[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 11 21:38:50 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e713bce8 by Salvatore Bonaccorso at 2025-03-11T22:38:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -301,7 +301,7 @@ CVE-2025-22367 (The authenticated time setting capability of the firmware for Me
 CVE-2025-22366 (The authenticated firmware update capability of the firmware for Menne ...)
 	NOT-FOR-US: Mennekes
 CVE-2025-22213 (Inadequate checks in the Media Manager allowed users with "edit" privi ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-21247 (Improper resolution of path equivalence in Windows MapUrlToZone allows ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-21199 (Improper privilege management in Azure Agent Installer allows an autho ...)
@@ -319,7 +319,7 @@ CVE-2025-0150 (Incorrect behavior order in some Zoom Workplace Apps for iOS befo
 CVE-2025-0149 (Insufficient verification of data authenticity in some Zoom Workplace  ...)
 	NOT-FOR-US: Zoom
 CVE-2024-9157 (** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Synaptics
 CVE-2024-56338 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 a ...)
 	NOT-FOR-US: IBM
 CVE-2024-56336 (A vulnerability has been identified in SINAMICS S200 (All versions wit ...)
@@ -329,23 +329,23 @@ CVE-2024-56182 (A vulnerability has been identified in SIMATIC Field PG M5 (All
 CVE-2024-56181 (A vulnerability has been identified in SIMATIC Field PG M5 (All versio ...)
 	NOT-FOR-US: Siemens
 CVE-2024-55597 (A improper limitation of a pathname to a restricted directory ('path t ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-55592 (An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 al ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-55590 (Multiple improper neutralization of special elements used in an OS com ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-54085 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...)
 	TODO: check
 CVE-2024-54084 (APTIOV contains a vulnerability in BIOS where an attacker may cause a  ...)
 	TODO: check
 CVE-2024-54026 (An improper neutralization of special elements used in an sql command  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-54018 (Multipleimproper neutralization of special elements used in an OS Comm ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-52961 (An improper neutralization of special elements used in an OS Command v ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-52960 (A client-side enforcement of server-side security vulnerability [CWE-6 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-52285 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
 	NOT-FOR-US: Siemens
 CVE-2024-51322 (Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 al ...)
@@ -357,27 +357,27 @@ CVE-2024-51320 (Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity
 CVE-2024-51319 (A local file include vulnerability in the /servlet/Report of Zucchetti ...)
 	TODO: check
 CVE-2024-46663 (A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-45328 (An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-45324 (A use of externally-controlled format string vulnerability [CWE-134] i ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-33501 (Two improper neutralization of special elements used in an SQL Command ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-32123 (Multiple improper neutralization of special elements used in an os com ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-28607 (The ip-utils package through 2.4.0 for Node.js might allow SSRF becaus ...)
 	TODO: check
 CVE-2024-12546 (EDK2 contains a vulnerability in BIOS where a user may cause an Intege ...)
 	TODO: check
 CVE-2023-48790 (A cross site request forgery vulnerability [CWE-352] in Fortinet Forti ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-42784 (An improper handling of syntactically invalid structure in Fortinet Fo ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-40723 (An exposure of sensitive information to an unauthorized actor in Forti ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-37933 (An improper neutralization of input during web page generation ('Cross ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-2190 (The mobile application (com.transsnet.store) has a man-in-the-middle a ...)
 	NOT-FOR-US: com.transsnet.store
 CVE-2025-2177 (A vulnerability classified as critical was found in libzvbi up to 0.2. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e713bce8dfd81c45308bef65a4e75279e5e83604

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e713bce8dfd81c45308bef65a4e75279e5e83604
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/0613e8a5/attachment.htm>

More information about the debian-security-tracker-commits mailing list