[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 23 Jan 2025 00:19:35 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
775eead9 by Moritz Muehlenhoff at 2025-01-23T09:19:07+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,49 +7,49 @@ CVE-2025-24529 (An issue was discovered in phpMyAdmin 5.x 
before 5.2.2. An XSS v
        NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
        NOTE: Fixed by: 
https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d
 (RELEASE_5_2_2)
 CVE-2025-24030 (Envoy Gateway is an open source project for managing Envoy 
Proxy as a  ...)
-       TODO: check
+       NOT-FOR-US: Envoy Gateway
 CVE-2024-57724 (lunasvg v3.0.0 was discovered to contain a segmentation 
violation via  ...)
-       TODO: check
+       NOT-FOR-US: lunasvg
 CVE-2024-57723 (lunasvg v3.0.0 was discovered to contain a segmentation 
violation via  ...)
-       TODO: check
+       NOT-FOR-US: lunasvg
 CVE-2024-57722 (lunasvg v3.0.0 was discovered to contain a 
allocation-size-too-big bug ...)
-       TODO: check
+       NOT-FOR-US: lunasvg
 CVE-2024-57721 (lunasvg v3.0.0 was discovered to contain a segmentation 
violation via  ...)
-       TODO: check
+       NOT-FOR-US: lunasvg
 CVE-2024-57720 (lunasvg v3.0.0 was discovered to contain a segmentation 
violation via  ...)
-       TODO: check
+       NOT-FOR-US: lunasvg
 CVE-2024-57719 (lunasvg v3.0.0 was discovered to contain a segmentation 
violation via  ...)
-       TODO: check
+       NOT-FOR-US: lunasvg
 CVE-2024-56924 (A Cross Site Request Forgery (CSRF) vulnerability in Code 
Astro Intern ...)
-       TODO: check
+       NOT-FOR-US: Code Astro Internet banking system
 CVE-2024-56923 (Stored Cross-Site Scripting (XSS) in the Categorization Option 
of My S ...)
-       TODO: check
+       NOT-FOR-US: Silverpeas
 CVE-2024-52975 (An issue was identified in Fleet Server where Fleet policies 
that coul ...)
-       TODO: check
+       NOT-FOR-US: Elastic Fleet
 CVE-2024-52972 (An allocation of resources without limits or throttling in 
Kibana can  ...)
-       TODO: check
+       - kibana <itp> (bug #700337)
 CVE-2024-43710 (A server side request forgery vulnerability was identified in 
Kibana w ...)
-       TODO: check
+       - kibana <itp> (bug #700337)
 CVE-2024-43707 (An issue was identified in Kibana where a user without access 
to Fleet ...)
-       TODO: check
+       - kibana <itp> (bug #700337)
 CVE-2024-42187 (BigFix Patch Download Plug-ins are affected by path traversal 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-42186 (BigFix Patch Download Plug-ins are affected by an insecure 
protocol su ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-42185 (BigFix Patch Download Plug-ins are affected by an insecure 
package whi ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-42184 (BigFix Patch Download Plug-ins are affected by insecure 
support for fi ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-42183 (BigFix Patch Download Plug-ins are affected by an arbitrary 
file downl ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-42182 (BigFix Patch Download Plug-ins are affected by Server-Side 
Request For ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-12477 (The Avada Builder plugin for WordPress is vulnerable to Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-50309 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 
6.2.0.0is vuln ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-32340 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 
6.2.0.0 is vul ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-23050
        - qt6-connectivity 6.7.2-8
        [bookworm] - qt6-connectivity <no-dsa> (Minor issue)
@@ -282,7 +282,7 @@ CVE-2025-0395 (When the assert() function in the GNU C 
Library versions 2.13 to
        NOTE: 
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001
        NOTE: https://sourceware.org/pipermail/libc-announce/2025/000044.html
 CVE-2024-9310 (By utilizing software-defined radios and a custom low-latency 
processi ...)
-       TODO: check
+       NOT-FOR-US: Traffic Alert and Collision Avoidance System (TCAS) II
 CVE-2024-56914 (D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in 
/New_GUI/Par ...)
        NOT-FOR-US: D-Link
 CVE-2024-55957 (In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo 
Foundat ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775eead905a96b61b8124564234a59a17a5ab7fb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775eead905a96b61b8124564234a59a17a5ab7fb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to