[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 20 Aug 2024 06:49:25 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0e273eca by Moritz Muehlenhoff at 2024-08-20T15:39:51+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,19 +67,21 @@ CVE-2024-5763 (The The Plus Addons for Elementor \u2013 
Elementor Addons, Page T
 CVE-2024-5576 (The Tutor LMS Elementor Addons plugin for WordPress is 
vulnerable to S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-4785 (BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to 
Division ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-43688 (cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 
7.4 and  ...)
        - cron <not-affected> (Debian package of not does not contain the 
vulnerable code)
 CVE-2024-43202 (Exposure of Remote Code Execution in Apache Dolphinscheduler.  
This is ...)
-       TODO: check
+       NOT-FOR-US: Apache Dolphinscheduler
 CVE-2024-38810 (Missing Authorization When Using @AuthorizeReturnObject in 
Spring Secu ...)
-       TODO: check
+       - libspring-security-2.0-java <removed>
 CVE-2024-38808 (In Spring Framework versions 5.3.0 - 5.3.38 and older 
unsupported vers ...)
-       TODO: check
+       - libspring-java <unfixed> (unimportant)
+       NOTE: https://spring.io/security/cve-2024-38808
+       NOTE: Only supported for building applications shipped in Debian, see 
README.Debian.security
 CVE-2024-35539 (Typecho v1.3.0 was discovered to contain a race condition 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Typecho
 CVE-2024-35538 (Typecho v1.3.0 was discovered to contain a Client IP Spoofing 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Typecho
 CVE-2024-6508
        NOT-FOR-US: OpenShift
 CVE-2024-7958
@@ -110,7 +112,7 @@ CVE-2024-43401 (XWiki Platform is a generic wiki platform 
offering runtime servi
 CVE-2024-43400 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
        NOT-FOR-US: XWiki
 CVE-2024-43399 (Mobile Security Framework (MobSF) is a pen-testing, malware 
analysis a ...)
-       TODO: check
+       NOT-FOR-US: Mobile Security Framework (MobSF)
 CVE-2024-43380 (fugit contains time tools for flor and the floraison group. 
The fugit  ...)
        TODO: check
 CVE-2024-43379 (TruffleHog is a secrets scanning tool. Prior to v3.81.9, this 
vulnerab ...)
@@ -182,7 +184,7 @@ CVE-2024-39306
 CVE-2024-37099 (Deserialization of Untrusted Data vulnerability in Liquid Web 
GiveWP a ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32928 (The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a 
subset of  ...)
-       TODO: check
+       NOT-FOR-US: Nest
 CVE-2024-32927 (In sendDeviceState_1_6 of RadioExt.cpp, there is a possible 
use after  ...)
        NOT-FOR-US: Android
 CVE-2024-23729 (The ColorOS Internet Browser com.heytap.browser application 
45.10.3.4. ...)
@@ -222,7 +224,7 @@ CVE-2024-44070 (An issue was discovered in FRRouting (FRR) 
through 10.1. bgp_att
 CVE-2024-44069 (Pi-hole before 6 allows unauthenticated 
admin/api.php?setTempUnit= cal ...)
        NOT-FOR-US: Pi-hole
 CVE-2024-44067 (The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head 
XuanTie C ...)
-       TODO: check
+       NOT-FOR-US: XuanTie
 CVE-2024-43350 (Authorization Bypass Through User-Controlled Key vulnerability 
in Prop ...)
        NOT-FOR-US: Propovoice Propovoice CRM
 CVE-2024-43322 (Authorization Bypass Through User-Controlled Key vulnerability 
in Dyla ...)
@@ -936,7 +938,7 @@ CVE-2024-6460 (The Grow by Tradedoubler  WordPress plugin 
through 2.0.21 is vuln
 CVE-2024-6456 (AVEVA Historian Server has a vulnerability, if exploited, could 
allow  ...)
        NOT-FOR-US: AVEVA Historian Server
 CVE-2024-43378 (calamares-nixos-extensions provides Calamares branding and 
modules for ...)
-       TODO: check
+       NOT-FOR-US: calamares-nixos-extensions
 CVE-2024-43370 (gettext.js is a GNU gettext port for node and the browser. 
There is a  ...)
        - gettext.js 0.7.0-4 (bug #1078880)
        [bookworm] - gettext.js <no-dsa> (Minor issue)
@@ -945,7 +947,7 @@ CVE-2024-43370 (gettext.js is a GNU gettext port for node 
and the browser. There
 CVE-2024-43369 (Ibexa RichText Field Type is a Field Type for supporting rich 
formatte ...)
        NOT-FOR-US: Ibexa RichText Field Type
 CVE-2024-43367 (Boa is an embeddable and experimental Javascript engine 
written in Rus ...)
-       TODO: check
+       NOT-FOR-US: Boa JavaScript engine
 CVE-2024-43366 (zkvyper is a Vyper compiler. Starting in version 1.3.12 and 
prior to v ...)
        NOT-FOR-US: zkvyper Vyper compiler
 CVE-2024-42488 (Cilium is a networking, observability, and security solution 
with an e ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e273eca08e09de7d2fb351c3606d27da1dc50a4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e273eca08e09de7d2fb351c3606d27da1dc50a4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to