[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 21 21:24:03 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72916122 by Salvatore Bonaccorso at 2024-08-21T22:23:19+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2024-7795 (Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Sta ...)
- TODO: check
+ NOT-FOR-US: Autel
CVE-2024-7757
REJECTED
CVE-2024-7725 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-7724 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-7723 (Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-7722 (Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vuln ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2024-7604 (Logsign Unified SecOps Platform Incorrect Authorization Authentication ...)
- TODO: check
+ NOT-FOR-US: Logsign
CVE-2024-7603 (Logsign Unified SecOps Platform Directory Traversal Arbitrary Director ...)
- TODO: check
+ NOT-FOR-US: Logsign
CVE-2024-7602 (Logsign Unified SecOps Platform Directory Traversal Information Disclo ...)
- TODO: check
+ NOT-FOR-US: Logsign
CVE-2024-7601 (Logsign Unified SecOps Platform Directory data_export_delete_all Trave ...)
- TODO: check
+ NOT-FOR-US: Logsign
CVE-2024-7600 (Logsign Unified SecOps Platform Directory Traversal Arbitrary File Del ...)
- TODO: check
+ NOT-FOR-US: Logsign
CVE-2024-7448 (Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Magnet Forensics
CVE-2024-6814 (NETGEAR ProSAFE Network Management System getFilterString SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2024-6813 (NETGEAR ProSAFE Network Management System getSortString SQL Injection ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2024-6812 (IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution V ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2024-6811 (IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution V ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2024-6141 (Windscribe Directory Traversal Local Privilege Escalation Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Windscribe
CVE-2024-5930 (VIPRE Advanced Security Incorrect Permission Assignment Local Privileg ...)
- TODO: check
+ NOT-FOR-US: VIPRE
CVE-2024-5929 (VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local ...)
- TODO: check
+ NOT-FOR-US: VIPRE
CVE-2024-5928 (VIPRE Advanced Security PMAgent Link Following Local Privilege Escalat ...)
- TODO: check
+ NOT-FOR-US: VIPRE
CVE-2024-5762 (Zen Cart findPluginAdminPage Local File Inclusion Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Zen Cart
CVE-2024-5725 (Centreon initCurveList SQL Injection Remote Code Execution Vulnerabili ...)
TODO: check
CVE-2024-5723 (Centreon updateServiceHost SQL Injection Remote Code Execution Vulnera ...)
TODO: check
CVE-2024-5335 (The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Buil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43411 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
TODO: check
CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an untrusted a ...)
@@ -53,39 +53,39 @@ CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an untru
CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
TODO: check
CVE-2024-43371 (CKAN is an open-source data management system for powering data hubs a ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2024-43027 (DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1. ...)
- TODO: check
+ NOT-FOR-US: DrayTek
CVE-2024-43022 (An issue in the downloader.php component of TOSEI online store managem ...)
- TODO: check
+ NOT-FOR-US: TOSEI online store management system
CVE-2024-42786 (A SQL injection vulnerability in "/music/view_user.php" in Kashipara M ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42785 (A SQL injection vulnerability in /music/index.php?page=view_playlist i ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42784 (A SQL injection vulnerability in "/music/controller.php?page=view_musi ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42783 (Kashipara Music Management System v1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42782 (A SQL injection vulnerability in "/music/ajax.php?action=find_music" i ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42781 (A SQL injection vulnerability in "/music/ajax.php?action=login" of Kas ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42780 (An Unrestricted file upload vulnerability was found in "/music/ajax.ph ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42779 (An Unrestricted file upload vulnerability was found in "/music/ajax.ph ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42778 (An Unrestricted file upload vulnerability was found in "/music/ajax.ph ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42777 (An Unrestricted file upload vulnerability was found in "/music/ajax.ph ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42550 (A cross-site scripting (XSS) vulnerability in the component /email/wel ...)
- TODO: check
+ NOT-FOR-US: Mini Inventory and Sales Management System
CVE-2024-41937 (Apache Airflow, versions before 2.10.0, have a vulnerability that allo ...)
TODO: check
CVE-2024-41675 (CKAN is an open-source data management system for powering data hubs a ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2024-41674 (CKAN is an open-source data management system for powering data hubs a ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2024-41572 (Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting ...)
TODO: check
CVE-2024-40453 (squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72916122e1633997150da76aab353c8ec9752284
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72916122e1633997150da76aab353c8ec9752284
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240821/394a3550/attachment.htm>
More information about the debian-security-tracker-commits
mailing list