[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 13 Dec 2024 01:29:04 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c823a5a4 by Moritz Muehlenhoff at 2024-12-13T10:28:22+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -514,11 +514,11 @@ CVE-2024-55587 (python-libarchive through 4.2.1 allows 
directory traversal (to c
 CVE-2024-54269 (Missing Authorization vulnerability in Ninja Team Notibar 
allows Explo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-53677 (File upload logic is flawed vulnerability in Apache Struts.  
This issu ...)
-       TODO: check
+       NOT-FOR-US: Struts 2
 CVE-2024-51460 (IBM InfoSphere Information Server 11.7 could allow an 
authenticated us ...)
        NOT-FOR-US: IBM
 CVE-2024-50585 (Users who click on a malicious link or visit a website under 
the contr ...)
-       TODO: check
+       NOT-FOR-US: Numerix License Server Administration System
 CVE-2024-50339 (GLPI is a free asset and IT management software package. 
Starting in v ...)
        - glpi <removed>
        NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-v977-g4r9-6r72
@@ -761,11 +761,11 @@ CVE-2024-37401 (An out-of-bounds read in IPsec of Ivanti 
Connect Secure before v
 CVE-2024-37377 (A heap-based buffer overflow in IPsec of Ivanti Connect Secure 
before  ...)
        NOT-FOR-US: Ivanti
 CVE-2024-28141 (The web application is not protected against cross-site 
request forger ...)
-       TODO: check
+       NOT-FOR-US: Scan2Net
 CVE-2024-28140 (The scanner device boots into a kiosk mode by default and 
opens the Sc ...)
-       TODO: check
+       NOT-FOR-US: Scan2Net
 CVE-2024-28139 (The www-data user can elevate its privileges because sudo is 
configure ...)
-       TODO: check
+       NOT-FOR-US: Scan2Net
 CVE-2024-12484 (A vulnerability classified as critical was found in Codezips 
Technical ...)
        NOT-FOR-US: Codezips Technical Discussion Forum
 CVE-2024-12483 (A vulnerability classified as problematic has been found in 
Dromara UJ ...)
@@ -779,7 +779,7 @@ CVE-2024-12480 (A vulnerability was found in cjbi 
wetech-cms 1.0/1.1/1.2. It has
 CVE-2024-12479 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and 
classifie ...)
        NOT-FOR-US: cjbi wetech-cms
 CVE-2024-12363 (Insufficient permissions in the TeamViewer Patch & Asset 
Management co ...)
-       TODO: check
+       NOT-FOR-US: TeamViewer
 CVE-2024-12325 (The Waymark plugin for WordPress is vulnerable to Reflected 
Cross-Site ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-12294 (The Last Viewed Posts by WPBeginner plugin for WordPress is 
vulnerable ...)
@@ -1505,7 +1505,7 @@ CVE-2024-50626 (An issue was discovered in Digi 
ConnectPort LTS before 1.4.12. A
 CVE-2024-50625 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. 
A vulne ...)
        NOT-FOR-US: Digi ConnectPort LTS
 CVE-2024-47946 (If the attacker has access to a valid Poweruser session, 
remote code e ...)
-       TODO: check
+       NOT-FOR-US: Scan2Net
 CVE-2024-47585 (SAP NetWeaver Application Server for ABAP and ABAP Platform 
allows an  ...)
        NOT-FOR-US: SAP
 CVE-2024-47582 (Due to missing validation of XML input, an unauthenticated 
attacker co ...)
@@ -1531,7 +1531,7 @@ CVE-2024-37143 (Dell PowerFlex appliance versions prior 
to IC 46.381.00 and IC 4
 CVE-2024-32732 (Under certain conditions SAP BusinessObjects Business 
Intelligence pla ...)
        NOT-FOR-US: SAP
 CVE-2024-28138 (An unauthenticated attacker with network access to the 
affected device ...)
-       TODO: check
+       NOT-FOR-US: Scan2Net
 CVE-2024-21542 (Versions of the package luigi before 3.6.0 are vulnerable to 
Arbitrary ...)
        TODO: check
 CVE-2024-12393 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
@@ -1639,7 +1639,7 @@ CVE-2024-53948 (Generation of Error Message Containing 
analytics metadata Inform
 CVE-2024-53947 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Apache Superset
 CVE-2024-53847 (The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: Trix
 CVE-2024-53822 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Genet ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-53819 (Missing Authorization vulnerability in Sprout Invoices Client 
Invoicin ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c823a5a4c4b06826de23fc444514687e29d38818

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c823a5a4c4b06826de23fc444514687e29d38818
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to