[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 23 08:19:26 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
775eead9 by Moritz Muehlenhoff at 2025-01-23T09:19:07+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,49 +7,49 @@ CVE-2025-24529 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS v
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
 	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d (RELEASE_5_2_2)
 CVE-2025-24030 (Envoy Gateway is an open source project for managing Envoy Proxy as a  ...)
-	TODO: check
+	NOT-FOR-US: Envoy Gateway
 CVE-2024-57724 (lunasvg v3.0.0 was discovered to contain a segmentation violation via  ...)
-	TODO: check
+	NOT-FOR-US: lunasvg
 CVE-2024-57723 (lunasvg v3.0.0 was discovered to contain a segmentation violation via  ...)
-	TODO: check
+	NOT-FOR-US: lunasvg
 CVE-2024-57722 (lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug ...)
-	TODO: check
+	NOT-FOR-US: lunasvg
 CVE-2024-57721 (lunasvg v3.0.0 was discovered to contain a segmentation violation via  ...)
-	TODO: check
+	NOT-FOR-US: lunasvg
 CVE-2024-57720 (lunasvg v3.0.0 was discovered to contain a segmentation violation via  ...)
-	TODO: check
+	NOT-FOR-US: lunasvg
 CVE-2024-57719 (lunasvg v3.0.0 was discovered to contain a segmentation violation via  ...)
-	TODO: check
+	NOT-FOR-US: lunasvg
 CVE-2024-56924 (A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Intern ...)
-	TODO: check
+	NOT-FOR-US: Code Astro Internet banking system
 CVE-2024-56923 (Stored Cross-Site Scripting (XSS) in the Categorization Option of My S ...)
-	TODO: check
+	NOT-FOR-US: Silverpeas
 CVE-2024-52975 (An issue was identified in Fleet Server where Fleet policies that coul ...)
-	TODO: check
+	NOT-FOR-US: Elastic Fleet
 CVE-2024-52972 (An allocation of resources without limits or throttling in Kibana can  ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2024-43710 (A server side request forgery vulnerability was identified in Kibana w ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2024-43707 (An issue was identified in Kibana where a user without access to Fleet ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2024-42187 (BigFix Patch Download Plug-ins are affected by path traversal vulnerab ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-42186 (BigFix Patch Download Plug-ins are affected by an insecure protocol su ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-42185 (BigFix Patch Download Plug-ins are affected by an insecure package whi ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-42184 (BigFix Patch Download Plug-ins are affected by insecure support for fi ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-42183 (BigFix Patch Download Plug-ins are affected by an arbitrary file downl ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-42182 (BigFix Patch Download Plug-ins are affected by Server-Side Request For ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-12477 (The Avada Builder plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50309 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0is vuln ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-32340 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vul ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-23050
 	- qt6-connectivity 6.7.2-8
 	[bookworm] - qt6-connectivity <no-dsa> (Minor issue)
@@ -282,7 +282,7 @@ CVE-2025-0395 (When the assert() function in the GNU C Library versions 2.13 to
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001
 	NOTE: https://sourceware.org/pipermail/libc-announce/2025/000044.html
 CVE-2024-9310 (By utilizing software-defined radios and a custom low-latency processi ...)
-	TODO: check
+	NOT-FOR-US: Traffic Alert and Collision Avoidance System (TCAS) II
 CVE-2024-56914 (D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/Par ...)
 	NOT-FOR-US: D-Link
 CVE-2024-55957 (In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775eead905a96b61b8124564234a59a17a5ab7fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775eead905a96b61b8124564234a59a17a5ab7fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/ea48caf3/attachment.htm>

More information about the debian-security-tracker-commits mailing list