[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 16 08:52:11 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
210e00e9 by Moritz Muehlenhoff at 2024-04-16T09:51:41+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -173,89 +173,89 @@ CVE-2024-30840 (A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows
 CVE-2024-30546 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-30220 (Command injection vulnerability in MZK-MF300N all firmware versions al ...)
-	TODO: check
+	NOT-FOR-US: MZK-MF300N
 CVE-2024-30219 (Active debug code vulnerability exists in MZK-MF300N all firmware vers ...)
-	TODO: check
+	NOT-FOR-US: MZK-MF300N
 CVE-2024-2659 (A command injection vulnerability was identified in SMM/SMM2 and FPC t ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-29219 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and ear ...)
-	TODO: check
+	NOT-FOR-US: KEYENCE KV STUDIO
 CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and ea ...)
-	TODO: check
+	NOT-FOR-US: KEYENCE KV STUDIO
 CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente middleware ...)
-	TODO: check
+	NOT-FOR-US: Cente
 CVE-2024-28894 (Out-of-bounds read vulnerability caused by improper checking of the op ...)
-	TODO: check
+	NOT-FOR-US: Cente
 CVE-2024-28558 (SQL Injection vulnerability in sourcecodester Petrol pump management s ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2024-28557 (SQL Injection vulnerability in Sourcecodester php task management syst ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2024-28556 (SQL Injection vulnerability in Sourcecodester php task management syst ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester
 CVE-2024-28099 (VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search p ...)
-	TODO: check
+	NOT-FOR-US: VT Studio
 CVE-2024-28056 (Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role  ...)
-	TODO: check
+	NOT-FOR-US: Amazon AWS Amplify CLI
 CVE-2024-26023 (OS command injection vulnerability in BUFFALO wireless LAN routers all ...)
-	TODO: check
+	NOT-FOR-US: BUFFALO
 CVE-2024-24898 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	TODO: check
 CVE-2024-24891 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	TODO: check
 CVE-2024-24487 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...)
-	TODO: check
+	NOT-FOR-US: silex
 CVE-2024-24486 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...)
-	TODO: check
+	NOT-FOR-US: silex
 CVE-2024-24485 (An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows ...)
-	TODO: check
+	NOT-FOR-US: silex
 CVE-2024-23911 (Out-of-bounds read vulnerability caused by improper checking of the op ...)
-	TODO: check
+	NOT-FOR-US: Cente
 CVE-2024-23594 (A buffer overflow vulnerability was reported  in a system recovery boo ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-23593 (A vulnerability was reported  in a system recovery bootloader that was ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-23560 (HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revoc ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-23559 (HCL DevOps Deploy / Launch is generating an obsolete HTTP header.)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-23486 (Plaintext storage of a password issue exists in BUFFALO wireless LAN r ...)
-	TODO: check
+	NOT-FOR-US: BUFFALO
 CVE-2024-22439 (A potential security vulnerability has been identified in HPE FlexFabr ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-22438 (A potential security vulnerability has been identified in Hewlett Pack ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-22437 (A potential security vulnerability has been identified in VSS Provider ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-22435 (A potential security vulnerability has been identified in Web ViewPoin ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-22014 (An issue discovered in 360 Total Security Antivirus through 11.0.0.106 ...)
-	TODO: check
+	NOT-FOR-US: 360 Total Security Antivirus
 CVE-2023-4857 (An authentication bypass vulnerability was identified in SMM/SMM2 and  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-4856 (A format string vulnerability was identified in SMM/SMM2 and FPC that  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-4855 (A command injection vulnerability was identified in SMM/SMM2 and FPC t ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2023-48710 (iTop is an IT service management platform.  Files from the `env-produc ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2023-48709 (iTop is an IT service management platform.  When exporting data from b ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2023-47626 (iTop is an IT service management platform.  When displaying/editing th ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2023-47622 (iTop is an IT service management platform.  When dashlet are refreshed ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2023-47123 (iTop is an IT service management platform.  By filling malicious code  ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2023-45808 (iTop is an IT service management platform.  When creating or updating  ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2023-45503 (SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote  ...)
-	TODO: check
+	NOT-FOR-US: Macrob7 Macs CMS
 CVE-2023-44396 (iTop is an IT service management platform.  Dashlet edits ajax endpoin ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2023-43790 (iTop is an IT service management platform.  By manipulating HTTP queri ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2023-38511 (iTop is an IT service management platform.  Dashboard editor : can loa ...)
-	TODO: check
+	NOT-FOR-US: iTop
 CVE-2024-XXXX [validate a server certificate in a TLS-based server-server connection]
 	- ngircd 27~rc1-1
 	NOTE: https://github.com/ngircd/ngircd/issues/120
@@ -297,7 +297,7 @@ CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated
 CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been declared as ...)
 	NOT-FOR-US: Emlog Pro
 CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component does  ...)
-	TODO: check
+	NOT-FOR-US: TECNO Mobile Limited
 CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...)
 	NOT-FOR-US: JFrog Artifactory Self-Hosted
 CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
@@ -399,23 +399,23 @@ CVE-2024-2836 (The Social Share, Social Login and Social Comments Plugin  WordPr
 CVE-2024-2739 (The Advanced Search WordPress plugin through 1.1.6 does not have CSRF  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-29844 (Default credentials on the Web Interface of Evolution Controller 2.x ( ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-29843 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-29842 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-29841 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-29840 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-29839 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-29838 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-29837 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-29836 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
-	TODO: check
+	NOT-FOR-US: Evolution Controller
 CVE-2024-27462
 	REJECTED
 CVE-2024-1849 (The WP Customer Reviews WordPress plugin before 3.7.1 does not validat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/210e00e9ea3983ffc2d23069ffc18be627343c3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/210e00e9ea3983ffc2d23069ffc18be627343c3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240416/5f1b3c15/attachment.htm>

More information about the debian-security-tracker-commits mailing list