Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e97a080c by Salvatore Bonaccorso at 2024-01-03T22:16:27+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16,7 +16,7 @@ CVE-2024-21633 (Apktool is a tool for reverse engineering
Android APK files. In
NOTE:
https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w
NOTE:
https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712
CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version
4.90.0, Vap ...)
- TODO: check
+ NOT-FOR-US: Vapor
CVE-2024-21622 (Craft is a content management system. This is a potential
moderate imp ...)
NOT-FOR-US: Craft CMS
CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some
conditions, th ...)
@@ -32,11 +32,11 @@ CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013
FooGallery plugin for Wo
CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5881 (Unauthenticated access permitted to web interface page The
Genie Compa ...)
- TODO: check
+ NOT-FOR-US: Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM)
"Garage Door Control Module Setup"
CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener
(Retrofit-Ki ...)
- TODO: check
+ NOT-FOR-US: Genie Company Aladdin Connect garage door opener
(Retrofit-Kit Model ALDCM)
CVE-2023-5879 (Users\u2019 product account authentication data was stored in
clear te ...)
- TODO: check
+ NOT-FOR-US: Genie Company Aladdin Connect Mobile Application
CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in
convert_shape_com ...)
NOT-FOR-US: PaddlePaddle
CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before
2.6.0. Th ...)
@@ -66,13 +66,13 @@ CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle
before 2.6.0. This fl
CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0.
Attackers ca ...)
NOT-FOR-US: GL.iNet devices
CVE-2023-50253 (Laf is a cloud development platform. In the Laf version
design, the lo ...)
- TODO: check
+ NOT-FOR-US: Laf
CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is
vulnerable ...)
NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7
CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is
vulnerable t ...)
NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7
CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile
method of ure ...)
- TODO: check
+ NOT-FOR-US: ureport
CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master
in MP4Box ...)
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/2662
@@ -37517,7 +37517,7 @@ CVE-2023-30619 (Tuleap Open ALM is a Libre and Open
Source tool for end to end t
CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which
enable ...)
NOT-FOR-US: Kitchen-Terraform
CVE-2023-30617 (Kruise provides automated management of large-scale
applications on Ku ...)
- TODO: check
+ NOT-FOR-US: Kruise
CVE-2023-30616 (Form block is a wordpress plugin designed to make form
creation easier ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident
responder ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e97a080c57fef9b2e1782bf2e6e8668d458dd747
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e97a080c57fef9b2e1782bf2e6e8668d458dd747
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
