[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 04 Dec 2024 02:02:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e564fbdb by Salvatore Bonaccorso at 2024-12-04T11:02:17+01:00
Process some NFUs

- - - - -
b77dd69f by Salvatore Bonaccorso at 2024-12-04T11:02:18+01:00
Add two &quot;new&quot; matrix-synapse issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -92,11 +92,11 @@ CVE-2024-10663 (The Eleblog \u2013 Elementor Blog And 
Magazine Addons plugin for
 CVE-2024-10587 (The Interactive Contact Form and Multi Step Form Builder with 
Drag & D ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-6978 (The WP Job Manager \u2013 Company Profiles plugin for WordPress 
is vul ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52944 (Incorrect authorization vulnerability in ActionRule webapi 
component i ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2023-52943 (Incorrect authorization vulnerability in Alert.Setting webapi 
componen ...)
-       TODO: check
+       NOT-FOR-US: Synology
 CVE-2024-9978 (in OpenHarmony v4.1.1 and prior versions allow a local attacker 
cause  ...)
        NOT-FOR-US: OpenHarmony
 CVE-2024-54000 (Mobile Security Framework (MobSF) is a pen-testing, malware 
analysis a ...)
@@ -155,9 +155,12 @@ CVE-2024-41775 (IBM Cognos Controller 11.0.0 and 
11.0.1uses weaker than expected
 CVE-2024-40691 (IBM Cognos Controller 11.0.0 and 11.0.1   could be vulnerable 
to malic ...)
        NOT-FOR-US: IBM
 CVE-2024-37303 (Synapse is an open-source Matrix homeserver. Synapse before 
version 1. ...)
-       TODO: check
+       - matrix-synapse 1.116.0-1
+       NOTE: 
https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
+       NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3916
 CVE-2024-37302 (Synapse is an open-source Matrix homeserver. Synapse versions 
before 1 ...)
-       TODO: check
+       - matrix-synapse 1.116.0-1
+       NOTE: 
https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
 CVE-2024-29404 (An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App 
v.202402 ...)
        TODO: check
 CVE-2024-25036 (IBM Cognos Controller 11.0.0 and 11.0.1       could allow an 
authentic ...)
@@ -191,7 +194,7 @@ CVE-2024-11325 (The AWeber Forms by Optin Cat plugin for 
WordPress is vulnerable
 CVE-2024-11200 (The Goodlayers Core plugin for WordPress is vulnerable to 
Reflected Cr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-10074 (in OpenHarmony v4.1.1 and prior versions allow a local 
attacker cause  ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2023-7255
        REJECTED
 CVE-2024-45106 (Improper authentication of an HTTP endpoint in the S3 Gateway 
of Apach ...)
@@ -476105,7 +476108,7 @@ CVE-2018-9451 (In DynamicRefTable::load of 
ResourceTypes.cpp, there is a possibl
 CVE-2018-9450 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible 
out of ...)
        NOT-FOR-US: Android
 CVE-2018-9449 (In process_service_search_attr_rsp of sdp_discovery.cc, there 
is a pos ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out 
of bou ...)
        NOT-FOR-US: Android
 CVE-2018-9447
@@ -476121,7 +476124,7 @@ CVE-2018-9443
 CVE-2018-9442
        RESERVED
 CVE-2018-9441 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible 
out of b ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9440 (In parse of M3UParser.cpp there is a possible resource 
exhaustion due  ...)
        NOT-FOR-US: Android Media Framework
 CVE-2018-9439
@@ -476133,7 +476136,7 @@ CVE-2018-9437 (In getstring of ID3.cpp there is a 
possible out-of-bounds read du
 CVE-2018-9436 (In bnep_data_ind of bnep_main.cc, there is a possible out of 
bounds re ...)
        NOT-FOR-US: Android
 CVE-2018-9435 (In gatt_process_error_rsp of gatt_cl.cc, there is a possible 
out of bo ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9434
        RESERVED
        NOT-FOR-US: Android
@@ -476253,9 +476256,9 @@ CVE-2018-9383
 CVE-2018-9382
        RESERVED
 CVE-2018-9381 (In gatts_process_read_by_type_req of gatt_sr.c, there is a 
possibleinf ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9380 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of 
bounds w ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9379
        RESERVED
 CVE-2018-9378



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d22546989148af87055467cfeeb6988e4a9fb775...b77dd69faa6ed9dd12babb3ece0a25f44f8d6f1b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d22546989148af87055467cfeeb6988e4a9fb775...b77dd69faa6ed9dd12babb3ece0a25f44f8d6f1b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Reply via email to