[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Dec 20 11:03:13 GMT 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a51a24e by Moritz Muehlenhoff at 2024-12-20T12:02:55+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2024-8968 (The WordPress Button Plugin MaxButtons WordPress plugin before 9.
 CVE-2024-5955 (Cross-site scripting vulnerability in Trellix ePolicy Orchestrator pri ...)
 	NOT-FOR-US: Trellix
 CVE-2024-56327 (pyrage is a set of Python bindings for the rage file encryption librar ...)
-	TODO: check
+	NOT-FOR-US: pyrage
 CVE-2024-54984 (An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass au ...)
 	NOT-FOR-US: Quectel BG96 BG96MAR02A08M1G
 CVE-2024-54983 (An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to byp ...)
@@ -35,7 +35,7 @@ CVE-2024-44211 (This issue was addressed with improved validation of symlinks. T
 CVE-2024-44195 (A logic issue was addressed with improved validation. This issue is fi ...)
 	NOT-FOR-US: Apple
 CVE-2024-21549 (Versions of the package spatie/browsershot before 5.0.3 are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: spatie/browsershot
 CVE-2024-12832 (Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and W ...)
 	NOT-FOR-US: Arista
 CVE-2024-12831 (Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalat ...)
@@ -51,9 +51,9 @@ CVE-2024-12728 (A weak credentials vulnerability potentially allows privileged s
 CVE-2024-12727 (A pre-auth SQL injection vulnerability in the email protection feature ...)
 	NOT-FOR-US: Sophos
 CVE-2024-12700 (There is an unrestricted file upload vulnerability where it is possibl ...)
-	TODO: check
+	NOT-FOR-US: Tibbo
 CVE-2024-12678 (Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnera ...)
-	TODO: check
+	- nomad <removed>
 CVE-2024-12672 (A third-party vulnerability exists in the Rockwell AutomationArena\xae ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-12571 (The Store Locator for WordPress with Google Maps \u2013 LotsOfLocales  ...)
@@ -65,7 +65,7 @@ CVE-2024-12506 (The NACC WordPress Plugin plugin for WordPress is vulnerable to
 CVE-2024-12175 (Another \u201cuse after free\u201dcode execution vulnerability exists  ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-12111 (In a specific scenario a LDAP user can abuse the authentication proces ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-11893 (The Spoki \u2013 Chat Buttons and WooCommerce Notifications plugin for ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11878 (The Category Post Slider plugin for WordPress is vulnerable to Stored  ...)
@@ -105,15 +105,15 @@ CVE-2023-42867 (This issue was addressed with improved validation of the process
 CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 allows e ...)
 	NOT-FOR-US: HMS Networks Ewon Flexy 205
 CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP packet ca ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2024-7138 (An assert may be triggered, causing a temporary denial of service when ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted to packe ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of request val ...)
 	NOT-FOR-US: Altair
 CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in the bui ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server Configuration  ...)
 	NOT-FOR-US: GoPhish
 CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint http://{your-serv ...)
@@ -292,8 +292,8 @@ CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 al
 	{DSA-5834-1}
 	- chromium 131.0.6778.204-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache Kafka's ...)
-	TODO: check
+CVE-2024-56128
+	- kafka <itp> (bug #786460)
 CVE-2024-56059 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream VRPConn ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a51a24e21028134cecd1a65b6b1f45c8a512e60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a51a24e21028134cecd1a65b6b1f45c8a512e60
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241220/4509ac16/attachment.htm>


More information about the debian-security-tracker-commits mailing list