[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 28 21:37:52 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d16275de by Salvatore Bonaccorso at 2024-08-28T22:37:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,73 +1,73 @@
 CVE-2024-8195 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7745 (In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical  ...)
-	TODO: check
+	NOT-FOR-US: Progress WS_FTP Server
 CVE-2024-7744 (In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitat ...)
-	TODO: check
+	NOT-FOR-US: Progress WS_FTP Server
 CVE-2024-7447 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7269 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: ConnX ESP HR Management
 CVE-2024-6450 (HyperViewGeoportal Toolkit in versions though8.2.4 is vulnerable to Re ...)
-	TODO: check
+	NOT-FOR-US: HyperView Geoportal Toolkit
 CVE-2024-6449 (HyperViewGeoportal Toolkit in versions though8.2.4 does not restrict c ...)
-	TODO: check
+	NOT-FOR-US: HyperView Geoportal Toolkit
 CVE-2024-6053 (Improper access control in the clipboard synchronization feature in Te ...)
-	TODO: check
+	NOT-FOR-US: TeamViewer
 CVE-2024-5546 (ZohocorpManageEngine Password Manager Pro versions before 12431 andMan ...)
-	TODO: check
+	NOT-FOR-US: Zohocorp ManageEngine
 CVE-2024-45054 (Hwameistor is an HA local storage system for cloud-native stateful wor ...)
-	TODO: check
+	NOT-FOR-US: Hwameistor
 CVE-2024-45043 (The OpenTelemetry Collector module AWS firehose receiver is for ingest ...)
-	TODO: check
+	NOT-FOR-US: OpenTelemetry Collector
 CVE-2024-44915 (An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 a ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2024-44914 (An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 a ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2024-44913 (An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 a ...)
-	TODO: check
+	NOT-FOR-US: Irfanview
 CVE-2024-44761 (An issue in EQ Enterprise Management System before v2.0.0 allows attac ...)
-	TODO: check
+	NOT-FOR-US: EQ Enterprise Management System
 CVE-2024-44760 (Incorrect access control in the component /servlet/SnoopServlet of She ...)
-	TODO: check
+	NOT-FOR-US: Shenzhou News Union Enterprise Management System
 CVE-2024-43805 (jupyterlab is an extensible environment for interactive and reproducib ...)
 	TODO: check
 CVE-2024-42905 (Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60  ...)
-	TODO: check
+	NOT-FOR-US: Beijing Digital China Cloud Technology Co., Ltd. DCME-320
 CVE-2024-42900 (Ruoyi v4.7.9 and before was discovered to contain a cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: Ruoyi
 CVE-2024-42793 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipa ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Music Management System
 CVE-2024-42698 (Roughly Enough Items (REI) v.16.0.729 and before contains an Improper  ...)
-	TODO: check
+	NOT-FOR-US: Roughly Enough Items (REI)
 CVE-2024-41565 (JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Valida ...)
-	TODO: check
+	NOT-FOR-US: JustEnoughItems (JEI)
 CVE-2024-41564 (EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Valid ...)
-	TODO: check
+	NOT-FOR-US: EMI
 CVE-2024-41236 (A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Re ...)
-	TODO: check
+	NOT-FOR-US: Kashipara Responsive School Management System
 CVE-2024-34198 (TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulne ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-34195 (TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vu ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-20478 (A vulnerability in the software upgrade component of Cisco Application ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20446 (A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software coul ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20413 (A vulnerability in Cisco NX-OS Software could allow an authenticated,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20411 (A vulnerability in Cisco NX-OS Software could allow an authenticated,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20289 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20286 (A vulnerability in the Python interpreter of Cisco NX-OS Software coul ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20285 (A vulnerability in the Python interpreter of Cisco NX-OS Software coul ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20284 (A vulnerability in the Python interpreter of Cisco NX-OS Software coul ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20279 (A vulnerability in the restricted security domain implementation of Ci ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-8231 (A vulnerability classified as critical has been found in Tenda O6 1.0. ...)
 	NOT-FOR-US: Tenda
 CVE-2024-8230 (A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated ...)
@@ -119,7 +119,7 @@ CVE-2024-4554 (Improper Input Validation vulnerability in OpenText NetIQ Access
 CVE-2024-45346 (The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon an ...)
 	NOT-FOR-US: XiaomiGetApps application
 CVE-2024-45049 (Hydra is a Continuous Integration service for Nix based projects. It i ...)
-	TODO: check
+	NOT-FOR-US: Hydra
 CVE-2024-45038 (Meshtastic device firmware is a firmware for meshtastic devices to run ...)
 	NOT-FOR-US: Meshtastic device firmware
 CVE-2024-39771 (QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier  ...)
@@ -210,9 +210,9 @@ CVE-2024-43788 (Webpack is a module bundler. Its main purpose is to bundle JavaS
 	NOTE: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986
 	NOTE: Fixed by: https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61 (v5.94.0)
 CVE-2024-43783 (The Apollo Router Core is a configurable, high-performance graph route ...)
-	TODO: check
+	NOT-FOR-US: Apollo Router
 CVE-2024-43414 (Apollo Federation is an architecture for declaratively composing APIs  ...)
-	TODO: check
+	NOT-FOR-US: Apollo Federation
 CVE-2024-42851 (Buffer Overflow vulnerability in open source exiftags v.1.01 allows a  ...)
 	TODO: check
 CVE-2024-41622 (D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command ...)
@@ -255,7 +255,7 @@ CVE-2024-43916 (Authorization Bypass Through User-Controlled Key vulnerability i
 CVE-2024-43915 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-43798 (Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SS ...)
-	TODO: check
+	NOT-FOR-US: Chisel
 CVE-2024-43356 (Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide.This is ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-43340 (Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed Advanced ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d16275def0ee9b6f52aee7da723c7b0a570ca63b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d16275def0ee9b6f52aee7da723c7b0a570ca63b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240828/c150c0c5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list