[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 20 Dec 2024 03:03:23 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1a51a24e by Moritz Muehlenhoff at 2024-12-20T12:02:55+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2024-8968 (The WordPress Button Plugin MaxButtons WordPress 
plugin before 9.
 CVE-2024-5955 (Cross-site scripting vulnerability in Trellix ePolicy 
Orchestrator pri ...)
        NOT-FOR-US: Trellix
 CVE-2024-56327 (pyrage is a set of Python bindings for the rage file 
encryption librar ...)
-       TODO: check
+       NOT-FOR-US: pyrage
 CVE-2024-54984 (An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to 
bypass au ...)
        NOT-FOR-US: Quectel BG96 BG96MAR02A08M1G
 CVE-2024-54983 (An issue in Quectel BC95-CNV V100R001C00SPC051 allows 
attackers to byp ...)
@@ -35,7 +35,7 @@ CVE-2024-44211 (This issue was addressed with improved 
validation of symlinks. T
 CVE-2024-44195 (A logic issue was addressed with improved validation. This 
issue is fi ...)
        NOT-FOR-US: Apple
 CVE-2024-21549 (Versions of the package spatie/browsershot before 5.0.3 are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: spatie/browsershot
 CVE-2024-12832 (Arista NG Firewall ReportEntry SQL Injection Arbitrary File 
Read and W ...)
        NOT-FOR-US: Arista
 CVE-2024-12831 (Arista NG Firewall uvm_login Incorrect Authorization Privilege 
Escalat ...)
@@ -51,9 +51,9 @@ CVE-2024-12728 (A weak credentials vulnerability potentially 
allows privileged s
 CVE-2024-12727 (A pre-auth SQL injection vulnerability in the email protection 
feature ...)
        NOT-FOR-US: Sophos
 CVE-2024-12700 (There is an unrestricted file upload vulnerability where it is 
possibl ...)
-       TODO: check
+       NOT-FOR-US: Tibbo
 CVE-2024-12678 (Nomad Community and Nomad Enterprise ("Nomad") allocations are 
vulnera ...)
-       TODO: check
+       - nomad <removed>
 CVE-2024-12672 (A third-party vulnerability exists in the Rockwell 
AutomationArena\xae ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2024-12571 (The Store Locator for WordPress with Google Maps \u2013 
LotsOfLocales  ...)
@@ -65,7 +65,7 @@ CVE-2024-12506 (The NACC WordPress Plugin plugin for 
WordPress is vulnerable to
 CVE-2024-12175 (Another \u201cuse after free\u201dcode execution vulnerability 
exists  ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2024-12111 (In a specific scenario a LDAP user can abuse the 
authentication proces ...)
-       TODO: check
+       NOT-FOR-US: OpenText
 CVE-2024-11893 (The Spoki \u2013 Chat Buttons and WooCommerce Notifications 
plugin for ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-11878 (The Category Post Slider plugin for WordPress is vulnerable to 
Stored  ...)
@@ -105,15 +105,15 @@ CVE-2023-42867 (This issue was addressed with improved 
validation of the process
 CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 
allows e ...)
        NOT-FOR-US: HMS Networks Ewon Flexy 205
 CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP 
packet ca ...)
-       TODO: check
+       NOT-FOR-US: Silabs
 CVE-2024-7138 (An assert may be triggered, causing a temporary denial of 
service when ...)
-       TODO: check
+       NOT-FOR-US: Silabs
 CVE-2024-7137 (The L2CAP receive data buffer for L2CAP packets is restricted 
to packe ...)
-       TODO: check
+       NOT-FOR-US: Silabs
 CVE-2024-56200 (Altair is a fork of Misskey v12. Affected versions lack of 
request val ...)
        NOT-FOR-US: Altair
 CVE-2024-56159 (Astro is a web framework for content-driven websites. A bug in 
the bui ...)
-       TODO: check
+       NOT-FOR-US: Astro
 CVE-2024-55196 (Insufficiently Protected Credentials in the Mail Server 
Configuration  ...)
        NOT-FOR-US: GoPhish
 CVE-2024-55082 (A Server-Side Request Forgery (SSRF) in the endpoint 
http://{your-serv ...)
@@ -292,8 +292,8 @@ CVE-2024-12692 (Type Confusion in V8 in Google Chrome prior 
to 131.0.6778.204 al
        {DSA-5834-1}
        - chromium 131.0.6778.204-1
        [bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-56128 (Incorrect Implementation of Authentication Algorithm in Apache 
Kafka's ...)
-       TODO: check
+CVE-2024-56128
+       - kafka <itp> (bug #786460)
 CVE-2024-56059 (Improperly Controlled Modification of Object Prototype 
Attributes ('Pr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-56058 (Deserialization of Untrusted Data vulnerability in Gueststream 
VRPConn ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a51a24e21028134cecd1a65b6b1f45c8a512e60

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a51a24e21028134cecd1a65b6b1f45c8a512e60
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to