[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri Dec 20 20:27:52 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bff50061 by Salvatore Bonaccorso at 2024-12-20T21:27:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,43 +1,43 @@
 CVE-2024-7726 (There exists an unauthenticated accessible JTAG port on the Kioxia PM6 ...)
-	TODO: check
+	NOT-FOR-US: Kioxia
 CVE-2024-56356 (In JetBrains TeamCity before 2024.12 insecure XMLParser configuration  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56355 (In JetBrains TeamCity before 2024.12 missing Content-Type header in Re ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56354 (In JetBrains TeamCity before 2024.12 password field value were accessi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56353 (In JetBrains TeamCity before 2024.12 backup file exposed user credenti ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56352 (In JetBrains TeamCity before 2024.12 stored XSS was possible via image ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56351 (In JetBrains TeamCity before 2024.12 access tokens were not revoked af ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56350 (In JetBrains TeamCity before 2024.12 build credentials allowed unautho ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56349 (In JetBrains TeamCity before 2024.12 improper access control allowed u ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56348 (In JetBrains TeamCity before 2024.12 improper access control allowed v ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-56337 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apa ...)
 	TODO: check
 CVE-2024-56333 (Onyxia is a web app that aims at being the glue between multiple open  ...)
-	TODO: check
+	NOT-FOR-US: Onyxia
 CVE-2024-56331 (Uptime Kuma is an open source, self-hosted monitoring tool. An **Impro ...)
-	TODO: check
+	NOT-FOR-US: Uptime Kuma
 CVE-2024-56330 (Stardust is a platform for streaming isolated desktop containers. With ...)
-	TODO: check
+	NOT-FOR-US: Stardust
 CVE-2024-56329 (Socialstream is a third-party package for Laravel Jetstream. It replac ...)
-	TODO: check
+	NOT-FOR-US: Socialstream
 CVE-2024-55471 (Oqtane Framework is vulnerable to Insecure Direct Object Reference (ID ...)
-	TODO: check
+	NOT-FOR-US: Oqtane Framework
 CVE-2024-55470 (Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By m ...)
-	TODO: check
+	NOT-FOR-US: Oqtane Framework
 CVE-2024-55342 (A file upload functionality in Piranha CMS 11.1 allows authenticated r ...)
-	TODO: check
+	NOT-FOR-US: Piranha CMS
 CVE-2024-55341 (A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1  ...)
-	TODO: check
+	NOT-FOR-US: Piranha CMS
 CVE-2024-55186 (An IDOR (Insecure Direct Object Reference) vulnerability exists in oqt ...)
-	TODO: check
+	NOT-FOR-US: oqtane Framework
 CVE-2024-51466 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and   12.0.0 through 12 ...)
 	TODO: check
 CVE-2024-40695 (IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and   12.0.0 through 12 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bff500615b46d1ba4597c86c712732a423c794cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bff500615b46d1ba4597c86c712732a423c794cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241220/54469818/attachment.htm>
