[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Dec 20 11:03:13 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a51a24e by Moritz Muehlenhoff at 2024-12-20T12:02:55+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2024-8968 (The WordPress Button Plugin MaxButtons WordPress plugin before 9.
CVE-2024-5955 (Cross-site scripting vulnerability in Trellix ePolicy Orchestrator pri ...)
NOT-FOR-US: Trellix
CVE-2024-56327 (pyrage is a set of Python bindings for the rage file encryption librar ...)
- TODO: check
+ NOT-FOR-US: pyrage
CVE-2024-54984 (An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass au ...)
NOT-FOR-US: Quectel BG96 BG96MAR02A08M1G
CVE-2024-54983 (An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to byp ...)
@@ -35,7 +35,7 @@ CVE-2024-44211 (This issue was addressed with improved validation of symlinks. T
CVE-2024-44195 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2024-21549 (Versions of the package spatie/browsershot before 5.0.3 are vulnerable ...)
- TODO: check
+ NOT-FOR-US: spatie/browsershot
CVE-2024-12832 (Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and W ...)
NOT-FOR-US: Arista
CVE-2024-12831 (Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalat ...)
@@ -51,9 +51,9 @@ CVE-2024-12728 (A weak credentials vulnerability potentially allows privileged s
CVE-2024-12727 (A pre-auth SQL injection vulnerability in the email protection feature ...)
NOT-FOR-US: Sophos
CVE-2024-12700 (There is an unrestricted file upload vulnerability where it is possibl ...)
- TODO: check
+ NOT-FOR-US: Tibbo
CVE-2024-12678 (Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnera ...)
- TODO: check
+ - nomad <removed>
CVE-2024-12672 (A third-party vulnerability exists in the Rockwell AutomationArena\xae ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-12571 (The Store Locator for WordPress with Google Maps \u2013 LotsOfLocales ...)
@@ -65,7 +65,7 @@ CVE-2024-12506 (The NACC WordPress Plugin plugin for WordPress is vulnerable to
CVE-2024-12175 (Another \u201cuse after free\u201dcode execution vulnerability exists ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-12111 (In a specific scenario a LDAP user can abuse the authentication proces ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-11893 (The Spoki \u2013 Chat Buttons and WooCommerce Notifications plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11878 (The Category Post Slider plugin for WordPress is vulnerable to Stored ...)
@@ -105,15 +105,15 @@ CVE-2023-42867 (This issue was addressed with improved validation of the process
CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 allows e ...)
NOT-FOR-US: HMS Networks Ewon Flexy 205
CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP packet ca ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2024-7138 (An assert may be triggered, causing a temporary denial of service when ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted to packe ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of request val ...)
NOT-FOR-US: Altair
CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in the bui ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server Configuration ...)
NOT-FOR-US: GoPhish
CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint http://{your-serv ...)
@@ -292,8 +292,8 @@ CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 al
{DSA-5834-1}
- chromium 131.0.6778.204-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...)
- TODO: check
+CVE-2024-56128
+ - kafka <itp> (bug #786460)
CVE-2024-56059 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream VRPConn ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a51a24e21028134cecd1a65b6b1f45c8a512e60
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a51a24e21028134cecd1a65b6b1f45c8a512e60
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241220/4509ac16/attachment.htm>
More information about the debian-security-tracker-commits
mailing list