[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 19 21:50:31 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb8e0578 by Salvatore Bonaccorso at 2024-12-19T22:50:09+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 allows e ...)
- TODO: check
+ NOT-FOR-US: HMS Networks Ewon Flexy 205
CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP packet ca ...)
TODO: check
CVE-2024-7138 (An assert may be triggered, causing a temporary denial of service when ...)
@@ -7,33 +7,33 @@ CVE-2024-7138 (An assert may be triggered, causing a temporary denial of service
CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted to packe ...)
TODO: check
CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of request val ...)
- TODO: check
+ NOT-FOR-US: Altair
CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in the bui ...)
TODO: check
CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server Configuration ...)
- TODO: check
+ NOT-FOR-US: GoPhish
CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint http://{your-serv ...)
- TODO: check
+ NOT-FOR-US: Stirling-PDF
CVE-2024-55081 (An XML External Entity (XXE) injection vulnerability in the component ...)
- TODO: check
+ NOT-FOR-US: Chat2DB
CVE-2024-54790 (A SQL Injection vulnerability was found in /index.php in PHPGurukul Pr ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Pre-School Enrollment System
CVE-2024-54150 (cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion o ...)
- TODO: check
+ NOT-FOR-US: cjwt
CVE-2024-53991 (Discourse is an open source platform for community discussion. This vu ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-52897 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...)
NOT-FOR-US: IBM
CVE-2024-52896 (IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console coul ...)
NOT-FOR-US: IBM
CVE-2024-52794 (Discourse is an open source platform for community discussion. Users c ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-52589 (Discourse is an open source platform for community discussion. Moderat ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-51471 (IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSweb console could allow a ...)
NOT-FOR-US: IBM
CVE-2024-49765 (Discourse is an open source platform for community discussion. Sites t ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-49336 (IBM Security Guardium 11.5 is vulnerable to server-side request forger ...)
NOT-FOR-US: IBM
CVE-2024-47093 (Improper neutralization of input in Nagvis before version 1.9.42 which ...)
@@ -41,43 +41,43 @@ CVE-2024-47093 (Improper neutralization of input in Nagvis before version 1.9.42
CVE-2024-38864 (Incorrect permissions on the Checkmk Windows Agent's data directory in ...)
TODO: check
CVE-2024-37962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Agency Dominion Fusion
CVE-2024-12801 (Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logba ...)
TODO: check
CVE-2024-12798 (ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core ...)
TODO: check
CVE-2024-12794 (A vulnerability, which was classified as critical, was found in Codezi ...)
- TODO: check
+ NOT-FOR-US: Codezips E-Commerce Site
CVE-2024-12793 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2024-12792 (A vulnerability classified as critical was found in Codezips E-Commerc ...)
- TODO: check
+ NOT-FOR-US: Codezips E-Commerce Site
CVE-2024-12791 (A vulnerability was found in Codezips E-Commerce Site 1.0. It has been ...)
- TODO: check
+ NOT-FOR-US: Codezips E-Commerce Site
CVE-2024-12790 (A vulnerability was found in code-projects Hostel Management Site 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects Hostel Management Site
CVE-2024-12789 (A vulnerability was found in PbootCMS up to 3.2.3. It has been classif ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2024-12788 (A vulnerability was found in Codezips Technical Discussion Forum 1.0 a ...)
- TODO: check
+ NOT-FOR-US: Codezips Technical Discussion Forum
CVE-2024-12787 (A vulnerability has been found in 1000 Projects Attendance Tracking Ma ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Attendance Tracking Management System
CVE-2024-12786 (A vulnerability, which was classified as critical, was found in X1a0He ...)
- TODO: check
+ NOT-FOR-US: X1a0He Adobe Downloader on macOS
CVE-2024-12785 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Vehicle Management System
CVE-2024-12784 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Vehicle Management System
CVE-2024-12783 (A vulnerability was found in itsourcecode Vehicle Management System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Vehicle Management System
CVE-2024-12782 (A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 an ...)
- TODO: check
+ NOT-FOR-US: Apeos
CVE-2024-12626 (The AutomatorWP \u2013 Automator plugin for no-code automations, webho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12569 (Disclosure of sensitive information in HikVision camera driver's log f ...)
