[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 15 15:18:49 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9c992dd by Moritz Muehlenhoff at 2025-01-15T16:18:41+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -154,9 +154,9 @@ CVE-2025-23041 (Umbraco.Forms is a web form framework written for the nuget ecos
 CVE-2025-23025 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
 CVE-2025-23019 (IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and rout ...)
-	TODO: check
+	NOT-FOR-US: IP tunnel protocol issue
 CVE-2025-23018 (IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the  ...)
-	TODO: check
+	NOT-FOR-US: IP tunnel protocol issue
 CVE-2025-22984 (An access control issue in the component /api/squareComment/DelectSqua ...)
 	NOT-FOR-US: iceCMS
 CVE-2025-22983 (An access control issue in the component /square/getAllSquare/circle o ...)
@@ -794,91 +794,91 @@ CVE-2024-34166 (An os command injection vulnerability exists in the touchlist_sy
 CVE-2024-33503 (A improper privilege management in Fortinet FortiManager version 7.4.0 ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-33502 (An improper limitation of a pathname to a restricted directory ('path  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-32115 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiMana ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-29980 (Improper Check for Unusual or Exceptional Conditions vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2024-29979 (Improper Check for Unusual or Exceptional Conditions vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2024-27778 (An improper neutralization of special elements used in an OS Command v ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-26012 (A improper neutralization of special elements used in an os command (' ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-23106 (An improper restriction of excessive authentication attempts [CWE-307] ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-21797 (A command execution vulnerability exists in the adm.cgi set_TR069() fu ...)
-	TODO: check
+	NOT-FOR-US: Wavlink
 CVE-2024-21758 (A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 thro ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-13181 (Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13180 (Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13179 (Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13172 (Improper signature verification in Ivanti EPM before the 2024 January- ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13171 (Insufficient filename validation in Ivanti EPM before the 2024 January ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13170 (An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Secu ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13169 (An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Secur ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13168 (An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Secu ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13167 (An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Secu ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13166 (An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Secu ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13165 (An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Secu ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13164 (An uninitialized resource in Ivanti EPM before the 2024 January-2025 S ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13163 (Deserialization of untrusted data in Ivanti EPM before the 2024 Januar ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13162 (SQL injection in Ivanti EPM before the 2024 January-2025 Security Upda ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13161 (Absolute path traversal in Ivanti EPM before the 2024 January-2025 Sec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13160 (Absolute path traversal in Ivanti EPM before the 2024 January-2025 Sec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13159 (Absolute path traversal in Ivanti EPM before the 2024 January-2025 Sec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13158 (An unbounded resource search path in Ivanti EPM before the 2024 Januar ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-13156 (The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12919 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12240 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11864 (Specifically crafted SCMI messages sent to an SCP running SCP-Firmware ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2024-11863 (Specifically crafted SCMI messages sent to an SCP running SCP-Firmware ...)
-	TODO: check
+	NOT-FOR-US: Arm
 CVE-2024-11736 (A vulnerability was found in Keycloak. Admin users may have to access  ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2024-11734 (A denial of service vulnerability was found in Keycloak that could all ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2024-11497 (An authenticated attacker can use this vulnerability to perform a priv ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2024-10811 (Absolute path traversal in Ivanti EPM before the 2024 January-2025 Sec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-10630 (A race condition in Ivanti Application Control Engine before version 1 ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-46715 (An origin validation error [CWE-346] vulnerability in Fortinet FortiOS ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-42786 (A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7. ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-42785 (A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7. ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-37937 (An improper neutralization of special elements used in an os command ( ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-37936 (A use of hard-coded cryptographic key in Fortinet FortiSwitch version  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-37931 (An improper neutralization of special elements used in an sql command  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-52006 (Git is a fast, scalable, distributed revision control system with an u ...)
 	- git <unfixed> (bug #1093042)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/01/14/4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9c992dd2a4b766421601e6f10f23be6f764594b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9c992dd2a4b766421601e6f10f23be6f764594b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250115/10e20490/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list