[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Nov 18 15:21:52 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb520a5b by Moritz Muehlenhoff at 2024-11-18T16:21:33+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,15 +43,15 @@ CVE-2024-52913 (In Bitcoin Core before 0.21.0, an attacker could prevent a node
 CVE-2024-52912 (Bitcoin Core before 0.21.0 allows a network split that is resultant fr ...)
 	- bitcoin <removed>
 CVE-2024-49574 (Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Zohocorp ManageEngine ADAudit Plus
 CVE-2024-43704 (Software installed and run as a non-privileged user may conduct improp ...)
-	TODO: check
+	NOT-FOR-US: Imagination Technologies
 CVE-2024-38828 (Spring MVC controller methods with an @RequestBody byte[]method parame ...)
 	- libspring-java <unfixed> (unimportant)
 	NOTE: https://spring.io/security/cve-2024-38828
 	NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
 CVE-2024-22067 (ZTE NH8091 product has an improper permission control vulnerability. D ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2024-11315 (The DVC from TRCore has a Path Traversal vulnerability and does not re ...)
 	NOT-FOR-US: TRCore DVC
 CVE-2024-11314 (The DVC from TRCore has a Path Traversal vulnerability and does not re ...)
@@ -69,13 +69,13 @@ CVE-2024-11309 (The DVC from TRCore has a Path Traversal vulnerability, allowing
 CVE-2024-11308 (The DVC from TRCore encrypts files using a hardcoded key. Attackers ca ...)
 	NOT-FOR-US: TRCore DVC
 CVE-2024-11306 (A vulnerability, which was classified as critical, has been found in A ...)
-	TODO: check
+	NOT-FOR-US: Altenergy Power Control Software
 CVE-2024-11305 (A vulnerability classified as critical was found in Altenergy Power Co ...)
-	TODO: check
+	NOT-FOR-US: Altenergy Power Control Software
 CVE-2019-25220 (Bitcoin Core before 24.0.1 allows remote attackers to cause a denial o ...)
 	- bitcoin <removed>
 CVE-2015-20111 (miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other ...)
-	TODO: check
+	- bitcoin <removed>
 CVE-2024-52876 (Holy Stone Remote ID Module HSRID01, firmware distributed with the Dro ...)
 	NOT-FOR-US: Holy Stone Remote ID Module HSRID01
 CVE-2024-52872 (In Flagsmith before 2.134.1, the get_document endpoint is not correctl ...)
@@ -174,7 +174,7 @@ CVE-2024-11262 (A vulnerability has been found in SourceCodester Student Record
 CVE-2024-11261 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester Student Record Management System
 CVE-2024-11217 (A vulnerability was found in the OAuth-server. OAuth-server logs the O ...)
-	TODO: check
+	NOT-FOR-US: OpenShift (internal oauth-server)
 CVE-2024-11118 (The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11094 (The 404 Solution plugin for WordPress is vulnerable to Sensitive Infor ...)
@@ -511,7 +511,7 @@ CVE-2024-11237 (A vulnerability, which was classified as critical, has been foun
 CVE-2024-11182 (An XSS issue was discovered in   MDaemon Email Server before version24 ...)
 	NOT-FOR-US: MDaemon
 CVE-2024-10934 (In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,  a ...)
-	TODO: check
+	NOT-FOR-US: OpenBSD
 CVE-2024-10691
 	REJECTED
 CVE-2024-10534 (Origin Validation Error vulnerability in Dataprom Informatics Personne ...)
@@ -644,7 +644,7 @@ CVE-2024-5125 (parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scr
 CVE-2024-52524 (Giskard is an evaluation and testing framework for AI systems. A Remot ...)
 	NOT-FOR-US: Giskard
 CVE-2024-52505 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...)
-	TODO: check
+	NOT-FOR-US: matrix-appservice-irc
 CVE-2024-52396 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: realmag777 WOLF
 CVE-2024-52393 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
@@ -682,7 +682,7 @@ CVE-2024-52370 (Unrestricted Upload of File with Dangerous Type vulnerability in
 CVE-2024-52369 (Unrestricted Upload of File with Dangerous Type vulnerability in Optim ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-52302 (common-user-management is a robust Spring Boot application featuring u ...)
-	TODO: check
+	NOT-FOR-US: common-user-management
 CVE-2024-51688 (Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro Fraud ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-50843 (A Directory listing issue was found in PHPGurukul User Registration &  ...)
@@ -738,7 +738,7 @@ CVE-2024-49025 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerabi
 CVE-2024-48284 (A Reflected Cross-Site Scripting (XSS) vulnerability was found in the  ...)
 	NOT-FOR-US: PHPGurukul User Registration & Login and User Management System
 CVE-2024-47916 (Boa web server - CWE-22: Improper Limitation of a Pathname to a Restri ...)
-	TODO: check
+	- boa <removed>
 CVE-2024-47915 (VaeMendis -  CWE-200: Exposure of Sensitive Information to an Unauthor ...)
 	NOT-FOR-US: VaeMendis
 CVE-2024-47914 (VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF))
@@ -772,7 +772,7 @@ CVE-2024-2551 (A null pointer dereference vulnerability in Palo Alto Networks PA
 CVE-2024-2550 (A null pointer dereference vulnerability in the GlobalProtect gateway  ...)
 	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2024-1682 (An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio f ...)
-	TODO: check
+	NOT-FOR-US: psf/requests documentation
 CVE-2024-11215 (Absolute path traversal (incorrect restriction of a path to a restrict ...)
 	NOT-FOR-US: EasyPHP web server
 CVE-2024-11214 (A vulnerability has been found in SourceCodester Best Employee Managem ...)
@@ -792,7 +792,7 @@ CVE-2024-11208 (A vulnerability was found in Apereo CAS 6.6 and classified as pr
 CVE-2024-11207 (A vulnerability has been found in Apereo CAS 6.6 and classified as pro ...)
 	NOT-FOR-US: Apereo CAS
 CVE-2024-11136 (The default TCL Camera application exposes a provider vulnerable to pa ...)
-	TODO: check
+	NOT-FOR-US: TCL
 CVE-2024-10962 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10921 (An authorized user may trigger crashes or receive the contents of buff ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb520a5b76f67c62f2d717594b9a682bd4312adc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb520a5b76f67c62f2d717594b9a682bd4312adc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241118/39dcbdb3/attachment.htm>

More information about the debian-security-tracker-commits mailing list