[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 17 20:33:38 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3893f87b by Salvatore Bonaccorso at 2024-12-17T21:33:15+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability in Next ...)
-	TODO: check
+	NOT-FOR-US: NextGeography NG Analyser
 CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable to Impro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8972 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Mobil365 Informatics Saha365 App
 CVE-2024-8475 (Authentication Bypass by Assumed-Immutable Data vulnerability in Digit ...)
-	TODO: check
+	NOT-FOR-US: Digital Operation Services WiFiBurada
 CVE-2024-8429 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Digital Operation Services WiFiBurada
 CVE-2024-8326 (The s2Member \u2013 Excellent for All Kinds of Memberships, Content Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-56139 (pdftools is a high level tools to convert PDF files to ePUB formats. I ...)
 	TODO: check
 CVE-2024-55516 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
-	TODO: check
+	NOT-FOR-US: Raisecom
 CVE-2024-55515 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
-	TODO: check
+	NOT-FOR-US: Raisecom
 CVE-2024-55514 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
-	TODO: check
+	NOT-FOR-US: Raisecom
 CVE-2024-55513 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
-	TODO: check
+	NOT-FOR-US: Raisecom
 CVE-2024-55496 (A vulnerability has been found in the 1000projects Bookstore Managemen ...)
-	TODO: check
+	NOT-FOR-US: 1000projects Bookstore Management System PHP MySQL Project
 CVE-2024-54677 (Uncontrolled Resource Consumption vulnerability in the examples web ap ...)
 	TODO: check
 CVE-2024-54662 (Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access contro ...)
 	TODO: check
 CVE-2024-52542 (Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Follo ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-51479 (Next.js is a React framework for building full-stack web applications. ...)
 	TODO: check
 CVE-2024-50379 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during ...)
@@ -45,65 +45,65 @@ CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, a
 CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow remote co ...)
 	TODO: check
 CVE-2024-42194 (An improper handling of insufficient permissions or privileges affects ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-37607 (A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-37606 (A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.0 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-37605 (A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_i ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-36832 (A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allow ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-36831 (A NULL pointer dereference in the plugins_call_handle_uri_clean functi ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-12671 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12670 (A maliciously crafted DWF file, when parsed through Autodesk Naviswork ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12669 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12601 (The Calculated Fields Form plugin for WordPress is vulnerable to Denia ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12469 (The WP BASE Booking of Appointments, Services and Events plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12395 (The WooCommerce Additional Fees On Checkout (Free) plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12293 (The User Role Editor plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12200 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12199 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12198 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12197 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12194 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12193 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12192 (A maliciously crafted DWF file, when parsed through Autodesk Naviswork ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12191 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12179 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12178 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-12127 (The Learning Management System, eLearning, Course Builder, WordPress L ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12024 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11422 (A maliciously crafted DWFX file, when parsed through Autodesk Naviswor ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-11294 (The Memberful plugin for WordPress is vulnerable to Sensitive Informat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11280 (The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10476 (Default credentials are used in the above listed BD Diagnostic Solutio ...)
-	TODO: check
+	NOT-FOR-US: BD Diagnostic Solutions
 CVE-2024-10356 (The ElementsReady Addons for Elementor plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11614
 	- dpdk 24.11.1-1
 	NOTE: Introduced by: https://git.dpdk.org/dpdk/commit/?id=ca7036b4af3a82d258cca914e71171434b3d0320 (main, v21.05-rc2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3893f87b9843db799df34ffa1211ae16fc233aec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3893f87b9843db799df34ffa1211ae16fc233aec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241217/e72d5489/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list