[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 30 Jul 2024 13:41:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0427fa32 by Salvatore Bonaccorso at 2024-07-30T22:40:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2024-5249 (In versions of Akana API Platform prior to 
2024.1.0, SAML tokens
 CVE-2024-4188 (Unprotected Transport of Credentials vulnerability in 
OpenText\u2122 D ...)
        NOT-FOR-US: OpenText Documentum Server
 CVE-2024-41945 (fuels-ts is a library for interacting with Fuel v2.  The 
typescript SD ...)
-       TODO: check
+       NOT-FOR-US: fuels-ts
 CVE-2024-41944 (Xibo is a content management system (CMS). An SQL injection 
vulnerabil ...)
        NOT-FOR-US: Xibo
 CVE-2024-41943 (I, Librarian is an open-source version of a PDF managing SaaS. 
PDF not ...)
@@ -55,15 +55,15 @@ CVE-2024-41611 (In D-Link DIR-860L REVA FIRMWARE PATCH 
1.10..B04, the Telnet ser
 CVE-2024-41610 (D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains 
hardcoded cr ...)
        NOT-FOR-US: D-Link
 CVE-2024-41443 (A stack overflow in the function cp_dynamic() 
(/vendor/cute_png.h) of  ...)
-       TODO: check
+       NOT-FOR-US: hicolor
 CVE-2024-41440 (A heap buffer overflow in the function png_quantize() of 
hicolor v0.5. ...)
-       TODO: check
+       NOT-FOR-US: hicolor
 CVE-2024-41439 (A heap buffer overflow in the function cp_block() 
(/vendor/cute_png.h) ...)
-       TODO: check
+       NOT-FOR-US: hicolor
 CVE-2024-41438 (A heap buffer overflow in the function cp_stored() 
(/vendor/cute_png.h ...)
-       TODO: check
+       NOT-FOR-US: hicolor
 CVE-2024-41437 (A heap buffer overflow in the function cp_unfilter() 
(/vendor/cute_png ...)
-       TODO: check
+       NOT-FOR-US: hicolor
 CVE-2024-41305 (A Server-Side Request Forgery (SSRF) in the Plugins Page of 
WonderCMS  ...)
        NOT-FOR-US: WonderCMS
 CVE-2024-41304 (An arbitrary file upload vulnerability in the 
uploadFileAction() funct ...)
@@ -79,35 +79,35 @@ CVE-2024-3930 (In versions of Akana API Platform prior to 
2024.1.0a flaw resulti
 CVE-2024-39320 (Discourse is an open source discussion platform. Prior to 
3.2.5 and 3. ...)
        NOT-FOR-US: Discourse
 CVE-2024-39012 (ais-ltd strategyen v0.4.0 was discovered to contain a 
prototype pollut ...)
-       TODO: check
+       NOT-FOR-US: ais-ltd strategyen
 CVE-2024-39011 (Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows 
attackers  ...)
-       TODO: check
+       NOT-FOR-US: chargeover redoc
 CVE-2024-39010 (chase-moskal snapstate v0.0.9 was discovered to contain a 
prototype po ...)
-       TODO: check
+       NOT-FOR-US: chase-moskal snapstate
 CVE-2024-38986 (Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers 
to execu ...)
        NOT-FOR-US: 75lb deep-merge
 CVE-2024-38984 (Prototype Pollution in lukebond json-override 0.2.0 allows 
attackers t ...)
-       TODO: check
+       NOT-FOR-US: lukebond json-override
 CVE-2024-38909 (Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access 
Control. C ...)
        NOT-FOR-US: Studio 42 elFinder
 CVE-2024-38432 (MatrixTafnit v8   -     CWE-646: Reliance on File Name or 
Extension of ...)
-       TODO: check
+       NOT-FOR-US: Matrix Tafnit
 CVE-2024-38431 (MatrixTafnit v8   -   CWE-204: Observable Response Discrepancy)
-       TODO: check
+       NOT-FOR-US: Matrix Tafnit
 CVE-2024-38430 (Matrix - CWE-79: Improper Neutralization of Input During Web 
Page Gene ...)
-       TODO: check
+       NOT-FOR-US: Matrix Tafnit
 CVE-2024-38429 (MatrixTafnit v8   - CWE-552: Files or Directories Accessible 
to Extern ...)
-       TODO: check
+       NOT-FOR-US: Matrix Tafnit
 CVE-2024-37299 (Discourse is an open source discussion platform. Prior to 
3.2.5 and 3. ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-37165 (Discourse is an open source discussion platform. Prior to 
3.2.3 and 3. ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2024-36572 (Prototype pollution in allpro form-manager 0.7.4 allows 
attackers to r ...)
-       TODO: check
+       NOT-FOR-US: allpro form-manager
 CVE-2024-23091 (Weak password hashing using MD5 in funzioni.php in HotelDruid 
before 1 ...)
        TODO: check
 CVE-2023-48396 (Web Authentication vulnerability in Apache SeaTunnel.Since the 
jwt key ...)
-       TODO: check
+       NOT-FOR-US: Apache SeaTunnel
 CVE-2023-38001 (IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site 
request forg ...)
        NOT-FOR-US: IBM
 CVE-2023-33976 (TensorFlow is an end-to-end open source platform for machine 
learning. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0427fa327f2560b3956a7ba7b0d9b1103b999e90

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0427fa327f2560b3956a7ba7b0d9b1103b999e90
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to