (NULL pointer dereference in the UEFI firmware for some Intel(R) Proces ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android application b ...)
 	NOT-FOR-US: Intel
 CVE-2023-22449 (Improper input validation in some Intel(R) NUC BIOS firmware may allow ...)
@@ -122553,7 +122552,7 @@ CVE-2023-22444 (Improper initialization in some Intel(R) NUC 13 Extreme Compute
 CVE-2023-22356 (Improper initialization in some Intel(R) NUC BIOS firmware may allow a ...)
 	NOT-FOR-US: Intel
 CVE-2023-22351 (Out-of-bounds write in UEFI firmware for some Intel(R) Processors may  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS firmware may a ...)
 	NOT-FOR-US: Intel
 CVE-2023-22329 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b599a2cb91e113f1e4ffe373a5563d18e066ced0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b599a2cb91e113f1e4ffe373a5563d18e066ced0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240916/66a69ad2/attachment.htm>

More information about the debian-security-tracker-commits mailing list