[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add Black Duck

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ac94d30 by Moritz Muehlenhoff at 2025-03-16T21:00:36+01:00
auto-nfu: Add Black Duck

Total CVEs from BlackDuck: 9
Total CVEs from BlackDuck with packages assigned: 0

- - - - -
39211462 by Moritz Muehlenhoff at 2025-03-16T21:03:22+01:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -201,15 +201,15 @@ CVE-2025-1507 (The ShareThis Dashboard for Google Analytics plugin for WordPress
 CVE-2024-55594 (An improper handling of syntactically invalid structure in Fortinet Fo ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-54449 (The API used to interact with documents in the application contains tw ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2024-54448 (The Automation Scripting functionality can be exploited by attackers t ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2024-54447 (Saved search functionality contains a blind SQL injection that can be  ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2024-54446 (Document history functionality contains a blind SQL injection that can ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2024-54445 (Login functionality contains a blind SQL injection that can be exploit ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2024-47573 (An improper validation of integrity check value vulnerability [CWE-354 ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-46662 (A improper neutralization of special elements used in a command ('comm ...)
@@ -235,11 +235,11 @@ CVE-2024-13771 (The Civi - Job Board & Freelance Marketplace WordPress Theme plu
 CVE-2024-12810 (The JobCareer | Job Board Responsive WordPress Theme theme for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12245 (Logout functionality contains a blind SQL injection that can be exploi ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2024-12020 (There is a reflected cross-site scripting (XSS) within JSP files used  ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2024-12019 (The API used to interact with documents in the application contains a  ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2023-48785 (An improper certificate validation vulnerability [CWE-295] in FortiNAC ...)
 	NOT-FOR-US: Fortinet
 CVE-2023-45588 (An external control of file name or path vulnerability [CWE-73] in  Fo ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -15,6 +15,8 @@
   cna: Axis
 - reason: Bitdefender
   cna: Bitdefender
+- reason: Black Duck
+  cna: BlackDuck
 - reason: ChromeOS
   cna: ChromeOS
 - reason: Dell / EMC



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3df9f3b218ab9b836844c789efabd91daa28b1e6...392114627797ee19e2e3e9874105a81f2e9de24a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3df9f3b218ab9b836844c789efabd91daa28b1e6...392114627797ee19e2e3e9874105a81f2e9de24a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250316/9f4be0bd/attachment-0001.htm>