[Git][security-tracker-team/security-tracker][master] NFUS

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 23 16:24:32 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
175c2805 by Moritz Muehlenhoff at 2025-01-23T17:24:12+01:00
NFUS

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -377,7 +377,7 @@ CVE-2023-37003 (Open5GS MME versions <= 2.6.4 contain an assertion that can be r
 CVE-2023-37002 (Open5GS MME versions <= 2.6.4 contain an assertion that can be remotel ...)
 	NOT-FOR-US: Open5GS
 CVE-2023-36998 (The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb5a2635 ...)
-	TODO: check
+	NOT-FOR-US: NextEPC MME
 CVE-2024-52948 [CSRF on 2FA registration]
 	- lemonldap-ng 2.20.2+ds-1
 	[bookworm] - lemonldap-ng <no-dsa> (Will be fixed via point update)
@@ -604,9 +604,9 @@ CVE-2024-57360 (https://www.gnu.org/software/binutils/ nm >=2.43 is affected by:
 CVE-2024-55959 (Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.)
 	NOT-FOR-US: Northern.tech Mender Client
 CVE-2024-55958 (Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and b ...)
-	TODO: check
+	NOT-FOR-US: CFEngine Enterprise Mission Portal
 CVE-2024-49749 (In DGifSlurp of dgif_lib.c, there is a possible out of bounds write du ...)
-	TODO: check
+	NOT-FOR-US: DGifSlurp
 CVE-2024-49748 (In gatts_process_primary_service_req of gatt_sr.cc, there is a possibl ...)
 	NOT-FOR-US: Android
 CVE-2024-49747 (In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible o ...)
@@ -710,11 +710,11 @@ CVE-2024-11218 (A vulnerability was found in `podman build` and `buildah.` This
 	[bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
 	NOTE: https://github.com/advisories/GHSA-5vpc-35f4-r8w6
 CVE-2023-50733 (A Server-Side Request Forgery (SSRF) vulnerability has been identified ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2023-40132 (In setActualDefaultRingtoneUri of RingtoneManager.java, there is a pos ...)
 	NOT-FOR-US: Android
 CVE-2023-40108 (In multiple locations, there is a possible way to access media content ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-37039 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
 	NOT-FOR-US: Magma
 CVE-2023-37038 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
@@ -817,7 +817,7 @@ CVE-2025-23461 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-23454 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-23369 (An improper verification of cryptographic signature vulnerability was  ...)
-	TODO: check
+	NOT-FOR-US: GitHub Enterprise Server
 CVE-2025-23184 (A potential denial of service vulnerability is present in versions of  ...)
 	NOT-FOR-US: Apache CXF
 CVE-2025-23086 (On most desktop platforms, Brave Browser versions 1.70.x-1.73.x includ ...)
@@ -889,7 +889,7 @@ CVE-2025-0614 (Input validation vulnerability in Qualifio's Wheel of Fortune. Th
 CVE-2025-0450 (The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0377 (HashiCorp\u2019s go-slug library is vulnerable to a zip-slip style att ...)
-	TODO: check
+	NOT-FOR-US: go-slug
 CVE-2025-0371 (The JetElements plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6466 (NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an att ...)
@@ -905,7 +905,7 @@ CVE-2024-56990 (PHPGurukul Hospital Management System 4.0 is vulnerable to Cross
 CVE-2024-56277 (Improper Encoding or Escaping of Output vulnerability in Poll Maker Te ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-55504 (An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows loc ...)
-	TODO: check
+	NOT-FOR-US: RAR Extractor - Unarchiver Free and Pro
 CVE-2024-54795 (SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vul ...)
 	NOT-FOR-US: SpagoBI
 CVE-2024-54794 (The script input feature of SpagoBI 3.5.1 allows arbitrary code execut ...)
@@ -913,7 +913,7 @@ CVE-2024-54794 (The script input feature of SpagoBI 3.5.1 allows arbitrary code
 CVE-2024-54792 (A Cross-Site Request Forgery (CSRF) vulnerability has been found in Sp ...)
 	NOT-FOR-US: SpagoBI
 CVE-2024-53829 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
-	TODO: check
+	NOT-FOR-US: CodeChecker
 CVE-2024-52973 (An allocation of resources without limits or throttling in Kibana can  ...)
 	- kibana <itp> (bug #700337)
 CVE-2024-51919 (Unrestricted Upload of File with Dangerous Type vulnerability in NotFo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175c280566288aad47fd25bb4e5e30b0ba710196

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175c280566288aad47fd25bb4e5e30b0ba710196
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/1738d4d4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list