[Git][security-tracker-team/security-tracker][master] NFUs

Mon, 22 Apr 2024 03:49:40 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
868ccb12 by Moritz Muehlenhoff at 2024-04-22T12:48:59+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,17 +17,17 @@ CVE-2024-32693 (Cross-Site Request Forgery (CSRF) 
vulnerability in ValvePress Au
 CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to 
execute arbi ...)
-       TODO: check
+       NOT-FOR-US: flusity CMS
 CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: PX4 Autopilot
 CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX 
v.14r1, v.13r3 ...)
-       TODO: check
+       NOT-FOR-US: Innovaphone
 CVE-2023-7252 (The Tickera  WordPress plugin before 3.5.2.5 does not prevent 
users fr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2018-25101 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: Koha Library Management System
 CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo 
Grauerhol ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment]
        - freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
        - freerdp2 <unfixed>
@@ -89,7 +89,7 @@ CVE-2024-31991 (Mealie is a self hosted recipe manager and 
meal planner. Prior t
 CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability 
via the  ...)
        TODO: check
 CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: autoexpress
 CVE-2024-22905 (Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a 
remote  ...)
        NOT-FOR-US: ARM mbed-os
 CVE-2024-1730 (The Prime Slider \u2013 Addons For Elementor (Revolution of a 
slider,  ...)
@@ -127,7 +127,7 @@ CVE-2024-3470 (An Improper Privilege Management 
vulnerability was identified in
 CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability 
in Wpme ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono 
application  ...)
-       TODO: check
+       NOT-FOR-US: @hono/node-server
 CVE-2024-32650 (Rustls is a modern TLS library written in Rust. 
`rustls::ConnectionCom ...)
        TODO: check
 CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM 
blockchain tha ...)
@@ -144,7 +144,7 @@ CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote 
attacker to execute arb
 CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the 
component \af ...)
        NOT-FOR-US: WUZHICMS
 CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference 
(IDOR) - ...)
-       TODO: check
+       NOT-FOR-US: Webid
 CVE-2024-32038 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
        NOT-FOR-US: Wazuh
 CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web 
application  ...)
@@ -235,13 +235,13 @@ CVE-2024-29957 (When Brocade SANnav before v2.3.1 and 
v2.3.0a servers are config
 CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component 
of Ivant ...)
        NOT-FOR-US: Ivanti
 CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its 
protection en ...)
-       TODO: check
+       NOT-FOR-US: OpenRASP
 CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In 
memos 0. ...)
-       TODO: check
+       NOT-FOR-US: memos
 CVE-2024-29029 (memos is a privacy-first, lightweight note-taking service. In 
memos 0. ...)
-       TODO: check
+       NOT-FOR-US: memos
 CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In 
memos 0. ...)
-       TODO: check
+       NOT-FOR-US: memos
 CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti 
Avalanche be ...)
        NOT-FOR-US: Ivanti
 CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService 
compone ...)
@@ -307,9 +307,9 @@ CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log 
injection when the lo
 CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows 
MPFS   ...)
        NOT-FOR-US: Electrolink
 CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel 
Driver, Arm ...)
-       TODO: check
+       NOT-FOR-US: Arm
 CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel 
Driver, Arm ...)
-       TODO: check
+       NOT-FOR-US: Arm
 CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 
allows a ...)
        TODO: check
 CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 
allows a ...)
@@ -325,7 +325,7 @@ CVE-2023-51792 (Buffer Overflow vulnerability in libde265 
v1.0.12 allows a local
 CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 
allows a ...)
        TODO: check
 CVE-2023-50260 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 
allows a  ...)
        TODO: check
 CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 
allows a  ...)
@@ -341,9 +341,9 @@ CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg 
v.n6.1-3-g466799d4f5 all
 CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 
allows a  ...)
        TODO: check
 CVE-2023-49275 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
-       TODO: check
+       NOT-FOR-US: Wazuh
 CVE-2023-47435 (An issue in the verifyPassword function of hexo-theme-matery 
v2.0.0 al ...)
-       TODO: check
+       NOT-FOR-US: hexo-theme-matery
 CVE-2023-37400 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user 
to esca ...)
        NOT-FOR-US: IBM
 CVE-2023-37397 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user 
to obta ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/868ccb125648daf3bc380768521b7747b6bffcd2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/868ccb125648daf3bc380768521b7747b6bffcd2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to