[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 11 08:17:34 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b406912f by Salvatore Bonaccorso at 2025-02-11T09:15:40+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -399,7 +399,7 @@ CVE-2024-57407 (An arbitrary file upload vulnerability in the component /userPic
 CVE-2024-57178 (An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020 ...)
 	NOT-FOR-US: Stock-Forecaster
 CVE-2024-57177 (A host header injection vulnerability exists in the NPM package of per ...)
-	TODO: check
+	NOT-FOR-US: perfood/couch-auth
 CVE-2024-54954 (OneBlog v2.3.6 was discovered to contain a template injection vulnerab ...)
 	NOT-FOR-US: OneBlog
 CVE-2024-48170 (PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) v ...)
@@ -439,7 +439,7 @@ CVE-2024-11831 (A flaw was found in npm-serialize-javascript. The vulnerability
 CVE-2024-11621 (Missing certificate validation in Devolutions Remote Desktop Manager o ...)
 	NOT-FOR-US: Devolutions
 CVE-2024-10649 (wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d co ...)
-	TODO: check
+	NOT-FOR-US: wandb/openui
 CVE-2024-10334 (A vulnerability exists in the VideONet product included in the listed  ...)
 	NOT-FOR-US: VideONet product
 CVE-2025-21693 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
@@ -887,9 +887,9 @@ CVE-2024-57955 (Arbitrary write vulnerability in the Gallery module  Impact: Suc
 CVE-2024-57954 (Permission verification vulnerability in the media library module Impa ...)
 	NOT-FOR-US: Huawei
 CVE-2024-57673 (An issue in floodlight v1.2 allows a local attacker to cause a denial  ...)
-	TODO: check
+	NOT-FOR-US: floodlight
 CVE-2024-57672 (An issue in floodlight v1.2 allows a local attacker to cause a denial  ...)
-	TODO: check
+	NOT-FOR-US: floodlight
 CVE-2024-57668 (In Code-projects Shopping Portal v1.0, the insert-product.php page has ...)
 	NOT-FOR-US: Code-projects Shopping Portal
 CVE-2024-57610 (A rate limiting issue in Sylius v2.0.2 allows a remote attacker to per ...)
@@ -939,7 +939,7 @@ CVE-2024-36554 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_1
 CVE-2024-36553 (Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.1 ...)
 	NOT-FOR-US: Forever KidsWatch Call Me KW-50
 CVE-2024-24911 (In rare scenarios, the cpca process on the Security Management Server  ...)
-	TODO: check
+	NOT-FOR-US: Checkpoint Security Management Server
 CVE-2024-13614 (Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for W ...)
 	NOT-FOR-US: Kaspersky
 CVE-2024-13417 (Specifically crafted payloads sent to the RFID reader could cause DoS  ...)
@@ -1513,7 +1513,7 @@ CVE-2025-24899 (reNgine is an automated reconnaissance framework for web applica
 CVE-2025-24371 (CometBFT is a distributed, Byzantine fault-tolerant, deterministic sta ...)
 	NOT-FOR-US: CometBFT
 CVE-2025-24370 (Django-Unicorn adds modern reactive component functionality to Django  ...)
-	TODO: check
+	NOT-FOR-US: Django Unicorn, different from src:unicorn
 CVE-2025-24029 (Tuleap is an Open Source Suite to improve management of software devel ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-23210 (phpoffice/phpspreadsheet is a pure PHP library for reading and writing ...)
@@ -1871,7 +1871,7 @@ CVE-2024-57175 (A Stored Cross-Site Scripting (XSS) vulnerability was identified
 CVE-2024-57099 (ClassCMS v4.8 has a code execution vulnerability. Attackers can exploi ...)
 	NOT-FOR-US: ClassCMS
 CVE-2024-57098 (Moss v0.1.3 version has an SQL injection vulnerability that allows att ...)
-	TODO: check
+	NOT-FOR-US: Moss
 CVE-2024-57097 (ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admi ...)
 	NOT-FOR-US: ClassCMS
 CVE-2024-57004 (Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 al ...)
@@ -1879,7 +1879,7 @@ CVE-2024-57004 (Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.
 	[bullseye] - roundcube <postponed> (Minor issue)
 	NOTE: https://github.com/roundcube/roundcubemail/issues/9767
 CVE-2024-56946 (Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Technitium DNS Server
 CVE-2024-56921 (An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registrat ...)
 	- open5gs <itp> (bug #1094791)
 CVE-2024-56161 (Improper signature verification in AMD CPU ROM microcode patch loader  ...)
@@ -1888,7 +1888,7 @@ CVE-2024-56161 (Improper signature verification in AMD CPU ROM microcode patch l
 	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
 CVE-2024-55456 (lunasvg v3.0.1 was discovered to contain a segmentation violation via  ...)
-	TODO: check
+	NOT-FOR-US: lunasvg
 CVE-2024-54840 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
 	NOT-FOR-US: CyberArk
 CVE-2024-53943 (An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The ...)
@@ -1972,7 +1972,7 @@ CVE-2024-11133 (The Eventer plugin for WordPress is vulnerable to unauthorized a
 CVE-2024-11132 (The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10395 (No proper validation of the length of user input in http_server_get_co ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-0967 (A vulnerability was found in code-projects Chat System 1.0 and classif ...)
 	NOT-FOR-US: code-projects Chat System
 CVE-2025-0961 (A vulnerability, which was classified as problematic, has been found i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b406912f54ca112203325c711062b17b851ebd2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b406912f54ca112203325c711062b17b851ebd2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250211/ef66d336/attachment.htm>

More information about the debian-security-tracker-commits mailing list