[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 20 10:04:38 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e378b8f by Moritz Muehlenhoff at 2024-09-20T11:03:57+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -288,7 +288,7 @@ CVE-2024-45679 (Heap-based buffer overflow vulnerability in Assimp versions prio
 	NOTE: https://github.com/assimp/assimp/pull/5310
 	NOTE: https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d (v5.4.0)
 CVE-2024-45601 (Mesop is a Python-based UI framework designed for rapid web apps devel ...)
-	TODO: check
+	NOT-FOR-US: Mesop
 CVE-2024-45523 (An issue was discovered in Bravura Security Fabric versions 12.3.x bef ...)
 	NOT-FOR-US: Bravura Security Fabric
 CVE-2024-45452 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -302,7 +302,7 @@ CVE-2024-45298 (Wiki.js is an open source wiki app built on Node.js. A disabled
 CVE-2024-44589 (Stack overflow vulnerability in the Login function in the HNAP service ...)
 	NOT-FOR-US: D-Link
 CVE-2024-44542 (SQL Injection vulnerability in todesk v.1.1 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: todesk
 CVE-2024-44064 (Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-44051 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -882,7 +882,7 @@ CVE-2024-7788 (Improper Digital Signature Invalidation vulnerability in Zip Repa
 CVE-2024-5998 (A vulnerability in the FAISS.deserialize_from_bytes function of langch ...)
 	NOT-FOR-US: langchain-ai/langchain
 CVE-2024-47049 (The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used ...)
-	TODO: check
+	NOT-FOR-US: czim/file-handling
 CVE-2024-47047 (An issue was discovered in the powermail extension through 12.4.0 for  ...)
 	NOT-FOR-US: TYPO3 extension
 CVE-2024-46362 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery  ...)
@@ -1243,7 +1243,7 @@ CVE-2024-28170 (Improper access control in Intel(R) RAID Web Console all version
 CVE-2024-23599 (Race condition in Seamless Firmware Updates for some Intel(R) referenc ...)
 	NOT-FOR-US: Intel
 CVE-2024-22013 (U-Boot environment is read from unauthenticated partition.)
-	TODO: check, unclear if it affects src:u-boot per se or is Google Nest specific
+	NOT-FOR-US: Google Nest
 CVE-2024-21871 (Improper input validation in UEFI firmware for some Intel(R) Processor ...)
 	NOT-FOR-US: Intel
 CVE-2024-21829 (Improper input validation in UEFI firmware error handler for some Inte ...)
@@ -110155,7 +110155,7 @@ CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x co
 CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2023-30464 (CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisonin ...)
-	TODO: check
+	NOT-FOR-US: CoreDNS
 CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and subsequent  ...)
 	NOT-FOR-US: picoTCP
 CVE-2023-30462
@@ -116246,19 +116246,19 @@ CVE-2023-28459 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export
 CVE-2023-28458 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non ...)
 	NOT-FOR-US: pretalx
 CVE-2023-28457 (An issue was discovered in Technitium through 11.0.3. It enables attac ...)
-	TODO: check
+	NOT-FOR-US: Technitium
 CVE-2023-28456 (An issue was discovered in Technitium through 11.0.2. It enables attac ...)
-	TODO: check
+	NOT-FOR-US: Technitium
 CVE-2023-28455 (An issue was discovered in Technitium through 11.0.2. The forwarding m ...)
-	TODO: check
+	NOT-FOR-US: Technitium
 CVE-2023-28454
 	RESERVED
 CVE-2023-28453
 	RESERVED
 CVE-2023-28452 (An issue was discovered in CoreDNS through 1.10.1. There is a vulnerab ...)
-	TODO: check
+	NOT-FOR-US: CoreDNS
 CVE-2023-28451 (An issue was discovered in Technitium 11.0.2. There is a vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Technitium
 CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...)
 	- dnsmasq 2.90-1 (bug #1033165)
 	[bookworm] - dnsmasq <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e378b8f1e7a83aa1f995c3f5d2b1f8edf253d8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e378b8f1e7a83aa1f995c3f5d2b1f8edf253d8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240920/ea0a9db2/attachment.htm>

More information about the debian-security-tracker-commits mailing list