[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 5 20:45:17 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85abe301 by Salvatore Bonaccorso at 2024-12-05T21:44:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28,121 +28,121 @@ CVE-2024-53856 (rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1,
CVE-2024-53846 (OTP is a set of Erlang libraries, which consists of the Erlang runtime ...)
TODO: check
CVE-2024-53703 (A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-53702 (Use of cryptographically weak pseudo-random number generator (PRNG) vu ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-53490 (Favorites-web 1.3.0 favorites-web has a directory traversal vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Favorites-web
CVE-2024-53472 (WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (C ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-53471 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-53470 (Multiple stored cross-site scripting (XSS) vulnerabilities in the comp ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2024-53442 (whapa v1.59 is vulnerable to Command Injection via a crafted filename ...)
- TODO: check
+ NOT-FOR-US: whapa
CVE-2024-52564 (Inclusion of undocumented features or chicken bits issue exists in UD- ...)
- TODO: check
+ NOT-FOR-US: UD-LT1
CVE-2024-52271 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
- TODO: check
+ NOT-FOR-US: Documenso
CVE-2024-52270 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
TODO: check
CVE-2024-51555 (Default Credentail vulnerabilities allows access to an Aspect device u ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51554 (Default Credentail vulnerabilities in ASPECT on Linux allows access to ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51551 (Default Credentail vulnerabilities in ASPECT on Linux allows access to ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51550 (Data Validation / Data Sanitization vulnerabilities in Linux allows u ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51549 (Absolute File Traversal vulnerabilities allows access and modificatio ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51548 (Dangerous File Upload vulnerabilities allow upload of malicious script ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51546 (Credentials Disclosure vulnerabilities allow access to on board projec ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51545 (Username Enumeration vulnerabilities allow access to application level ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51544 (Service Control vulnerabilities allow access to service restart reques ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51543 (Information Disclosure vulnerabilities allow access to application con ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51542 (Configuration Download vulnerabilities allow access to dependency conf ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-51541 (Local File Inclusion vulnerabilities allow access to sensitive system ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48847 (MD5 Checksum Bypass vulnerabilities where found exploiting a weakness ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48846 (Cross Site Request Forgery vulnerabilities where found providing a pot ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48845 (Weak Password Reset Rules vulnerabilities where found providing a pot ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48844 (Denial of Service vulnerabilities where found providing a potiential f ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48843 (Denial of Service vulnerabilities where found providing a potiential f ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48840 (Unauthorized Access vulnerabilities allow Remote Code Execution. Affec ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-48839 (Improper Input Validation vulnerability allows Remote Code Execution. ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-47133 (UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 ...)
- TODO: check
+ NOT-FOR-US: UD-LT1
CVE-2024-45841 (Incorrect permission assignment for critical resource issue exists in ...)
- TODO: check
+ NOT-FOR-US: UD-LT1
CVE-2024-45319 (A vulnerability in the SonicWall SMA100 SSLVPN firmware10.2.1.13-72s ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-45318 (A vulnerability in the SonicWall SMA100 SSLVPN web management interfac ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-41579 (DTStack Taier 1.4.0 allows remote attackers to specify the jobName par ...)
- TODO: check
+ NOT-FOR-US: DTStack Taier
CVE-2024-40763 (Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVP ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-12247 (Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 ...)
TODO: check
CVE-2024-12235 (A vulnerability was found in Shenzhen Dashi Tongzhou Information Techn ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Dashi Tongzhou Information Technology AgileBPM
CVE-2024-12234 (A vulnerability was found in 1000 Projects Beauty Parlour Management S ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Beauty Parlour Management System
CVE-2024-12233 (A vulnerability was found in code-projects Online Notice Board up to 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Notice Board
CVE-2024-12232 (A vulnerability has been found in code-projects Simple CRUD Functional ...)
- TODO: check
+ NOT-FOR-US: code-projects Simple CRUD Functionality
CVE-2024-12231 (A vulnerability, which was classified as critical, was found in CodeZi ...)
- TODO: check
+ NOT-FOR-US: CodeZips Project Management System
CVE-2024-12230 (A vulnerability, which was classified as critical, has been found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Complaint Management System
CVE-2024-12229 (A vulnerability classified as critical was found in PHPGurukul Complai ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Complaint Management System
CVE-2024-12228 (A vulnerability classified as critical has been found in PHPGurukul Co ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Complaint Management System
CVE-2024-12227 (A vulnerability, which was classified as problematic, was found in MSI ...)
- TODO: check
+ NOT-FOR-US: MSI Dragon Center
CVE-2024-12130 (An \u201cout of bounds read\u201d code execution vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12094 (This vulnerability exists in the Tinxy mobile app due to storage of lo ...)
- TODO: check
+ NOT-FOR-US: Tinxy mobile app
CVE-2024-11942 (A vulnerability in Drupal Core allows File Manipulation.This issue aff ...)
TODO: check
CVE-2024-11941 (A vulnerability in Drupal Core allows Excessive Allocation.This issue ...)
TODO: check
CVE-2024-11779 (The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11420 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11341 (The Simple Redirection plugin for WordPress is vulnerable to Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11324 (The Accounting for WooCommerce plugin for WordPress is vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11317 (Session Fixation vulnerabilities allow an attacker to fix a users sess ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-11316 (Fileszie Check vulnerabilities allow a malicious user to bypass size l ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-11158 (An \u201cuninitialized variable\u201d code execution vulnerability exi ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11156 (An \u201cout of bounds write\u201d code execution vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11155 (A \u201cuse after free\u201d code execution vulnerability exists in t ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11148 (In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, ht ...)
TODO: check
CVE-2024-10937 (The Related Posts, Inline Related Posts, Contextual Related Posts, Rel ...)
@@ -240,7 +240,7 @@ CVE-2024-52278
CVE-2024-52277 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
NOT-FOR-US: DocuSeal
CVE-2024-52276 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
- TODO: check
+ NOT-FOR-US: DocuSign
CVE-2024-52275 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
NOT-FOR-US: Tenda
CVE-2024-52274 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
@@ -250,7 +250,7 @@ CVE-2024-52273 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Tech
CVE-2024-52272 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
NOT-FOR-US: Tenda
CVE-2024-52269 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
- TODO: check
+ NOT-FOR-US: DocuSign
CVE-2024-51465 (IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, ...)
NOT-FOR-US: IBM
CVE-2024-48453 (An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to exe ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85abe3012b474cb67080058039801c2b8475966e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85abe3012b474cb67080058039801c2b8475966e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241205/332c82dd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list