[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu, 22 Feb 2024 01:31:07 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
062a767a by Salvatore Bonaccorso at 2024-02-22T10:27:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,49 +25,49 @@ CVE-2024-25251 (code-projects Agro-School Management System 
1.0 is suffers from
 CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 
2.52.1, the C ...)
        TODO: check
 CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion 
platform  ...)
-       TODO: check
+       NOT-FOR-US: Discourse plugin
 CVE-2024-23137 (A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll 
parsed thr ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23136 (A maliciously crafted STP file when ASMKERN228A.dll parsed 
through Aut ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23135 (A maliciously crafted SLDPRT file when ASMkern228A.dll parsed 
through  ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23134 (A maliciously crafted IGS file when tbb.dll parsed through 
Autodesk Au ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23133 (A maliciously crafted STP file inASMDATAX228A.dll when parsed 
through  ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when 
parsed thr ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or 
ASMDATAX228A.dllw ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in 
ODXSW_DLL.dllwhen par ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASMfiles in 
opennurbs.dll w ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed 
through  ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23127 (A maliciously crafted MODEL, SLDPRTor SLDASM file when parsed 
VCRUNTIM ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll 
through Auto ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll 
through Au ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23124 (A maliciously crafted STP file when parsed in 
ASMIMPORT228A.dll throug ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23123 (A maliciously crafted CATPART file when parsed in CC5Dll.dll 
and ASMBA ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23122 (A maliciously crafted 3DM file when parsed in opennurbs.dll 
through Au ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll 
through  ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-23120 (A maliciously crafted STP file when parsed in 
ASMIMPORT228A.dll throug ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0903 (The User Feedback \u2013 Create Interactive Feedback Form, User 
Survey ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0446 (A maliciously crafted STP, CATPART or MODEL file when parsed in 
ASMKER ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2023-52155 (A SQL Injection vulnerability in /admin/sauvegarde/run.php in 
PMB 7.4. ...)
        TODO: check
 CVE-2023-52154 (File Upload vulnerability in pmb/camera_upload.php in PMB 
7.4.7 and ea ...)
@@ -146,7 +146,7 @@ CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an 
open-source Python li
 CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.)
        NOT-FOR-US: HackMD CodiMD
 CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver 
when exitin ...)
-       TODO: check
+       NOT-FOR-US: Silabs
 CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 
QP3 and 8 ...)
        TODO: check
 CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified 
Intelligence  ...)
@@ -180,9 +180,9 @@ CVE-2024-1212 (Unauthenticated remote attackers can access 
the system through th
 CVE-2023-7235 (The OpenVPN GUI installer before version 2.6.9 did not set the 
proper  ...)
        TODO: check
 CVE-2023-6640 (Malformed S2 Nonce Get Command Class packets can be sent to 
crash PC C ...)
-       TODO: check
+       NOT-FOR-US: Silabs
 CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be 
sent to th ...)
-       TODO: check
+       NOT-FOR-US: Silabs
 CVE-2023-50975 (The TD Bank TD Advanced Dashboard client through 3.0.3 for 
macOS allow ...)
        NOT-FOR-US: TD Bank TD Advanced Dashboard client
 CVE-2023-50955 (IBM InfoSphere Information Server 11.7 could allow an 
authenticated pr ...)
@@ -192,7 +192,7 @@ CVE-2023-49100 (Trusted Firmware-A (TF-A) before 2.10 has a 
potential read out-o
 CVE-2023-47795 (Stored cross-site scripting (XSS) vulnerability in the 
Document and Me ...)
        NOT-FOR-US: Liferay
 CVE-2023-46241 (`discourse-microsoft-auth` is a plugin that enables 
authentication via ...)
-       TODO: check
+       NOT-FOR-US: Discourse plugin
 CVE-2023-33843 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site scr ...)
        NOT-FOR-US: IBM
 CVE-2024-0410 (An authorization bypass vulnerability was discovered in GitLab 
affecti ...)
@@ -690,7 +690,7 @@ CVE-2024-1171 (The Essential Addons for Elementor \u2013 
Best Elementor Template
 CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ 
service may ...)
        TODO: check
 CVE-2024-1155 (Incorrect permissions in the installation directories for 
shared Syste ...)
-       TODO: check
+       NOT-FOR-US: Silabs
 CVE-2024-1133 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-1128 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
@@ -67158,15 +67158,15 @@ CVE-2023-24336
 CVE-2023-24335
        RESERVED
 CVE-2023-24334 (A stack overflow vulnerability in Tenda AC23 with firmware 
version US_ ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2023-24333 (A stack overflow vulnerability in Tenda AC21 with firmware 
version US_ ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2023-24332 (A stack overflow vulnerability in Tenda AC6 with firmware 
version US_A ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2023-24331 (Command Injection vulnerability in D-Link Dir 816 with 
firmware versio ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2023-24330 (Command Injection vulnerability in D-Link Dir 882 with 
firmware versio ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 
allows  ...)
        {DLA-3575-1}
        - python3.11 3.11.4-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062a767a1ad43d48ce06b557cf023fe4f8b66d78

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/062a767a1ad43d48ce06b557cf023fe4f8b66d78
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to