Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
72f09de9 by Salvatore Bonaccorso at 2024-02-26T21:46:34+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,42 +33,42 @@ CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a
memory leak in /krb5/src
NOTE:
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md
NOTE: check, unclear upstream report status
CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in
/fluent-bi ...)
- TODO: check
+ NOT-FOR-US: Fluent Bit
CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability
in SYSBA ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25913 (Unrestricted Upload of File with Dangerous Type vulnerability
in Skymo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability
in JoomU ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in
/libming/src/act ...)
- ming <removed>
CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference
vulnerability in / ...)
- opendmarc <unfixed>
NOTE:
https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md
CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in
/nanomq/nng/s ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via
/openNDS/src/auth.c ...)
TODO: check
CVE-2024-25760 (yasm 1.3.0 contains a memory leak via
/yasm/tools/genmacro/genmacro.c.)
TODO: check
CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File
with Dan ...)
- TODO: check
+ NOT-FOR-US: flusity-CMS
CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit
v.43248 ...)
- TODO: check
+ NOT-FOR-US: ITFlow.org
CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command
injection via ...)
TODO: check
CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command
injection via ...)
TODO: check
CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability
in bPlug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
TODO: check
CVE-2024-24528
REJECTED
CVE-2024-24402 (An issue in Nagios XI 2024R1.01 allows a remote attacker to
escalate p ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a
remote att ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
TODO: check
CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol.
Crafted traff ...)
@@ -82,7 +82,7 @@ CVE-2024-23605 (A heap-based buffer overflow vulnerability
exists in the GGUF li
CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
TODO: check
CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to
contain a Ser ...)
- TODO: check
+ NOT-FOR-US: Tencent Blueking CMDB
CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2
SSL con ...)
TODO: check
CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF
library ...)
@@ -94,21 +94,21 @@ CVE-2024-21802 (A heap-based buffer overflow vulnerability
exists in the GGUF li
CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <=
2.1.0 coul ...)
TODO: check
CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link
to an au ...)
- TODO: check
+ NOT-FOR-US: Sunny WebBox firmware
CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster
Controller, af ...)
- TODO: check
+ NOT-FOR-US: SMA Cluster Controller
CVE-2024-1622 (Due to a mistake in error checking, Routinator will terminate
when an ...)
TODO: check
CVE-2024-1436 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0387 (The EDS-4000/G4000 Series prior to version 3.2 includes IP
forwarding ...)
- TODO: check
+ NOT-FOR-US: EDS-4000/G4000 Series
CVE-2023-49960 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path
traversal vuln ...)
- TODO: check
+ NOT-FOR-US: Indo-Sol PROFINET-INspektor NT
CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command
injection v ...)
- TODO: check
+ NOT-FOR-US: Indo-Sol PROFINET-INspektor NT
CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify
VMS Client ...)
- TODO: check
+ NOT-FOR-US: Qognify VMS Client Viewer
CVE-2023-51518
NOT-FOR-US: Apache James
CVE-2023-52474 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f09de9ef9f7bd1306091078fe6bdd7facbf808
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f09de9ef9f7bd1306091078fe6bdd7facbf808
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
