[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 31 13:09:38 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7573ef51 by Salvatore Bonaccorso at 2024-12-31T14:09:03+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-45497 (A flaw was found in the OpenShift build process, where the docker-buil ...)
NOT-FOR-US: OpenShift
CVE-2024-13058 (An issue exists in SoftIron HyperCloud where authenticated, but non-a ...)
- TODO: check
+ NOT-FOR-US: SoftIron HyperCloud
CVE-2024-13051 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Rem ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Graphite
CVE-2024-13050 (Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Rem ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Graphite
CVE-2024-13049 (Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execut ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13048 (Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code E ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13047 (Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execut ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13046 (Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code E ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13045 (Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remot ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13044 (Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code E ...)
- TODO: check
+ NOT-FOR-US: Ashlar-Vellum Cobalt
CVE-2024-13043 (Panda Security Dome Link Following Local Privilege Escalation Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Panda Security Dome
CVE-2024-13042 (A vulnerability was found in Tsinghua Unigroup Electronic Archives Man ...)
NOT-FOR-US: Tsinghua Unigroup Electronic Archives Management System
CVE-2024-13040 (The QOCA aim from Quanta Computer has an Authorization Bypass Through ...)
@@ -37,27 +37,27 @@ CVE-2024-12751 (Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Executi
CVE-2024-11972 (The Hunk Companion WordPress plugin before 1.9.0 does not correctly au ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11946 (iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmi ...)
- TODO: check
+ NOT-FOR-US: TrueNAS
CVE-2024-11944 (iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote C ...)
- TODO: check
+ NOT-FOR-US: TrueNAS
CVE-2024-56801 (Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 ...)
NOT-FOR-US: Tasklists plugin for GLPI
CVE-2024-56800 (Firecrawl is a web scraper that allows users to extract the content of ...)
- TODO: check
+ NOT-FOR-US: Firecrawl
CVE-2024-56799 (Simofa is a tool to help automate static website building and deployme ...)
- TODO: check
+ NOT-FOR-US: Simofa
CVE-2024-56734 (Better Auth is an authentication library for TypeScript. An open redir ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2024-56733 (Password Pusher is an open source application to communicate sensitive ...)
- TODO: check
+ NOT-FOR-US: Password Pusher
CVE-2024-56517 (LGSL (Live Game Server List) provides online status lists for online v ...)
NOT-FOR-US: LGSL (Live Game Server List)
CVE-2024-56516 (free-one-api allows users to access large language model reverse engin ...)
- TODO: check
+ NOT-FOR-US: free-one-api
CVE-2024-54181 (IBM WebSphere Automation 1.7.5 could allow a remote privileged user, w ...)
NOT-FOR-US: IBM
CVE-2024-52294 (Khoj is a self-hostable artificial intelligence app. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Khoj
CVE-2024-50703 (TeamPass before 3.1.3.1 does not properly prevent a user from acting w ...)
- teampass <itp> (bug #730180)
CVE-2024-50702 (TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka ...)
@@ -71,11 +71,11 @@ CVE-2024-47925 (Tecnick TCExam \u2013 Multiple CWE-79: Improper Neutralization o
CVE-2024-47924 (Boa web server \u2013 CWE-79: Improper Neutralization of Input During ...)
TODO: check
CVE-2024-47923 (Mashov \u2013 CWE-200: Exposure of Sensitive Information to an Unautho ...)
- TODO: check
+ NOT-FOR-US: Mashov
CVE-2024-47922 (Priority \u2013 CWE-200: Exposure of Sensitive Information to an Unaut ...)
- TODO: check
+ NOT-FOR-US: Priority
CVE-2024-47921 (Smadar SPS \u2013 CWE-327: Use of a Broken or Risky Cryptographic Algo ...)
- TODO: check
+ NOT-FOR-US: Smadar SPS
CVE-2024-47920 (Tiki Wiki CMS \u2013 CWE-79: Improper Neutralization of Input During W ...)
- tikiwiki <removed>
CVE-2024-47919 (Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elemen ...)
@@ -89,7 +89,7 @@ CVE-2024-46542 (Veritas / Arctera Data Insight before 7.1.1 allows Application A
CVE-2024-22063 (The ZENIC ONE R58 products by ZTE Corporation have a command injection ...)
NOT-FOR-US: ZTE
CVE-2024-12993 (Infinix devices contain a pre-loaded "com.rlk.weathers" application, t ...)
- TODO: check
+ NOT-FOR-US: Infinix
CVE-2024-12836 (Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Co ...)
NOT-FOR-US: Delta Electronics
CVE-2024-12835 (Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7573ef51a56530fc14272da6f7e1a31b75bc3786
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7573ef51a56530fc14272da6f7e1a31b75bc3786
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241231/d99d74b6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list