[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Dec 10 09:51:30 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc923ef3 by Moritz Muehlenhoff at 2024-12-10T10:51:09+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -228,11 +228,11 @@ CVE-2024-40582 (Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sens
 CVE-2024-38485 (Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection  ...)
 	NOT-FOR-US: Dell
 CVE-2024-12307 (A function-level access control vulnerability in Unifiedtransform vers ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2024-12306 (Multiple access control vulnerabilities in Unifiedtransform version 2. ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2024-12305 (An object-level access control vulnerability in Unifiedtransform versi ...)
-	TODO: check
+	NOT-FOR-US: Unifiedtransform
 CVE-2024-12057 (User credentials (login & password) are inserted into log files when a ...)
 	NOT-FOR-US: PcVue
 CVE-2024-11991 (Motoko's incremental garbage collector is impacted by an uninitialized ...)
@@ -437,7 +437,7 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file
 	- colpack <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225617
 CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...)
-	TODO: check
+	NOT-FOR-US: nanoid
 CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential _execve50 ...)
 	- libposix-2008-perl 0.24-1
 CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via an off- ...)
@@ -485,7 +485,7 @@ CVE-2024-12348 (A vulnerability was found in Guizhou Xiaoma Technology jpress 5.
 CVE-2024-12347 (A vulnerability was found in Guangzhou Huayi Intelligent Technology Je ...)
 	NOT-FOR-US: Guangzhou Huayi Intelligent Technology Jeewms
 CVE-2024-12346 (A vulnerability has been found in Talentera up to 20241128 and classif ...)
-	TODO: check
+	NOT-FOR-US: Talentera
 CVE-2024-12344 (A vulnerability, which was classified as critical, was found in TP-Lin ...)
 	NOT-FOR-US: TP-Link
 CVE-2024-12343 (A vulnerability classified as critical has been found in TP-Link VN020 ...)
@@ -533,45 +533,45 @@ CVE-2024-7875 (Tungsten Automation(Kofax) TotalAgility in versions all through7.
 CVE-2024-7874 (Tungsten Automation (Kofax) TotalAgility in versions all through7.9.0. ...)
 	NOT-FOR-US: Tungsten Automation
 CVE-2024-54138 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...)
-	TODO: check
+	NOT-FOR-US: NuGet Gallery
 CVE-2024-44856 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-44855 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-44854 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-44853 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-44852 (Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-41650 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-41649 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-41648 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-41647 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-41646 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-41645 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-41644 (Insecure Permissions vulnerability in Open Robotics Robotic Operating  ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-38927 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-38926 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-38925 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-38924 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-38923 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-38922 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-38921 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
-	TODO: check
+	NOT-FOR-US: ROS Navigation
 CVE-2024-12326 (Jirafeau normally prevents browser preview for SVG files due to the po ...)
 	NOT-FOR-US: Jirafeau
 CVE-2024-12257 (The CardGate Payments for WooCommerce plugin for WordPress is vulnerab ...)
@@ -845,7 +845,7 @@ CVE-2024-11220 (A local low-level user on the server machine with credentials to
 CVE-2024-11204 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11022 (The authentication process to the web server uses a challenge response ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2024-10909 (The The Pojo Forms plugin for WordPress is vulnerable to arbitrary sho ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10879 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc923ef3df29c1f81088cff373168019ea1e2ac0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc923ef3df29c1f81088cff373168019ea1e2ac0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241210/9727b51b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list