- TODO: check
+ NOT-FOR-US: HikVision camera driver
CVE-2024-12331 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11616 (Netskope was made aware of a security vulnerability in Netskope Endpoi ...)
TODO: check
CVE-2024-10244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -85,7 +85,7 @@ CVE-2024-10244 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2023-7005 (A specially crafted message can be sent to the TTLock App that downgra ...)
TODO: check
CVE-2023-4617 (Incorrect authorization vulnerability in HTTP POST method in Govee Hom ...)
- TODO: check
+ NOT-FOR-US: Govee Home application on Android and iOS
CVE-2024-9102 (phpLDAPadmin since at least version 1.2.0 through the latest version 1 ...)
- phpldapadmin <unfixed>
NOTE: https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
@@ -93,11 +93,11 @@ CVE-2024-9101 (A reflected cross-site scripting (XSS) vulnerability in the 'Entr
- phpldapadmin <unfixed>
NOTE: https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/
CVE-2024-56319 (In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before ...)
- TODO: check
+ NOT-FOR-US: Matter (aka connectedhomeip or Project CHIP)
CVE-2024-56318 (In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through ...)
- TODO: check
+ NOT-FOR-US: Matter (aka connectedhomeip or Project CHIP)
CVE-2024-56317 (In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the W ...)
- TODO: check
+ NOT-FOR-US: Matter (aka connectedhomeip or Project CHIP)
CVE-2024-56145 (Craft is a flexible, user-friendly CMS for creating custom digital exp ...)
NOT-FOR-US: Craft CMS
CVE-2024-56140 (Astro is a web framework for content-driven websites. In affected vers ...)
@@ -161,7 +161,7 @@ CVE-2024-12560 (The Button Block \u2013 Get fully customizable & multi-functiona
CVE-2024-12121 (The Broken Link Checker | Finder plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11984 (A unrestricted upload of file with dangerous type vulnerability in epa ...)
- TODO: check
+ NOT-FOR-US: Corporate Training Management System
CVE-2024-11768 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11740 (The The Download Manager plugin for WordPress is vulnerable to arbitra ...)
@@ -281824,7 +281824,7 @@ CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that
CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...)
NOT-FOR-US: FortiPortal
CVE-2021-32589 (A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...)
NOT-FOR-US: FortiGuard
CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...)
@@ -298798,7 +298798,7 @@ CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use
CVE-2021-26116 (An improper neutralization of special elements used in an OS command v ...)
NOT-FOR-US: FortiAuthenticator
CVE-2021-26115 (An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-26114 (Multiple improper neutralization of special elements used in an SQL co ...)
NOT-FOR-US: FortiWAN
CVE-2021-26113 (A use of a one-way hash with a predictable salt vulnerability [CWE-760 ...)
@@ -298824,7 +298824,7 @@ CVE-2021-26104 (Multiple OS command injection (CWE-78) vulnerabilities in the co
CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...)
NOT-FOR-US: FortiGuard
CVE-2021-26102 (A relative path traversal vulnerability (CWE-23) in FortiWAN version 4 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2021-26101
RESERVED
CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...)
@@ -307487,7 +307487,7 @@ CVE-2021-22503 (Possible Improper Neutralization of Input During Web Page Gener
CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...)
NOT-FOR-US: Micro Focus
CVE-2021-22501 (Improper Restriction of XML External Entity Reference vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus Application Pe ...)
NOT-FOR-US: Micro Focus
CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus Applicati ...)
@@ -353370,7 +353370,7 @@ CVE-2020-15936 (A improper input validation in Fortinet FortiGate version 6.4.3
CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC versio ...)
NOT-FOR-US: Fortiguard
CVE-2020-15934 (An execution with unnecessary privileges vulnerability in the VCM engi ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
NOT-FOR-US: FortiGuard
CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...)
@@ -361904,7 +361904,7 @@ CVE-2020-12822
CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...)
NOT-FOR-US: Gossipsub
CVE-2020-12820 (Under non-default configuration, a stack-based buffer overflow in Fort ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12819 (A heap-based buffer overflow vulnerability in the processing of Link C ...)
NOT-FOR-US: FortiGuard
CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8e05782288503d058f51a3c07bbd03daa8e487
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8e05782288503d058f51a3c07bbd03daa8e487
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241219/02ccf7f4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list