[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 30 07:47:10 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
faeb1771 by Salvatore Bonaccorso at 2024-12-30T08:46:45+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -205,7 +205,7 @@ CVE-2018-25107 (The Crypt::Random::Source package before 0.13 for Perl has a fal
 CVE-2024-56512 (Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorizatio ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2024-12995 (A vulnerability classified as problematic has been found in ruifang-te ...)
-	TODO: check
+	NOT-FOR-US: ruifang-tech Rebuild
 CVE-2024-12994 (A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has ...)
 	NOT-FOR-US: running-elephant Datart
 CVE-2024-56708 (In the Linux kernel, the following vulnerability has been resolved:  E ...)
@@ -350,11 +350,11 @@ CVE-2024-50714 (A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Age
 CVE-2024-50713 (SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerabil ...)
 	NOT-FOR-US: Smart Agent
 CVE-2024-46973 (Software installed and run as a non-privileged user may conduct improp ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-46972 (Software installed and run as a non-privileged user may conduct improp ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2024-43705 (Software installed and run as a non-privileged user can trigger the GP ...)
-	TODO: check
+	NOT-FOR-US: Imagination GPU Driver
 CVE-2023-7266 (Some Huawei home routers have a connection hijacking vulnerability. Su ...)
 	NOT-FOR-US: Huawei
 CVE-2023-7263 (Some Huawei home music system products have a path traversal vulnerabi ...)
@@ -368,7 +368,7 @@ CVE-2024-56732 (HarfBuzz is a text shaping engine. Starting with 8.5.0 through 1
 	NOTE: https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m
 	NOTE: Fixed by: https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26 (main)
 CVE-2024-56509 (changedetection.io is a free open source web page change detection, we ...)
-	TODO: check
+	NOT-FOR-US: changedetection.io
 CVE-2024-56508 (LinkAce is a self-hosted archive to collect links of your favorite web ...)
 	NOT-FOR-US: LinkAce
 CVE-2024-56507 (LinkAce is a self-hosted archive to collect links of your favorite web ...)
@@ -392,11 +392,11 @@ CVE-2024-50944 (Integer overflow vulnerability exists in SimplCommerce at commit
 CVE-2024-3393 (A Denial of Service vulnerability in the DNS Security feature of Palo  ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2024-39025 (Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3 ...)
-	TODO: check
+	NOT-FOR-US: letta-ai/letta / Cpacker MemGPT
 CVE-2024-12991 (A vulnerability was found in Beijing Longda Jushang Technology DBShop\ ...)
 	NOT-FOR-US: Beijing Longda Jushang Technology
 CVE-2024-12990 (A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been c ...)
-	TODO: check
+	NOT-FOR-US: ruifang-tech Rebuild
 CVE-2024-12989 (A vulnerability was found in WISI Tangram GT31 up to 20241214 and clas ...)
 	NOT-FOR-US: WISI Tangram GT31
 CVE-2024-12988 (A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154  ...)
@@ -1375,7 +1375,7 @@ CVE-2024-12954 (A vulnerability, which was classified as critical, was found in
 CVE-2024-12953 (A vulnerability, which was classified as critical, has been found in 1 ...)
 	NOT-FOR-US: 1000 Projects Portfolio Management System MCA
 CVE-2024-12952 (A vulnerability classified as critical was found in melMass comfy_mtb  ...)
-	TODO: check
+	NOT-FOR-US: melMass/comfy_mtb
 CVE-2024-12951 (A vulnerability classified as critical has been found in 1000 Projects ...)
 	NOT-FOR-US: 1000 Projects Portfolio Management System MCA
 CVE-2024-12950 (A vulnerability was found in code-projects Travel Management System 1. ...)
@@ -1395,7 +1395,7 @@ CVE-2024-12944 (A vulnerability was found in CodeAstro House Rental Management S
 CVE-2024-12943 (A vulnerability was found in CodeAstro House Rental Management System  ...)
 	NOT-FOR-US: CodeAstro House Rental Management System
 CVE-2024-12908 (Delinea addressed a reported case on Secret Server v11.7.31 (protocol  ...)
-	TODO: check
+	NOT-FOR-US: Delinea
 CVE-2023-7300 (Huawei Home Music System has a path traversal vulnerability. Successfu ...)
 	NOT-FOR-US: Huawei
 CVE-2024-12942 (A vulnerability was found in 1000 Projects Portfolio Management System ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faeb1771629c50bef505c608ae13253f1a1979b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faeb1771629c50bef505c608ae13253f1a1979b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241230/9276f85a/attachment.htm>

More information about the debian-security-tracker-commits mailing list