[Git][security-tracker-team/security-tracker][master] opennds bug reference

Tue, 28 May 2024 15:08:24 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
49766927 by Moritz Muehlenhoff at 2024-05-29T00:07:23+02:00
opennds bug reference
bogus ruby-json-jwt issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31882,6 +31882,7 @@ CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free 
vulnerability in /nanomq
 CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via 
/openNDS/src/auth.c ...)
        - opennds <unfixed>
        NOTE: 
https://github.com/LuMingYinDetect/openNDS_defects/blob/main/openNDS_detect_1.md
+       NOTE: https://github.com/openNDS/openNDS/issues/600
 CVE-2024-25760
        REJECTED
 CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File 
with Dan ...)
@@ -44170,10 +44171,7 @@ CVE-2023-51775 (The jose4j component before 0.9.4 for 
Java allows attackers to c
        NOTE: https://bitbucket.org/b_c/jose4j/issues/212
        NOTE: https://bitbucket.org/b_c/jose4j/commits/1afaa1e174b3
 CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes 
allows bypa ...)
-       - ruby-json-jwt <unfixed>
-       [bookworm] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
-       [bullseye] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
-       [buster] - ruby-json-jwt <postponed> (Revisit when addressed upstream)
+       NOTE: Disputed ruby-json-jwt issue
        NOTE: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md
        NOTE: https://github.com/nov/json-jwt/issues/113
 CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer 
over-read  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/497669270382242f18ed58dc0d447d2834e3ecf5

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/497669270382242f18ed58dc0d447d2834e3ecf5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to