[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 18 Dec 2024 06:23:01 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1d318faa by Moritz Muehlenhoff at 2024-12-18T15:22:29+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2024-56169 (A validation integrity issue was discovered 
in Fort through 1.6.
        - fort-validator <unfixed>
        NOTE: https://github.com/NICMx/FORT-validator/issues/82
 CVE-2024-56142 (pghoard is a PostgreSQL backup daemon and restore tooling that 
stores  ...)
-       TODO: check
+       NOT-FOR-US: pghoard
 CVE-2024-55059 (A stored HTML Injection vulnerability was identified in 
PHPGurukul Onl ...)
        NOT-FOR-US: PHPGurukul Online Birth Certificate System
 CVE-2024-55058 (An insecure direct object reference (IDOR) vulnerability was 
discovere ...)
@@ -21,9 +21,9 @@ CVE-2024-55057 (Phpgurukul Online Birth Certificate System 
1.0 suffers from insu
 CVE-2024-55056 (A stored cross-site scripting (XSS) vulnerability was 
identified in Ph ...)
        NOT-FOR-US: Phpgurukul Online Birth Certificate System
 CVE-2024-54457 (Inclusion of undocumented features or chicken bits issue 
exists in AE1 ...)
-       TODO: check
+       NOT-FOR-US: FXC AE1021
 CVE-2024-53688 (Improper neutralization of special elements used in an OS 
command ('OS ...)
-       TODO: check
+       NOT-FOR-US: FXC AE1021
 CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing 
entries ( ...)
        - ldap-account-manager <unfixed>
        NOTE: 
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc
@@ -34,19 +34,19 @@ CVE-2024-4464 (Authorization bypass through user-controlled 
key vulnerability in
 CVE-2024-47480 (Dell Inventory Collector Client, versions prior to 12.7.0, 
contains an ...)
        NOT-FOR-US: Dell
 CVE-2024-47397 (Weak authentication issue exists in AE1021 firmware versions 
2.0.10 an ...)
-       TODO: check
+       NOT-FOR-US: FXC AE1021
 CVE-2024-39703 (In ThreatQuotient ThreatQ before 5.29.3, authenticated users 
are able  ...)
-       TODO: check
+       NOT-FOR-US: ThreatQuotient
 CVE-2024-31668 (rizin before v0.6.3 is vulnerable to Improper Neutralization 
of Specia ...)
-       TODO: check
+       NOT-FOR-US: rizin
 CVE-2024-29646 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 
allows an at ...)
        TODO: check
 CVE-2024-21548 (Versions of the package bun before 1.1.30 are vulnerable to 
Prototype  ...)
-       TODO: check
+       NOT-FOR-US: bun
 CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: spatie/browsershot
 CVE-2024-21546 (Versions of the package unisharp/laravel-filemanager before 
2.9.1 are  ...)
-       TODO: check
+       NOT-FOR-US: laravel-filemanager
 CVE-2024-1610 (In OPPO Store APP, there's a possible escalation of privilege 
due to i ...)
        NOT-FOR-US: OPPO Store APP
 CVE-2024-12698 (An incomplete fix for ose-olm-catalogd-container was issued 
for the Ra ...)
@@ -102,7 +102,7 @@ CVE-2024-8429 (Improper Restriction of Excessive 
Authentication Attempts vulnera
 CVE-2024-8326 (The s2Member \u2013 Excellent for All Kinds of Memberships, 
Content Re ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-56139 (pdftools is a high level tools to convert PDF files to ePUB 
formats. I ...)
-       TODO: check
+       NOT-FOR-US: pdftools
 CVE-2024-55516 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
        NOT-FOR-US: Raisecom
 CVE-2024-55515 (A vulnerability was found in Raisecom MSG1200, MSG2100E, 
MSG2200, and  ...)
@@ -163,7 +163,7 @@ CVE-2024-49817 (IBM Security Guardium Key Lifecycle Manager 
4.1, 4.1.1, 4.2.0, a
 CVE-2024-49816 (IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, 
and 4.2 ...)
        NOT-FOR-US: IBM
 CVE-2024-49194 (Databricks JDBC Driver before 2.6.40 could potentially allow 
remote co ...)
-       TODO: check
+       NOT-FOR-US: Databricks JDBC Driver
 CVE-2024-42194 (An improper handling of insufficient permissions or privileges 
affects ...)
        NOT-FOR-US: HCL
 CVE-2024-37607 (A Buffer overflow vulnerability in D-Link DAP-2555 
REVA_FIRMWARE_1.20  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d318faa5baed2eb74e2b112b4396d5334a5ed2a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d318faa5baed2eb74e2b112b4396d5334a5ed2a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to