[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 13 08:31:45 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a542f1e7 by Moritz Muehlenhoff at 2024-12-13T09:31:23+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-9508 (Horner Automation Cscape contains a memory corruption vulnerability, w ...)
-	TODO: check
+	NOT-FOR-US: Horner Automation Cscape
 CVE-2024-55918 (An issue was discovered in the Graphics::ColorNames package before 3.2 ...)
 	TODO: check
 CVE-2024-21544 (Versions of the package spatie/browsershot before 5.0.1 are vulnerable ...)
@@ -9,43 +9,43 @@ CVE-2024-21543 (Versions of the package djoser before 2.3.0 are vulnerable to Au
 CVE-2024-12603 (A logic vulnerability in the the mobile application (com.transsion.app ...)
 	TODO: check
 CVE-2024-12581 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12579 (The Minify HTML plugin for WordPress is vulnerable to Regular Expressi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12574 (The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12572 (The Hello In All Languages plugin for WordPress is vulnerable to Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12300 (The AR for WordPress plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12289 (Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u20 ...)
 	TODO: check
 CVE-2024-12212 (The vulnerability occurs in the parsing of CSP files. The issues resul ...)
-	TODO: check
+	NOT-FOR-US: Horner Automation Cscape
 CVE-2024-11839 (Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks  ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2024-11838 (External Control of File Name or Path vulnerability in PlexTrac allows ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2024-11837 (Improper Neutralization of Special Elements used in an N1QL Command (' ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2024-11836 (Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing  ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2024-11835 (Uncontrolled Resource Consumption vulnerability in PlexTrac allows Web ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2024-11834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2024-11833 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: PlexTrac
 CVE-2024-11809 (The Primer MyData for Woocommerce plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11767 (The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10939 (The Image Widget WordPress plugin before 4.4.11 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10678 (The Ultimate Blocks  WordPress plugin before 3.2.4 does not validate a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2019-25221 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12455 [powerpc: getrandom() returns EINVAL as retcode instead of errno]
 	- glibc <not-affected> (Vulnerable code not present)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32440
@@ -143,7 +143,7 @@ CVE-2024-54096 (Vulnerability of improper access control in the MTP module Impac
 CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
 	NOT-FOR-US: IBM
 CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can perform a ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from a prev ...)
 	TODO: check
 CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog allows a ...)
@@ -151,13 +151,13 @@ CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog al
 CVE-2024-49071 (Improper authorization of an index that contains sensitive information ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-47947 (Due to missing input sanitization, an attacker can perform cross-site- ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-47238 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
 	NOT-FOR-US: Dell
 CVE-2024-36498 (Due to missing input sanitization, an attacker can perform cross-site- ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-36494 (Due to missing input sanitization, an attacker can perform cross-site- ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_ ...)
 	TODO: check
 CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt config f ...)
@@ -177,7 +177,7 @@ CVE-2024-21574 (The issue stems from a missing validation of the pip field in a
 CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	TODO: check
 CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows an atta ...)
-	TODO: check
+	NOT-FOR-US: Open Shift
 CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary shortcode  ...)
 	NOT-FOR-US: WordPress theme
 CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a542f1e7c74ac7e391e74da3b8b415cbfdd358c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a542f1e7c74ac7e391e74da3b8b415cbfdd358c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241213/5cfcbf14/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list