[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 9 09:12:50 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5657a0f by Salvatore Bonaccorso at 2024-12-09T10:12:09+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2024-9651 (The Fluent Forms  WordPress plugin before 5.2.1 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-55582 (Oxide before 6 has unencrypted Control Plane datastores.)
 	TODO: check
 CVE-2024-55580 (An issue was discovered in Qlik Sense Enterprise for Windows before No ...)
-	TODO: check
+	NOT-FOR-US: Qlik Sense Enterprise for Windows
 CVE-2024-55579 (An issue was discovered in Qlik Sense Enterprise for Windows before No ...)
-	TODO: check
+	NOT-FOR-US: Qlik Sense Enterprise for Windows
 CVE-2024-55578 (Zammad before 6.4.1 places sensitive data (such as auth_microsoft_offi ...)
 	- zammad <itp> (bug #841355)
 CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file (locat ...)
@@ -19,49 +19,49 @@ CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via a
 CVE-2024-55560 (MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh ...)
 	TODO: check
 CVE-2024-53285 (Improper neutralization of input during web page generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-53284 (Improper neutralization of input during web page generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-53283 (Improper neutralization of input during web page generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-53282 (Improper neutralization of input during web page generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-53281 (Improper neutralization of input during web page generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-53280 (Improper neutralization of input during web page generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-53279 (Improper neutralization of input during web page generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-12360 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Class and Exam Scheduling System
 CVE-2024-12359 (A vulnerability was found in code-projects Admin Dashboard 1.0. It has ...)
-	TODO: check
+	NOT-FOR-US: code-projects Admin Dashboard
 CVE-2024-12358 (A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been c ...)
-	TODO: check
+	NOT-FOR-US: WeiYe-Jing datax-web
 CVE-2024-12357 (A vulnerability was found in SourceCodester Best House Rental Manageme ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Best House Rental Management System
 CVE-2024-12355 (A vulnerability has been found in SourceCodester Phone Contact Manager ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Phone Contact Manager System
 CVE-2024-12354 (A vulnerability, which was classified as critical, was found in Source ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Phone Contact Manager System
 CVE-2024-12353 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Phone Contact Manager System
 CVE-2024-12352 (A vulnerability classified as problematic was found in TOTOLINK EX1800 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-12351 (A vulnerability classified as critical has been found in JFinalCMS 1.0 ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2024-12350 (A vulnerability was found in JFinalCMS 1.0. It has been rated as criti ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2024-12349 (A vulnerability was found in JFinalCMS 1.0. It has been declared as pr ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2024-12348 (A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. I ...)
-	TODO: check
+	NOT-FOR-US: Guizhou Xiaoma Technology jpress
 CVE-2024-12347 (A vulnerability was found in Guangzhou Huayi Intelligent Technology Je ...)
-	TODO: check
+	NOT-FOR-US: Guangzhou Huayi Intelligent Technology Jeewms
 CVE-2024-12346 (A vulnerability has been found in Talentera up to 20241128 and classif ...)
 	TODO: check
 CVE-2024-12344 (A vulnerability, which was classified as critical, was found in TP-Lin ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-12343 (A vulnerability classified as critical has been found in TP-Link VN020 ...)
 	NOT-FOR-US: TP-Link
 CVE-2024-53473 (WeGIA 3.2.0 before 3998672 does not verify permission to change a pass ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5657a0f5856d619c5ac84ebeb744cad7726b61f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5657a0f5856d619c5ac84ebeb744cad7726b61f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241209/57b92326/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list