[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 10 Dec 2024 00:49:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
666f6ca3 by Salvatore Bonaccorso at 2024-12-10T09:49:03+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-9672 (A reflected cross-site scripting (XSS) vulnerability exists in 
PaperCu ...)
-       TODO: check
+       NOT-FOR-US: PaperCut
 CVE-2024-55638 (Deserialization of Untrusted Data vulnerability in Drupal Core 
allows  ...)
        TODO: check
 CVE-2024-55637 (Deserialization of Untrusted Data vulnerability in Drupal Core 
allows  ...)
@@ -17,21 +17,21 @@ CVE-2024-54198 (In certain conditions, SAP NetWeaver 
Application Server ABAP all
 CVE-2024-54197 (SAP NetWeaver Administrator(System Overview) allows an 
authenticated a ...)
        NOT-FOR-US: SAP
 CVE-2024-54151 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2024-54149 (Winter is a free, open-source content management system (CMS) 
based on ...)
-       TODO: check
+       NOT-FOR-US: Winter CMS
 CVE-2024-53919 (An injection vulnerability in Barco ClickShare CX-30/20, 
C-5/10, and C ...)
-       TODO: check
+       NOT-FOR-US: Barco
 CVE-2024-53552 (CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles 
password res ...)
        TODO: check
 CVE-2024-50628 (An issue was discovered in the web services of Digi 
ConnectPort LTS be ...)
-       TODO: check
+       NOT-FOR-US: Digi ConnectPort LTS
 CVE-2024-50627 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. 
A Privi ...)
-       TODO: check
+       NOT-FOR-US: Digi ConnectPort LTS
 CVE-2024-50626 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. 
A Direc ...)
-       TODO: check
+       NOT-FOR-US: Digi ConnectPort LTS
 CVE-2024-50625 (An issue was discovered in Digi ConnectPort LTS before 1.4.12. 
A vulne ...)
-       TODO: check
+       NOT-FOR-US: Digi ConnectPort LTS
 CVE-2024-47946 (If the attacker has access to a valid Poweruser session, 
remote code e ...)
        TODO: check
 CVE-2024-47585 (SAP NetWeaver Application Server for ABAP and ABAP Platform 
allows an  ...)
@@ -41,11 +41,11 @@ CVE-2024-47582 (Due to missing validation of XML input, an 
unauthenticated attac
 CVE-2024-47581 (SAP HCM Approve Timesheets Version 4 application does not 
perform nece ...)
        NOT-FOR-US: SAP
 CVE-2024-47580 (An attacker authenticated as an administrator can use an 
exposed webse ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-47579 (An attacker authenticated as an administrator can use an 
exposed webse ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-47578 (Adobe Document Service allows an attacker with administrator 
privilege ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-47577 (Webservice API endpoints for Assisted Service Module within 
SAP Commer ...)
        NOT-FOR-US: SAP
 CVE-2024-47576 (SAP Product Lifecycle Costing Client (versions below 4.7.1) 
applicatio ...)
@@ -53,9 +53,9 @@ CVE-2024-47576 (SAP Product Lifecycle Costing Client 
(versions below 4.7.1) appl
 CVE-2024-46455 (unstructured v.0.14.2 and before is vulnerable to XML External 
Entity  ...)
        TODO: check
 CVE-2024-37144 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 
46.376. ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-37143 (Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 
46.376. ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-32732 (Under certain conditions SAP BusinessObjects Business 
Intelligence pla ...)
        NOT-FOR-US: SAP
 CVE-2024-28138 (An unauthenticated attacker with network access to the 
affected device ...)
@@ -67,13 +67,13 @@ CVE-2024-12393 (Improper Neutralization of Input During Web 
Page Generation (XSS
 CVE-2024-12174 (An Improper Certificate Validation vulnerability exists in 
Tenable Sec ...)
        TODO: check
 CVE-2024-11205 (The WPForms plugin for WordPress is vulnerable to unauthorized 
modific ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11107 (The System Dashboard WordPress plugin before 2.8.15 does not 
sanitise  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10708 (The System Dashboard WordPress plugin before 2.8.15 does not 
validate  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6947 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-12369 (A vulnerability was found in OIDC-Client. When using the RH 
SSO OIDC a ...)
        NOT-FOR-US: elytron-oidc-client
 CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/666f6ca3e990155d36131c94210065df518168f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/666f6ca3e990155d36131c94210065df518168f1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to