[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 6 21:30:57 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5db5d21 by Salvatore Bonaccorso at 2025-01-06T22:27:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2025-21612 (TabberNeue is a MediaWiki extension that allows the wiki to crea
 CVE-2025-21611 (tgstation-server is a production scale tool for BYOND server managemen ...)
 	TODO: check
 CVE-2025-21604 (LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) proje ...)
-	TODO: check
+	NOT-FOR-US: LangChain4j-AIDeepin
 CVE-2024-8474 (OpenVPN Connect before version 3.5.0 can contain the configuration pro ...)
 	TODO: check
 CVE-2024-56828 (File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the c ...)
-	TODO: check
+	NOT-FOR-US: ChestnutCMS
 CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
 	- suricata 1:7.0.8-1
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
@@ -56,80 +56,79 @@ CVE-2024-55605 (Suricata is a network Intrusion Detection System, Intrusion Prev
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/f80ebd5a30b02db5915f749f0c067c7adefbbe76 (suricata-7.0.8)
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba (suricata-7.0.8)
 CVE-2024-55529 (Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_user ...)
-	TODO: check
+	NOT-FOR-US: Z-BlogPHP
 CVE-2024-55408 (An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0 ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2024-55407 (An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Acces ...)
-	TODO: check
-
+	NOT-FOR-US: ITE
 CVE-2024-54880 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw c ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-54879 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw c ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-51472 (IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8,  ...)
 	NOT-FOR-US: IBM
 CVE-2024-51112 (Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to ma ...)
-	TODO: check
+	NOT-FOR-US: Pnetlab
 CVE-2024-51111 (Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an a ...)
-	TODO: check
+	NOT-FOR-US: Pnetlab
 CVE-2024-47475 (Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect pe ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-46622 (An Escalation of Privilege security vulnerability was found in SecureA ...)
-	TODO: check
+	NOT-FOR-US: SecureAge
 CVE-2024-46209 (A stored cross-site scripting (XSS) vulnerability in the component /me ...)
-	TODO: check
+	NOT-FOR-US: REDAXO CMS
 CVE-2024-46073 (A reflected Cross-Site Scripting (XSS) vulnerability exists in the log ...)
-	TODO: check
+	NOT-FOR-US: IceHRM
 CVE-2024-45559 (Transient DOS can occur when GVM sends a specific message type to the  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45558 (Transient DOS can occur when the driver parses the per STA profile IE  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45555 (Memory corruption can occur if an already verified IFS2 image is overw ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45553 (Memory corruption can occur when process-specific maps are added to th ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45550 (Memory corruption occurs when invoking any IOCTL-calling application t ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45548 (Memory corruption while processing FIPS encryption or decryption valid ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45547 (Memory corruption while processing IOCTL call invoked from user-space  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45546 (Memory corruption while processing FIPS encryption or decryption IOCTL ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45542 (Memory corruption when IOCTL call is invoked from user-space to write  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-45541 (Memory corruption when IOCTL call is invoked from user-space to read b ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-43064 (Uncontrolled resource consumption when a driver, an application or a S ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-43063 (information disclosure while invoking the mailbox read API.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-35498 (A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows atta ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2024-33067 (Information disclosure while invoking callback function of sound model ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33061 (Information disclosure while processing IOCTL call made for releasing  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33059 (Memory corruption while processing frame command IOCTL calls.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33055 (Memory corruption while invoking IOCTL calls to unmap the DMA buffers.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33041 (Memory corruption when input parameter validation for number of fences ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-31914 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 a ...)
 	NOT-FOR-US: IBM
 CVE-2024-31913 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 a ...)
 	NOT-FOR-US: IBM
 CVE-2024-23366 (Information Disclosure while invoking the mailbox write API when messa ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21464 (Memory corruption while processing IPA statistics, when there are no a ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-12997
 	REJECTED
 CVE-2024-12996
 	REJECTED
 CVE-2024-12970 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: TUBITAK BILGEM Pardus OS My Computer
 CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This vulnerability ...)
 	TODO: check
 CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows unexpected addit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5db5d21feba4f7f3f13f8b9be29b1fd9bae0315

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5db5d21feba4f7f3f13f8b9be29b1fd9bae0315
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250106/152b369a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list