Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30e46586 by Salvatore Bonaccorso at 2024-03-09T17:33:33+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2024-28180 (Package jose aims to provide an
implementation of the Javascript
CVE-2024-28176 (jose is JavaScript module for JSON Object Signing and
Encryption, prov ...)
TODO: check
CVE-2024-28123 (Wasmi is an efficient and lightweight WebAssembly interpreter
with a f ...)
- TODO: check
+ NOT-FOR-US: Wasmi
CVE-2024-28122 (JWX is Go module implementing various JWx
(JWA/JWE/JWK/JWS/JWT, otherw ...)
TODO: check
CVE-2024-28089 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a
remote att ...)
@@ -319,7 +319,7 @@ CVE-2024-1931 (NLnet Labs Unbound version 1.18.0 up to and
including version 1.1
CVE-2024-1773 (The PDF Invoices and Packing Slips For WooCommerce plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1725 (A flaw was found in the kubevirt-csi component of OpenShift
Virtualiza ...)
- TODO: check
+ NOT-FOR-US: kubevirt-csi component of OpenShift Virtualization's Hosted
Control Plane (HCP)
CVE-2024-1534 (The Booster for WooCommerce plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1442 (A user with the permissions to create a data source can use
Grafana AP ...)
@@ -490,9 +490,9 @@ CVE-2024-27304 (pgx is a PostgreSQL driver and toolkit for
Go. SQL injection can
NOTE:
https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8
(v5.5.4)
NOTE:
https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df
(v4.18.2)
CVE-2024-27303 (electron-builder is a solution to package and build a ready
for distri ...)
- TODO: check
+ NOT-FOR-US: electron-builder
CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to
specify a C ...)
- TODO: check
+ NOT-FOR-US: go-zero
CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to
version 4.18.2 ...)
- golang-github-jackc-pgx <unfixed> (bug #1065686)
[bookworm] - golang-github-jackc-pgx <no-dsa> (Minor issue)
@@ -559,7 +559,7 @@ CVE-2023-49979 (A directory listing vulnerability in
Customer Support System v1
CVE-2023-49978 (Incorrect access control in Customer Support System v1 allows
non-admi ...)
NOT-FOR-US: Customer Support System
CVE-2023-48703 (RobotsAndPencils go-saml, a SAML client library written in Go,
contain ...)
- TODO: check
+ NOT-FOR-US: go-saml
CVE-2023-38825 (SQL injection vulnerability in Vanderbilt REDCap before
v.13.8.0 allow ...)
NOT-FOR-US: Vanderbilt REDCap
CVE-2024-28160 (Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize
iceScrum p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4658675abbb5c8c7792b7e9258c0d2f2b7e43
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4658675abbb5c8c7792b7e9258c0d2f2b7e43
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
