[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jan 15 08:39:29 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e5efa63 by Moritz Muehlenhoff at 2025-01-15T09:39:11+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -535,7 +535,7 @@ CVE-2024-7344 (Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulne
CVE-2024-5175
REJECTED
CVE-2024-56841 (A vulnerability has been identified in Mendix LDAP (All versions < V1. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-56497 (An improper neutralization of special elements used in an os command ( ...)
NOT-FOR-US: FortiGuard
CVE-2024-56374 (An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, ...)
@@ -575,9 +575,9 @@ CVE-2024-53996
CVE-2024-53649 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
NOT-FOR-US: Siemens
CVE-2024-53563 (A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 ...)
- TODO: check
+ NOT-FOR-US: Arcadyan Meteor
CVE-2024-53561 (A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE F ...)
- TODO: check
+ NOT-FOR-US: Arcadyan Meteor
CVE-2024-53263 (Git LFS is a Git extension for versioning large files. When Git LFS re ...)
- git-lfs <unfixed> (bug #1093048)
NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-q6r2-x2cc-vrp7
@@ -597,7 +597,7 @@ CVE-2024-50564 (A use of hard-coded cryptographic key in Fortinet FortiClientWin
CVE-2024-50338 (Git Credential Manager (GCM) is a secure Git credential helper built o ...)
TODO: check
CVE-2024-49375 (Open source machine learning framework. A vulnerability has been ident ...)
- TODO: check
+ NOT-FOR-US: Rasa
CVE-2024-48893 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2024-48890 (An improper neutralization of special elements used in an OS command ( ...)
@@ -607,193 +607,193 @@ CVE-2024-48886 (A weak authentication in Fortinet FortiOS versions 7.4.0 through
CVE-2024-48884 (A improper limitation of a pathname to a restricted directory ('path t ...)
NOT-FOR-US: FortiGuard
CVE-2024-48858 (Improper input validation in the PCX image codec in QNX SDP versions 8 ...)
- TODO: check
+ NOT-FOR-US: QNX
CVE-2024-48857 (NULL pointer dereference in the PCX image codec in QNX SDP versions 8. ...)
- TODO: check
+ NOT-FOR-US: QNX
CVE-2024-48856 (Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7. ...)
- TODO: check
+ NOT-FOR-US: QNX
CVE-2024-48855 (Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7. ...)
- TODO: check
+ NOT-FOR-US: QNX
CVE-2024-48854 (Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 ...)
- TODO: check
+ NOT-FOR-US: QNX
CVE-2024-47572 (An improper neutralization of formula elements in a csv file in Fortin ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-47571 (An operation on a resource after expiration or release in Fortinet For ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-47566 (A improper limitation of a pathname to a restricted directory ('path t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-47100 (A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-46670 (AnOut-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46669 (AnInteger Overflow or Wraparound vulnerability [CWE-190] in version 7. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46668 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46667 (A allocation of resources without limits or throttling in Fortinet For ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46666 (An allocation of resources without limits or throttling [CWE-770] vuln ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46665 (An insertion of sensitive information into sent data vulnerability [CW ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-46664 (A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-45627 (In Apache Linkis <1.7.0, due to the lack of effective filtering of par ...)
