[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 06 Feb 2025 04:16:40 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a944024f by Moritz Muehlenhoff at 2025-02-06T12:56:18+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,21 +49,21 @@ CVE-2024-57074 (A prototype pollution in the lib.merge 
function of xe-utils v3.5
 CVE-2024-57072 (A prototype pollution in the lib.requireFromString function of 
module- ...)
        NOT-FOR-US: Node module-from-string
 CVE-2024-57071 (A prototype pollution in the lib.combine function of 
php-parser v3.2.1 ...)
-       TODO: check
+       NOT-FOR-US: Node php-parser
 CVE-2024-57069 (A prototype pollution in the lib function of expand-object 
v0.4.2 allo ...)
-       TODO: check
+       NOT-FOR-US: Node expand-object
 CVE-2024-57068 (A prototype pollution in the lib.mutateMergeDeep function of 
@tanstack ...)
-       TODO: check
+       NOT-FOR-US: Node @tanstack/form-core
 CVE-2024-57067 (A prototype pollution in the lib.parse function of dot-qs 
v0.2.0 allow ...)
-       TODO: check
+       NOT-FOR-US: Node dot-qs
 CVE-2024-57066 (A prototype pollution in the lib.deep function of 
@ndhoule/defaults v2 ...)
-       TODO: check
+       NOT-FOR-US: Node @ndhoule/defaults
 CVE-2024-57065 (A prototype pollution in the lib.createPath function of utile 
v0.3.0 a ...)
-       TODO: check
+       NOT-FOR-US: Node utile
 CVE-2024-57064 (A prototype pollution in the lib.setValue function of 
@syncfusion/ej2- ...)
-       TODO: check
+       NOT-FOR-US: Node @syncfusion/ej2-spreadsheet
 CVE-2024-57063 (A prototype pollution in the lib function of 
php-date-formatter v1.3.6 ...)
-       TODO: check
+       NOT-FOR-US: Node php-date-formatter
 CVE-2024-56473 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  could allow an 
attacker to  ...)
        NOT-FOR-US: IBM
 CVE-2024-56472 (IBM Aspera Shares1.9.0 through 1.10.0 PL6  is vulnerable to 
stored cro ...)
@@ -193,7 +193,7 @@ CVE-2025-0858 (A vulnerability was discovered in the 
firmware builds up to 8.2.1
 CVE-2024-9631 (An issue was discovered in GitLab CE/EE affecting all versions 
startin ...)
        - gitlab 17.3.5-2
 CVE-2024-9097 (ManageEngine Endpoint Central versions before11.3.2440.09 are 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: ManageEngine Endpoint Central
 CVE-2024-6356 (An issue was discovered in GitLab EE affecting all versions 
starting f ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2024-56135 (Improper Input Validation vulnerability of Authenticated User 
in Progr ...)
@@ -219,7 +219,7 @@ CVE-2024-42207 (HCL iAutomate is affected by a session 
fixation vulnerability. A
 CVE-2024-3976 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab 17.3.5-2
 CVE-2024-39564 (This is a similar, but different vulnerability than the issue 
reported ...)
-       TODO: check
+       NOT-FOR-US: Juniper
 CVE-2024-2878 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab 17.3.5-2
 CVE-2024-1539 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
@@ -335,11 +335,11 @@ CVE-2025-22206 (A SQL injection vulnerability in the JS 
Jobs plugin versions 1.1
 CVE-2025-1028 (The Contact Manager plugin for WordPress is vulnerable to 
arbitrary fi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-1026 (Versions of the package spatie/browsershot before 5.0.5 are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: spatie/browsershot
 CVE-2025-1025 (Versions of the package cockpit-hq/cockpit before 2.4.1 are 
vulnerable ...)
        TODO: check
 CVE-2025-1022 (Versions of the package spatie/browsershot before 5.0.5 are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: spatie/browsershot
 CVE-2025-0960 (AutomationDirect C-more EA9 HMI contains a function with bounds 
checks ...)
        NOT-FOR-US: AutomationDirect C-more EA9 HMI
 CVE-2025-0890 (**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for 
the Tel ...)
@@ -391,21 +391,21 @@ CVE-2024-45658 (IBM Security Verify Access Appliance and 
Container 10.0.0 throug
 CVE-2024-45657 (IBM Security Verify Access Appliance and Container 10.0.0 
through 10.0 ...)
