[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 06 Jan 2025 13:31:11 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f5db5d21 by Salvatore Bonaccorso at 2025-01-06T22:27:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2025-21612 (TabberNeue is a MediaWiki extension that 
allows the wiki to crea
 CVE-2025-21611 (tgstation-server is a production scale tool for BYOND server 
managemen ...)
        TODO: check
 CVE-2025-21604 (LangChain4j-AIDeepin is a Retrieval enhancement generation 
(RAG) proje ...)
-       TODO: check
+       NOT-FOR-US: LangChain4j-AIDeepin
 CVE-2024-8474 (OpenVPN Connect before version 3.5.0 can contain the 
configuration pro ...)
        TODO: check
 CVE-2024-56828 (File Upload vulnerability in ChestnutCMS through 1.5.0. Based 
on the c ...)
-       TODO: check
+       NOT-FOR-US: ChestnutCMS
 CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion 
Prevention ...)
        - suricata 1:7.0.8-1
        NOTE: 
https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
@@ -56,80 +56,79 @@ CVE-2024-55605 (Suricata is a network Intrusion Detection 
System, Intrusion Prev
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/f80ebd5a30b02db5915f749f0c067c7adefbbe76
 (suricata-7.0.8)
        NOTE: Fixed by: 
https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba
 (suricata-7.0.8)
 CVE-2024-55529 (Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via 
\zb_user ...)
-       TODO: check
+       NOT-FOR-US: Z-BlogPHP
 CVE-2024-55408 (An issue in the AsusSAIO.sys component of ASUS System Analysis 
IO v1.0 ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2024-55407 (An issue in the DeviceloControl function of ITE Tech. Inc ITE 
IO Acces ...)
-       TODO: check
-
+       NOT-FOR-US: ITE
 CVE-2024-54880 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A 
logic flaw c ...)
-       TODO: check
+       NOT-FOR-US: SeaCMS
 CVE-2024-54879 (SeaCMS V13.1 is vulnerable to Incorrect Access Control. A 
logic flaw c ...)
-       TODO: check
+       NOT-FOR-US: SeaCMS
 CVE-2024-51472 (IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 
7.3.2.8,  ...)
        NOT-FOR-US: IBM
 CVE-2024-51112 (Open Redirect vulnerability in Pnetlab 5.3.11 allows an 
attacker to ma ...)
-       TODO: check
+       NOT-FOR-US: Pnetlab
 CVE-2024-51111 (Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 
allows an a ...)
-       TODO: check
+       NOT-FOR-US: Pnetlab
 CVE-2024-47475 (Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an 
incorrect pe ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-46622 (An Escalation of Privilege security vulnerability was found in 
SecureA ...)
-       TODO: check
+       NOT-FOR-US: SecureAge
 CVE-2024-46209 (A stored cross-site scripting (XSS) vulnerability in the 
component /me ...)
-       TODO: check
+       NOT-FOR-US: REDAXO CMS
 CVE-2024-46073 (A reflected Cross-Site Scripting (XSS) vulnerability exists in 
the log ...)
-       TODO: check
+       NOT-FOR-US: IceHRM
 CVE-2024-45559 (Transient DOS can occur when GVM sends a specific message type 
to the  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45558 (Transient DOS can occur when the driver parses the per STA 
profile IE  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45555 (Memory corruption can occur if an already verified IFS2 image 
is overw ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45553 (Memory corruption can occur when process-specific maps are 
added to th ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45550 (Memory corruption occurs when invoking any IOCTL-calling 
application t ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45548 (Memory corruption while processing FIPS encryption or 
decryption valid ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45547 (Memory corruption while processing IOCTL call invoked from 
user-space  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45546 (Memory corruption while processing FIPS encryption or 
decryption IOCTL ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45542 (Memory corruption when IOCTL call is invoked from user-space 
to write  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-45541 (Memory corruption when IOCTL call is invoked from user-space 
to read b ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-43064 (Uncontrolled resource consumption when a driver, an 
application or a S ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-43063 (information disclosure while invoking the mailbox read API.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-35498 (A cross-site scripting (XSS) vulnerability in Grav v1.7.45 
allows atta ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2024-33067 (Information disclosure while invoking callback function of 
sound model ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-33061 (Information disclosure while processing IOCTL call made for 
releasing  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-33059 (Memory corruption while processing frame command IOCTL calls.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-33055 (Memory corruption while invoking IOCTL calls to unmap the DMA 
buffers.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-33041 (Memory corruption when input parameter validation for number 
of fences ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-31914 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.1.2.5 a ...)
        NOT-FOR-US: IBM
 CVE-2024-31913 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.1.2.5 a ...)
        NOT-FOR-US: IBM
 CVE-2024-23366 (Information Disclosure while invoking the mailbox write API 
when messa ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-21464 (Memory corruption while processing IPA statistics, when there 
are no a ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2024-12997
        REJECTED
 CVE-2024-12996
        REJECTED
 CVE-2024-12970 (Improper Neutralization of Special Elements used in an OS 
Command ('OS ...)
-       TODO: check
+       NOT-FOR-US: TUBITAK BILGEM Pardus OS My Computer
 CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This 
vulnerability ...)
        TODO: check
 CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows 
unexpected addit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5db5d21feba4f7f3f13f8b9be29b1fd9bae0315

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5db5d21feba4f7f3f13f8b9be29b1fd9bae0315
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to