[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Dec 18 14:22:47 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d318faa by Moritz Muehlenhoff at 2024-12-18T15:22:29+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2024-56169 (A validation integrity issue was discovered in Fort through 1.6.
 	- fort-validator <unfixed>
 	NOTE: https://github.com/NICMx/FORT-validator/issues/82
 CVE-2024-56142 (pghoard is a PostgreSQL backup daemon and restore tooling that stores  ...)
-	TODO: check
+	NOT-FOR-US: pghoard
 CVE-2024-55059 (A stored HTML Injection vulnerability was identified in PHPGurukul Onl ...)
 	NOT-FOR-US: PHPGurukul Online Birth Certificate System
 CVE-2024-55058 (An insecure direct object reference (IDOR) vulnerability was discovere ...)
@@ -21,9 +21,9 @@ CVE-2024-55057 (Phpgurukul Online Birth Certificate System 1.0 suffers from insu
 CVE-2024-55056 (A stored cross-site scripting (XSS) vulnerability was identified in Ph ...)
 	NOT-FOR-US: Phpgurukul Online Birth Certificate System
 CVE-2024-54457 (Inclusion of undocumented features or chicken bits issue exists in AE1 ...)
-	TODO: check
+	NOT-FOR-US: FXC AE1021
 CVE-2024-53688 (Improper neutralization of special elements used in an OS command ('OS ...)
-	TODO: check
+	NOT-FOR-US: FXC AE1021
 CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing entries ( ...)
 	- ldap-account-manager <unfixed>
 	NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc
@@ -34,19 +34,19 @@ CVE-2024-4464 (Authorization bypass through user-controlled key vulnerability in
 CVE-2024-47480 (Dell Inventory Collector Client, versions prior to 12.7.0, contains an ...)
 	NOT-FOR-US: Dell
 CVE-2024-47397 (Weak authentication issue exists in AE1021 firmware versions 2.0.10 an ...)
-	TODO: check
+	NOT-FOR-US: FXC AE1021
 CVE-2024-39703 (In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able  ...)
-	TODO: check
+	NOT-FOR-US: ThreatQuotient
 CVE-2024-31668 (rizin before v0.6.3 is vulnerable to Improper Neutralization of Specia ...)
-	TODO: check
+	NOT-FOR-US: rizin
 CVE-2024-29646 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an at ...)
 	TODO: check
 CVE-2024-21548 (Versions of the package bun before 1.1.30 are vulnerable to Prototype  ...)
-	TODO: check
+	NOT-FOR-US: bun
 CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: spatie/browsershot
 CVE-2024-21546 (Versions of the package unisharp/laravel-filemanager before 2.9.1 are  ...)
-	TODO: check
+	NOT-FOR-US: laravel-filemanager
 CVE-2024-1610 (In OPPO Store APP, there's a possible escalation of privilege due to i ...)
 	NOT-FOR-US: OPPO Store APP
 CVE-2024-12698 (An incomplete fix for ose-olm-catalogd-container was issued for the Ra ...)
@@ -102,7 +102,7 @@ CVE-2024-8429 (Improper Restriction of Excessive Authentication Attempts vulnera
 CVE-2024-8326 (The s2Member \u2013 Excellent for All Kinds of Memberships, Content Re ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-56139 (pdftools is a high level tools to convert PDF files to ePUB formats. I ...)
-	TODO: check
+	NOT-FOR-US: pdftools
 CVE-2024-55516 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
 	NOT-FOR-US: Raisecom
 CVE-2024-55515 (A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and  ...)
@@ -163,7 +163,7 @@ CVE-2024-49817 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, a
 CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2 ...)
 	NOT-FOR-US: IBM
 CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow remote co ...)
-	TODO: check
+	NOT-FOR-US: Databricks JDBC Driver
 CVE-2024-42194 (An improper handling of insufficient permissions or privileges affects ...)
 	NOT-FOR-US: HCL
 CVE-2024-37607 (A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d318faa5baed2eb74e2b112b4396d5334a5ed2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d318faa5baed2eb74e2b112b4396d5334a5ed2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241218/f46f83f5/attachment.htm>

More information about the debian-security-tracker-commits mailing list