[Git][security-tracker-team/security-tracker][master] NFUS

Thu, 23 Jan 2025 08:24:49 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
175c2805 by Moritz Muehlenhoff at 2025-01-23T17:24:12+01:00
NFUS

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -377,7 +377,7 @@ CVE-2023-37003 (Open5GS MME versions <= 2.6.4 contain an 
assertion that can be r
 CVE-2023-37002 (Open5GS MME versions <= 2.6.4 contain an assertion that can be 
remotel ...)
        NOT-FOR-US: Open5GS
 CVE-2023-36998 (The NextEPC MME <= 1.0.1 (fixed in commit 
a8492c9c5bc0a66c6999cb5a2635 ...)
-       TODO: check
+       NOT-FOR-US: NextEPC MME
 CVE-2024-52948 [CSRF on 2FA registration]
        - lemonldap-ng 2.20.2+ds-1
        [bookworm] - lemonldap-ng <no-dsa> (Will be fixed via point update)
@@ -604,9 +604,9 @@ CVE-2024-57360 (https://www.gnu.org/software/binutils/ nm 
>=2.43 is affected by:
 CVE-2024-55959 (Northern.tech Mender Client 4.x before 4.0.5 has Insecure 
Permissions.)
        NOT-FOR-US: Northern.tech Mender Client
 CVE-2024-55958 (Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 
3.21.5, and b ...)
-       TODO: check
+       NOT-FOR-US: CFEngine Enterprise Mission Portal
 CVE-2024-49749 (In DGifSlurp of dgif_lib.c, there is a possible out of bounds 
write du ...)
-       TODO: check
+       NOT-FOR-US: DGifSlurp
 CVE-2024-49748 (In gatts_process_primary_service_req of gatt_sr.cc, there is a 
possibl ...)
        NOT-FOR-US: Android
 CVE-2024-49747 (In gatts_process_read_by_type_req of gatt_sr.cc, there is a 
possible o ...)
@@ -710,11 +710,11 @@ CVE-2024-11218 (A vulnerability was found in `podman 
build` and `buildah.` This
        [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
        NOTE: https://github.com/advisories/GHSA-5vpc-35f4-r8w6
 CVE-2023-50733 (A Server-Side Request Forgery (SSRF) vulnerability has been 
identified ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2023-40132 (In setActualDefaultRingtoneUri of RingtoneManager.java, there 
is a pos ...)
        NOT-FOR-US: Android
 CVE-2023-40108 (In multiple locations, there is a possible way to access media 
content ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-37039 (A Null pointer dereference vulnerability in the Mobile 
Management Enti ...)
        NOT-FOR-US: Magma
 CVE-2023-37038 (A Null pointer dereference vulnerability in the Mobile 
Management Enti ...)
@@ -817,7 +817,7 @@ CVE-2025-23461 (Improper Neutralization of Input During Web 
Page Generation ('Cr
 CVE-2025-23454 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-23369 (An improper verification of cryptographic signature 
vulnerability was  ...)
-       TODO: check
+       NOT-FOR-US: GitHub Enterprise Server
 CVE-2025-23184 (A potential denial of service vulnerability is present in 
versions of  ...)
        NOT-FOR-US: Apache CXF
 CVE-2025-23086 (On most desktop platforms, Brave Browser versions 
1.70.x-1.73.x includ ...)
@@ -889,7 +889,7 @@ CVE-2025-0614 (Input validation vulnerability in Qualifio's 
Wheel of Fortune. Th
 CVE-2025-0450 (The Betheme plugin for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-0377 (HashiCorp\u2019s go-slug library is vulnerable to a zip-slip 
style att ...)
-       TODO: check
+       NOT-FOR-US: go-slug
 CVE-2025-0371 (The JetElements plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6466 (NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows 
an att ...)
@@ -905,7 +905,7 @@ CVE-2024-56990 (PHPGurukul Hospital Management System 4.0 
is vulnerable to Cross
 CVE-2024-56277 (Improper Encoding or Escaping of Output vulnerability in Poll 
Maker Te ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-55504 (An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 
allows loc ...)
-       TODO: check
+       NOT-FOR-US: RAR Extractor - Unarchiver Free and Pro
 CVE-2024-54795 (SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting 
(XSS) vul ...)
        NOT-FOR-US: SpagoBI
 CVE-2024-54794 (The script input feature of SpagoBI 3.5.1 allows arbitrary 
code execut ...)
@@ -913,7 +913,7 @@ CVE-2024-54794 (The script input feature of SpagoBI 3.5.1 
allows arbitrary code
 CVE-2024-54792 (A Cross-Site Request Forgery (CSRF) vulnerability has been 
found in Sp ...)
        NOT-FOR-US: SpagoBI
 CVE-2024-53829 (CodeChecker is an analyzer tooling, defect database and viewer 
extensi ...)
-       TODO: check
+       NOT-FOR-US: CodeChecker
 CVE-2024-52973 (An allocation of resources without limits or throttling in 
Kibana can  ...)
        - kibana <itp> (bug #700337)
 CVE-2024-51919 (Unrestricted Upload of File with Dangerous Type vulnerability 
in NotFo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175c280566288aad47fd25bb4e5e30b0ba710196

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175c280566288aad47fd25bb4e5e30b0ba710196
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to