- TODO: check
+ NOT-FOR-US: Apache Linkis
CVE-2024-45385 (A vulnerability has been identified in Industrial Edge Management OS ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-45326 (AnImproper Access Control vulnerability [CWE-284] in FortiDeceptor ver ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-42444 (APTIOV contains a vulnerability in BIOS where an attacker may cause a ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2024-40587 (An improper neutralization of special elements used in an OS command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-39803 (Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_sett ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39802 (Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_sett ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39801 (Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_sett ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39800 (Multiple external config control vulnerabilities exists in the openvpn ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39799 (Multiple external config control vulnerabilities exists in the openvpn ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39798 (Multiple external config control vulnerabilities exists in the openvpn ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39795 (Multiple external config control vulnerabilities exist in the nas.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39794 (Multiple external config control vulnerabilities exist in the nas.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39793 (Multiple external config control vulnerabilities exist in the nas.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39790 (Multiple external config control vulnerabilities exist in the nas.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39789 (Multiple external config control vulnerabilities exist in the nas.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39788 (Multiple external config control vulnerabilities exist in the nas.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39787 (Multiple directory traversal vulnerabilities exist in the nas.cgi add_ ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39786 (Multiple directory traversal vulnerabilities exist in the nas.cgi add_ ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39785 (Multiple command execution vulnerabilities exist in the nas.cgi add_di ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39784 (Multiple command execution vulnerabilities exist in the nas.cgi add_di ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39783 (Multiple OS command injection vulnerabilities exist in the adm.cgi sch ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39782 (Multiple OS command injection vulnerabilities exist in the adm.cgi sch ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39781 (Multiple OS command injection vulnerabilities exist in the adm.cgi sch ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39774 (A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() fu ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39773 (An information disclosure vulnerability exists in the testsave.sh func ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39770 (Multiple buffer overflow vulnerabilities exist in the internet.cgi set ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39769 (Multiple buffer overflow vulnerabilities exist in the internet.cgi set ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39768 (Multiple buffer overflow vulnerabilities exist in the internet.cgi set ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39765 (Multiple OS command injection vulnerabilities exist in the internet.cg ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39764 (Multiple OS command injection vulnerabilities exist in the internet.cg ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39763 (Multiple OS command injection vulnerabilities exist in the internet.cg ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39762 (Multiple OS command injection vulnerabilities exist in the internet.cg ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39761 (Multiple OS command injection vulnerabilities exist in the login.cgi s ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39760 (Multiple OS command injection vulnerabilities exist in the login.cgi s ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39759 (Multiple OS command injection vulnerabilities exist in the login.cgi s ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39757 (A stack-based buffer overflow vulnerability exists in the wireless.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39756 (A buffer overflow vulnerability exists in the adm.cgi rep_as_router() ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39754 (A static login vulnerability exists in the wctrls functionality of Wav ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39608 (A firmware update vulnerability exists in the login.cgi functionality ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39604 (A command execution vulnerability exists in the update_filter_url.sh f ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39603 (A stack-based buffer overflow vulnerability exists in the wireless.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39602 (An external config control vulnerability exists in the nas.cgi set_nas ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39370 (An arbitrary code execution vulnerability exists in the adm.cgi set_Me ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39367 (An os command injection vulnerability exists in the firewall.cgi iptab ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39363 (A cross-site scripting (xss) vulnerability exists in the login.cgi set ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39360 (An os command injection vulnerability exists in the nas.cgi remove_dir ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39359 (A stack-based buffer overflow vulnerability exists in the wireless.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39358 (A buffer overflow vulnerability exists in the adm.cgi set_wzap() funct ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39357 (A stack-based buffer overflow vulnerability exists in the wireless.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39299 (A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39294 (A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() fu ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39288 (A buffer overflow vulnerability exists in the internet.cgi set_add_rou ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39280 (An external config control vulnerability exists in the nas.cgi set_smb ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-39273 (A firmware update vulnerability exists in the fw_check.sh functionalit ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-38666 (An external config control vulnerability exists in the openvpn.cgi ope ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-37357 (A buffer overflow vulnerability exists in the adm.cgi set_TR069() func ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-37186 (An os command injection vulnerability exists in the adm.cgi set_ledono ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-37184 (A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-36512 (An improper limitation of a pathname to a restricted directory ('path ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-36510 (An observable response discrepancy vulnerability [CWE-204] in FortiCli ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-36506 (An improper verification of source of a communication channel vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-36504 (An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web po ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-36493 (A stack-based buffer overflow vulnerability exists in the wireless.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-36295 (A command execution vulnerability exists in the qos.cgi qos_sta() func ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-36290 (A buffer overflow vulnerability exists in the login.cgi Goto_chidx() f ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-36272 (A buffer overflow vulnerability exists in the usbip.cgi set_info() fun ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-36258 (A stack-based buffer overflow vulnerability exists in the touchlist_sy ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-35278 (A improper neutralization of special elements used in an sql command ( ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-35277 (A missing authentication for critical function in Fortinet FortiPortal ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-35276 (A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-35275 (A improper neutralization of special elements used in an sql command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-35273 (A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-34544 (A command injection vulnerability exists in the wireless.cgi AddMac() ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-34166 (An os command injection vulnerability exists in the touchlist_sync.cgi ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2024-33503 (A improper privilege management in Fortinet FortiManager version 7.4.0 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-33502 (An improper limitation of a pathname to a restricted directory ('path ...)
TODO: check
CVE-2024-32115 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiMana ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-29980 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
TODO: check
CVE-2024-29979 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e5efa63527279fd120fa5f74e24f4c553bf1115
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e5efa63527279fd120fa5f74e24f4c553bf1115
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250115/2e36306e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list