[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 20 Sep 2024 02:04:47 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1e378b8f by Moritz Muehlenhoff at 2024-09-20T11:03:57+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -288,7 +288,7 @@ CVE-2024-45679 (Heap-based buffer overflow vulnerability in 
Assimp versions prio
        NOTE: https://github.com/assimp/assimp/pull/5310
        NOTE: 
https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d
 (v5.4.0)
 CVE-2024-45601 (Mesop is a Python-based UI framework designed for rapid web 
apps devel ...)
-       TODO: check
+       NOT-FOR-US: Mesop
 CVE-2024-45523 (An issue was discovered in Bravura Security Fabric versions 
12.3.x bef ...)
        NOT-FOR-US: Bravura Security Fabric
 CVE-2024-45452 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
@@ -302,7 +302,7 @@ CVE-2024-45298 (Wiki.js is an open source wiki app built on 
Node.js. A disabled
 CVE-2024-44589 (Stack overflow vulnerability in the Login function in the HNAP 
service ...)
        NOT-FOR-US: D-Link
 CVE-2024-44542 (SQL Injection vulnerability in todesk v.1.1 allows a remote 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: todesk
 CVE-2024-44064 (Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn 
Like Button ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-44051 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
@@ -882,7 +882,7 @@ CVE-2024-7788 (Improper Digital Signature Invalidation 
vulnerability in Zip Repa
 CVE-2024-5998 (A vulnerability in the FAISS.deserialize_from_bytes function of 
langch ...)
        NOT-FOR-US: langchain-ai/langchain
 CVE-2024-47049 (The czim/file-handling package before 1.5.0 and 2.x before 
2.3.0 (used ...)
-       TODO: check
+       NOT-FOR-US: czim/file-handling
 CVE-2024-47047 (An issue was discovered in the powermail extension through 
12.4.0 for  ...)
        NOT-FOR-US: TYPO3 extension
 CVE-2024-46362 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request 
Forgery  ...)
@@ -1243,7 +1243,7 @@ CVE-2024-28170 (Improper access control in Intel(R) RAID 
Web Console all version
 CVE-2024-23599 (Race condition in Seamless Firmware Updates for some Intel(R) 
referenc ...)
        NOT-FOR-US: Intel
 CVE-2024-22013 (U-Boot environment is read from unauthenticated partition.)
-       TODO: check, unclear if it affects src:u-boot per se or is Google Nest 
specific
+       NOT-FOR-US: Google Nest
 CVE-2024-21871 (Improper input validation in UEFI firmware for some Intel(R) 
Processor ...)
        NOT-FOR-US: Intel
 CVE-2024-21829 (Improper input validation in UEFI firmware error handler for 
some Inte ...)
@@ -110155,7 +110155,7 @@ CVE-2023-1966 (Instruments with Illumina Universal 
Copy Service v1.x and v2.x co
 CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2023-30464 (CoreDNS through 1.10.1 enables attackers to achieve DNS cache 
poisonin ...)
-       TODO: check
+       NOT-FOR-US: CoreDNS
 CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and 
subsequent  ...)
        NOT-FOR-US: picoTCP
 CVE-2023-30462
@@ -116246,19 +116246,19 @@ CVE-2023-28459 (pretalx 2.3.1 before 2.3.2 allows 
path traversal in HTML export
 CVE-2023-28458 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML 
export (a non ...)
        NOT-FOR-US: pretalx
 CVE-2023-28457 (An issue was discovered in Technitium through 11.0.3. It 
enables attac ...)
-       TODO: check
+       NOT-FOR-US: Technitium
 CVE-2023-28456 (An issue was discovered in Technitium through 11.0.2. It 
enables attac ...)
-       TODO: check
+       NOT-FOR-US: Technitium
 CVE-2023-28455 (An issue was discovered in Technitium through 11.0.2. The 
forwarding m ...)
-       TODO: check
+       NOT-FOR-US: Technitium
 CVE-2023-28454
        RESERVED
 CVE-2023-28453
        RESERVED
 CVE-2023-28452 (An issue was discovered in CoreDNS through 1.10.1. There is a 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: CoreDNS
 CVE-2023-28451 (An issue was discovered in Technitium 11.0.2. There is a 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Technitium
 CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default 
maximum ED ...)
        - dnsmasq 2.90-1 (bug #1033165)
        [bookworm] - dnsmasq <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e378b8f1e7a83aa1f995c3f5d2b1f8edf253d8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e378b8f1e7a83aa1f995c3f5d2b1f8edf253d8d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to