[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue, 21 May 2024 01:45:13 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
99451f44 by Salvatore Bonaccorso at 2024-05-21T10:44:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,14 +26,14 @@ CVE-2024-35195 (Requests is a HTTP library. Prior to 
2.32.0, when making request
        NOTE: https://github.com/psf/requests/pull/6655
        NOTE: 
https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356 
(v2.32.0)
 CVE-2024-35194 (Minder is a software supply chain security platform. Prior to 
version  ...)
-       TODO: check
+       NOT-FOR-US: Minder by Stacklok
 CVE-2024-35192 (Trivy is a security scanner. Prior to 0.51.2, if a malicious 
actor is  ...)
        - trivy <itp> (bug #929458)
        NOTE: 
https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj
 CVE-2024-35191 (Formie is a Craft CMS plugin for creating forms. Prior to 
2.1.6, users ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS plugin
 CVE-2024-34710 (Wiki.js is al wiki app built on Node.js. Client side template 
injectio ...)
-       TODO: check
+       NOT-FOR-US: Wiki.js
 CVE-2024-33901 (Issue in KeePassXC 2.7.7 allows an attacker to recover some 
passwords  ...)
        TODO: check
 CVE-2024-33900 (KeePassXC 2.7.7 allows attackers to recover cleartext 
credentials.)
@@ -71,9 +71,9 @@ CVE-2024-35576 (Tenda AX1806 v1.0.0.1 contains a stack 
overflow via the iptv.stb
 CVE-2024-35571 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the 
iptv.stb.mode  ...)
        NOT-FOR-US: Tenda
 CVE-2024-34953 (An issue in taurusxin ncmdump v1.3.2 allows attackers to cause 
a Denia ...)
-       TODO: check
+       NOT-FOR-US: taurusxin ncmdump
 CVE-2024-34952 (taurusxin ncmdump v1.3.2 was discovered to contain a 
segmentation viol ...)
-       TODO: check
+       NOT-FOR-US: taurusxin ncmdump
 CVE-2024-34949 (likeshop 2.5.7 is vulnerable to SQL Injection via the 
getOrderList fun ...)
        NOT-FOR-US: likeshop
 CVE-2024-34948 (An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd 
IK-Q3000 ...)
@@ -81,7 +81,7 @@ CVE-2024-34948 (An issue in Quanxun Huiju Network 
Technology(Beijing) Co.,Ltd IK
 CVE-2024-34947 (Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 
3.7.10 x64 ...)
        NOT-FOR-US: Quanxun Huiju Network Technology(Beijing) Co.
 CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get 
file fl ...)
-       TODO: check
+       NOT-FOR-US: smanga
 CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before 
allows  ...)
        TODO: check
 CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been 
identified  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99451f44c76ca2ddf7b9d78c078f069617468261

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99451f44c76ca2ddf7b9d78c078f069617468261
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to