[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 13 14:01:12 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41a1484e by Moritz Muehlenhoff at 2024-12-13T14:57:40+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,11 +4,11 @@ CVE-2024-55918 (An issue was discovered in the Graphics::ColorNames package befo
 	- libgraphics-colornames-perl 3.5.0-1
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=54500
 CVE-2024-21544 (Versions of the package spatie/browsershot before 5.0.1 are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: spatie/browsershot
 CVE-2024-21543 (Versions of the package djoser before 2.3.0 are vulnerable to Authenti ...)
 	TODO: check
 CVE-2024-12603 (A logic vulnerability in the the mobile application (com.transsion.app ...)
-	TODO: check
+	NOT-FOR-US: com.transsion.applock
 CVE-2024-12581 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12579 (The Minify HTML plugin for WordPress is vulnerable to Regular Expressi ...)
@@ -20,7 +20,7 @@ CVE-2024-12572 (The Hello In All Languages plugin for WordPress is vulnerable to
 CVE-2024-12300 (The AR for WordPress plugin for WordPress is vulnerable to unauthorize ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12289 (Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u20 ...)
-	TODO: check
+	NOT-FOR-US: Boundary
 CVE-2024-12212 (The vulnerability occurs in the parsing of CSP files. The issues resul ...)
 	NOT-FOR-US: Horner Automation Cscape
 CVE-2024-11839 (Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks  ...)
@@ -161,17 +161,17 @@ CVE-2024-36498 (Due to missing input sanitization, an attacker can perform cross
 CVE-2024-36494 (Due to missing input sanitization, an attacker can perform cross-site- ...)
 	NOT-FOR-US: Scan2Net
 CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_ ...)
-	TODO: check
+	NOT-FOR-US: rizin
 CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt config f ...)
 	NOT-FOR-US: Rizin
 CVE-2024-28145 (An unauthenticated attacker can perform an SQL injection by accessing  ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-28144 (An attacker who can spoof the IP address and the User-Agent of a logge ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-28143 (The password change function at /cgi/admin.cgi does not require the cu ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-28142 (Due to missing input sanitization, an attacker can perform cross-site- ...)
-	TODO: check
+	NOT-FOR-US: Scan2Net
 CVE-2024-21575 (ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems f ...)
 	NOT-FOR-US: ComfyUI-Impact-Pack
 CVE-2024-21574 (The issue stems from a missing validation of the pip field in a POST r ...)
@@ -511,7 +511,7 @@ CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti Auto
 CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti Workspace ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-55587 (python-libarchive through 4.2.1 allows directory traversal (to create  ...)
-	TODO: check
+	NOT-FOR-US: python-libarchive (different from src:python-libarchive-c)
 CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar allows Explo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts.  This issu ...)
@@ -1199,7 +1199,7 @@ CVE-2024-54008 (An authenticated Remote Code Execution (RCE) vulnerability exist
 CVE-2024-54005 (A vulnerability has been identified in COMOS V10.3 (All versions < V10 ...)
 	NOT-FOR-US: Siemens
 CVE-2024-53866 (The package manager pnpm prior to version 9.15.0 seems to mishandle ov ...)
-	TODO: check
+	NOT-FOR-US: pnpm
 CVE-2024-53832 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
 	NOT-FOR-US: Siemens
 CVE-2024-53481 (A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGu ...)
@@ -1525,7 +1525,7 @@ CVE-2024-47577 (Webservice API endpoints for Assisted Service Module within SAP
 CVE-2024-47576 (SAP Product Lifecycle Costing Client (versions below 4.7.1) applicatio ...)
 	NOT-FOR-US: SAP
 CVE-2024-46455 (unstructured v.0.14.2 and before is vulnerable to XML External Entity  ...)
-	TODO: check
+	NOT-FOR-US: unstructured
 CVE-2024-37144 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376. ...)
 	NOT-FOR-US: Dell
 CVE-2024-37143 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376. ...)
@@ -1535,7 +1535,7 @@ CVE-2024-32732 (Under certain conditions SAP BusinessObjects Business Intelligen
 CVE-2024-28138 (An unauthenticated attacker with network access to the affected device ...)
 	NOT-FOR-US: Scan2Net
 CVE-2024-21542 (Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary ...)
-	TODO: check
+	NOT-FOR-US: luigi
 CVE-2024-12393 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	- drupal7 <not-affected> (Only affects Drupal 8 and later)
 CVE-2024-12174 (An Improper Certificate Validation vulnerability exists in Tenable Sec ...)
@@ -1712,7 +1712,7 @@ CVE-2024-12305 (An object-level access control vulnerability in Unifiedtransform
 CVE-2024-12057 (User credentials (login & password) are inserted into log files when a ...)
 	NOT-FOR-US: PcVue
 CVE-2024-11991 (Motoko's incremental garbage collector is impacted by an uninitialized ...)
-	TODO: check
+	NOT-FOR-US: Motoko
 CVE-2024-11608 (A maliciously crafted SKP file, when linked or imported into Autodesk  ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-11454 (A maliciously crafted DLL file, when placed in the same directory as a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41a1484eb98a87567dee25ee205290e19ddeb8cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41a1484eb98a87567dee25ee205290e19ddeb8cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241213/cb8d9f07/attachment.htm>

More information about the debian-security-tracker-commits mailing list