[Git][security-tracker-team/security-tracker][master] Process NFUs

Tue Dec 10 08:42:10 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e5dc499 by Salvatore Bonaccorso at 2024-12-10T09:41:44+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,9 +13,9 @@ CVE-2024-55634 (A vulnerability in Drupal Core allows Privilege Escalation.This
 CVE-2024-55601 (Hugo is a static site generator. Starting in version 0.123.0 and prior ...)
 	TODO: check
 CVE-2024-54198 (In certain conditions, SAP NetWeaver Application Server ABAP allows an ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-54197 (SAP NetWeaver Administrator(System Overview) allows an authenticated a ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-54151 (Directus is a real-time API and App dashboard for managing SQL databas ...)
 	TODO: check
 CVE-2024-54149 (Winter is a free, open-source content management system (CMS) based on ...)
@@ -35,11 +35,11 @@ CVE-2024-50625 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. A
 CVE-2024-47946 (If the attacker has access to a valid Poweruser session, remote code e ...)
 	TODO: check
 CVE-2024-47585 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47582 (Due to missing validation of XML input, an unauthenticated attacker co ...)
 	TODO: check
 CVE-2024-47581 (SAP HCM Approve Timesheets Version 4 application does not perform nece ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47580 (An attacker authenticated as an administrator can use an exposed webse ...)
 	TODO: check
 CVE-2024-47579 (An attacker authenticated as an administrator can use an exposed webse ...)
@@ -47,9 +47,9 @@ CVE-2024-47579 (An attacker authenticated as an administrator can use an exposed
 CVE-2024-47578 (Adobe Document Service allows an attacker with administrator privilege ...)
 	TODO: check
 CVE-2024-47577 (Webservice API endpoints for Assisted Service Module within SAP Commer ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47576 (SAP Product Lifecycle Costing Client (versions below 4.7.1) applicatio ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-46455 (unstructured v.0.14.2 and before is vulnerable to XML External Entity  ...)
 	TODO: check
 CVE-2024-37144 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376. ...)
@@ -57,7 +57,7 @@ CVE-2024-37144 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 4
 CVE-2024-37143 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376. ...)
 	TODO: check
 CVE-2024-32732 (Under certain conditions SAP BusinessObjects Business Intelligence pla ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-28138 (An unauthenticated attacker with network access to the affected device ...)
 	TODO: check
 CVE-2024-21542 (Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e5dc499a24f17e7203f790d3188f1582fb88f90

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e5dc499a24f17e7203f790d3188f1582fb88f90
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241210/943acd57/attachment.htm>