        NOT-FOR-US: IBM
 CVE-2024-43187 (IBM Security Verify Access Appliance and Container 10.0.0 
through 10.0 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-40891 (**UNSUPPORTED WHEN ASSIGNED** A post-authentication command 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2024-40890 (**UNSUPPORTED WHEN ASSIGNED** A post-authentication command 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2024-40700 (IBM Security Verify Access Appliance and Container 10.0.0 
through 10.0 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-35138 (IBM Security Verify Access Appliance and Container 10.0.0 
through 10.0 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-23690 (The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected 
by a comm ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2024-13829 (The WordPress form builder plugin for contact forms, surveys 
and quizz ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13733 (The SKT Blocks \u2013 Gutenberg based Page Builder plugin for 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13723 (The "NagVis" component within Checkmk is vulnerable to remote 
code exe ...)
        - check-mk <removed>
        - nagvis 1:1.9.42-1
@@ -415,25 +415,25 @@ CVE-2024-13722 (The "NagVis" component within Checkmk is 
vulnerable to reflected
        - nagvis 1:1.9.42-1
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/04/3
 CVE-2024-13699 (The Qi Addons For Elementor plugin for WordPress is vulnerable 
to Stor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13529 (The SocialV - Social Network and Community BuddyPress Theme 
theme for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13510 (The ShopSite plugin for WordPress is vulnerable to Cross-Site 
Request  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13403 (The WPForms \u2013 Easy Form Builder for WordPress \u2013 
Contact Form ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-13356 (The DSGVO All in one for WP plugin for WordPress is vulnerable 
to Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11623 (Authentik project is vulnerable to Stored XSS attacks 
throughuploading ...)
-       TODO: check
+       NOT-FOR-US: authentik
 CVE-2024-11468 (Omnissa Horizon Client for macOS contains a Local privilege 
escalation ...)
-       TODO: check
+       NOT-FOR-US: Omnissa Horizon Client
 CVE-2024-11467 (Omnissa Horizon Client for macOS contains a Local privilege 
escalation ...)
-       TODO: check
+       NOT-FOR-US: Omnissa Horizon Client
 CVE-2023-40222 (In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build 
(1204.200), th ...)
-       TODO: check
+       NOT-FOR-US: Ashlar-Vellum Cobalt
 CVE-2023-39943 (In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build 
(1204.200), th ...)
-       TODO: check
+       NOT-FOR-US: Ashlar-Vellum Cobalt
 CVE-2024-27137 (In Apache Cassandra it is possible for a local attacker 
without access ...)
        - cassandra <itp> (bug #585905)
 CVE-2025-0510 (Thunderbird displayed an incorrect sender address if the From 
field of ...)
@@ -532,7 +532,7 @@ CVE-2025-24982 (Cross-site request forgery vulnerability 
exists in Activity Log
 CVE-2025-24962 (reNgine is an automated reconnaissance framework for web 
applications. ...)
        NOT-FOR-US: reNgine
 CVE-2025-24961 (org.gaul S3Proxy implements the S3 API and proxies requests. 
Users of  ...)
-       TODO: check
+       NOT-FOR-US: org.gaul S3Proxy
 CVE-2025-24960 (Jellystat is a free and open source Statistics App for 
Jellyfin. In af ...)
        NOT-FOR-US: Jellystat
 CVE-2025-24959 (zx is a tool for writing better scripts. An attacker with 
control over ...)
@@ -642,7 +642,7 @@ CVE-2024-56898 (Incorrect access control in Geovision 
GV-ASWeb version 6.1.0.0 o
 CVE-2024-47770 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
        NOT-FOR-US: Wazuh
 CVE-2024-44449 (Cross Site Scripting vulnerability in Quorum onQ OS 
v.6.0.0.5.2064 all ...)
-       TODO: check
+       NOT-FOR-US: Quorum onQ OS
 CVE-2024-35177 (Wazuh is a free and open source platform used for threat 
prevention, d ...)
        NOT-FOR-US: Wazuh
 CVE-2024-34897 (Nedis SmartLife android app v1.4.0 was discovered to contain 
an API ke ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a944024f516e82154db19fe7ae7c694d7f8414ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a944024f516e82154db19fe7ae7c694d7f8414ff
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to