[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 13 09:28:49 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c823a5a4 by Moritz Muehlenhoff at 2024-12-13T10:28:22+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -514,11 +514,11 @@ CVE-2024-55587 (python-libarchive through 4.2.1 allows directory traversal (to c
 CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar allows Explo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts.  This issu ...)
-	TODO: check
+	NOT-FOR-US: Struts 2
 CVE-2024-51460 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
 	NOT-FOR-US: IBM
 CVE-2024-50585 (Users who click on a malicious link or visit a website under the contr ...)
-	TODO: check
+	NOT-FOR-US: Numerix License Server Administration System
 CVE-2024-50339 (GLPI is a free asset and IT management software package. Starting in v ...)
 	- glpi <removed>
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-v977-g4r9-6r72
@@ -761,11 +761,11 @@ CVE-2024-37401 (An out-of-bounds read in IPsec of Ivanti Connect Secure before v
 CVE-2024-37377 (A heap-based buffer overflow in IPsec of Ivanti Connect Secure before  ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-28141 (The web application is not protected against cross-site request forger ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-28140 (The scanner device boots into a kiosk mode by default and opens the Sc ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-28139 (The www-data user can elevate its privileges because sudo is configure ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-12484 (A vulnerability classified as critical was found in Codezips Technical ...)
 	NOT-FOR-US: Codezips Technical Discussion Forum
 CVE-2024-12483 (A vulnerability classified as problematic has been found in Dromara UJ ...)
@@ -779,7 +779,7 @@ CVE-2024-12480 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has
 CVE-2024-12479 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classifie ...)
 	NOT-FOR-US: cjbi wetech-cms
 CVE-2024-12363 (Insufficient permissions in the TeamViewer Patch & Asset Management co ...)
-	TODO: check
+	NOT-FOR-US: TeamViewer
 CVE-2024-12325 (The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12294 (The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable ...)
@@ -1505,7 +1505,7 @@ CVE-2024-50626 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. A
 CVE-2024-50625 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulne ...)
 	NOT-FOR-US: Digi ConnectPort LTS
 CVE-2024-47946 (If the attacker has access to a valid Poweruser session, remote code e ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-47585 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an  ...)
 	NOT-FOR-US: SAP
 CVE-2024-47582 (Due to missing validation of XML input, an unauthenticated attacker co ...)
@@ -1531,7 +1531,7 @@ CVE-2024-37143 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 4
 CVE-2024-32732 (Under certain conditions SAP BusinessObjects Business Intelligence pla ...)
 	NOT-FOR-US: SAP
 CVE-2024-28138 (An unauthenticated attacker with network access to the affected device ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-21542 (Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary ...)
 	TODO: check
 CVE-2024-12393 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -1639,7 +1639,7 @@ CVE-2024-53948 (Generation of Error Message Containing analytics metadata Inform
 CVE-2024-53947 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Apache Superset
 CVE-2024-53847 (The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulne ...)
-	TODO: check
+	NOT-FOR-US: Trix
 CVE-2024-53822 (Unrestricted Upload of File with Dangerous Type vulnerability in Genet ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53819 (Missing Authorization vulnerability in Sprout Invoices Client Invoicin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c823a5a4c4b06826de23fc444514687e29d38818

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c823a5a4c4b06826de23fc444514687e29d38818
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241213/41957281/attachment.htm>

More information about the debian-security-tracker-commits mailing list