[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 23 09:57:32 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
feae722f by Moritz Muehlenhoff at 2024-02-23T10:57:08+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52,65 +52,65 @@ CVE-2024-25748 (A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3
 CVE-2024-25746 (Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firm ...)
 	NOT-FOR-US: Tenda
 CVE-2024-25385 (An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial  ...)
-	TODO: check
+	NOT-FOR-US: FLVMeta
 CVE-2024-25369 (A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2 ...)
-	TODO: check
+	NOT-FOR-US: FUEL CMS
 CVE-2024-25130 (Tuleap is an open source suite to improve management of software devel ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2024-25129 (The CodeQL CLI repo holds binaries for the CodeQL command line interfa ...)
-	TODO: check
+	NOT-FOR-US: CodeQL
 CVE-2024-25021 (IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileg ...)
 	NOT-FOR-US: IBM
 CVE-2024-24817 (Discourse Calendar adds the ability to create a dynamic calendar in th ...)
-	TODO: check
+	NOT-FOR-US: Discourse Calendar
 CVE-2024-23094 (Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forge ...)
-	TODO: check
+	NOT-FOR-US: Flusity-CMS
 CVE-2024-22547 (WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).)
-	TODO: check
+	NOT-FOR-US: WayOS
 CVE-2024-22243 (Applications that use UriComponentsBuilderto parse an externally provi ...)
 	TODO: check
 CVE-2024-1786 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-1784 (A vulnerability classified as problematic was found in Limbas 5.2.14.  ...)
-	TODO: check
+	NOT-FOR-US: Limbas
 CVE-2024-1783 (A vulnerability classified as critical has been found in Totolink LR12 ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2024-1781 (A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_202307 ...)
-	TODO: check
+	NOT-FOR-US: Totolink
 CVE-2024-1779 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1778 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1777 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1776 (The Admin side data storage for Contact Form 7 plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1750 (A vulnerability, which was classified as critical, was found in Temmok ...)
-	TODO: check
+	NOT-FOR-US: TemmokuMVC
 CVE-2024-1749 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: Bhojon Best Restaurant Management Software
 CVE-2024-1748 (A vulnerability classified as critical was found in van_der_Schaar LAB ...)
-	TODO: check
+	NOT-FOR-US: van_der_Schaar LAB AutoPrognosis
 CVE-2024-1683 (A DLL injection vulnerability exists where an authenticated, low-privi ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2024-1563 (An attacker could have executed unauthorized scripts on top origin sit ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Firefox Focus
 CVE-2024-1104 (An unauthenticated remote attacker can bypass the brute force preventi ...)
-	TODO: check
+	NOT-FOR-US: Areal Topkapi WebServ2
 CVE-2024-0220 (B&R Automation Studio Upgrade Service and B&R Technology Guarding use  ...)
-	TODO: check
+	NOT-FOR-US: B&R Automation Studio
 CVE-2023-51653 (Hertzbeat is a real-time monitoring system. In the implementation of ` ...)
-	TODO: check
+	NOT-FOR-US: Hertzbeat
 CVE-2023-51450 (baserCMS is a website development framework. Prior to version 5.0.9, t ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2023-51389 (Hertzbeat is a real-time monitoring system. At the interface of `/defi ...)
-	TODO: check
+	NOT-FOR-US: Hertzbeat
 CVE-2023-51388 (Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`,  ...)
-	TODO: check
+	NOT-FOR-US: Hertzbeat
 CVE-2023-44379 (baserCMS is a website development framework. Prior to version 5.0.9, t ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2023-37540 (Sametime Connect desktop chat client includes, but does not use or req ...)
-	TODO: check
+	NOT-FOR-US: Sametime Connect
 CVE-2024-26141 [Reject Range headers which are too large]
 	- ruby-rack <unfixed>
 	NOTE: https://github.com/rack/rack/releases/tag/v2.2.8.1
@@ -236,7 +236,7 @@ CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout modul
 CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scri ...)
 	NOT-FOR-US: Kirby CMS
 CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Querybook
 CVE-2024-25801 (SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded fi ...)
 	NOT-FOR-US: SKINsoft S-Museum
 CVE-2024-25423 (An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execu ...)
@@ -244,7 +244,7 @@ CVE-2024-25423 (An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to
 CVE-2024-25251 (code-projects Agro-School Management System 1.0 is suffers from Incorr ...)
 	NOT-FOR-US: code-projects Agro-School Management System
 CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1, the C ...)
-	TODO: check
+	NOT-FOR-US: Fiber
 CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform  ...)
 	NOT-FOR-US: Discourse plugin
 CVE-2024-23137 (A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll parsed thr ...)
@@ -374,7 +374,7 @@ CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.)
 CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver when exitin ...)
 	NOT-FOR-US: Silabs
 CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 ...)
-	TODO: check
+	NOT-FOR-US: Terminalfour
 CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified Intelligence  ...)
 	NOT-FOR-US: Cisco
 CVE-2024-1714
@@ -402,9 +402,9 @@ CVE-2024-1700 (A vulnerability, which was classified as problematic, was found i
 CVE-2024-1474 (In WS_FTP Server versions before 8.8.5, reflected cross-site scripting ...)
 	NOT-FOR-US: Progress WS_FTP Server
 CVE-2024-1212 (Unauthenticated remote attackers can access the system through the Loa ...)
-	TODO: check
+	NOT-FOR-US: LoadMaster Linux
 CVE-2023-7235 (The OpenVPN GUI installer before version 2.6.9 did not set the proper  ...)
-	TODO: check
+	NOT-FOR-US: OpenVPN 2.x GUI on Windows
 CVE-2023-6640 (Malformed S2 Nonce Get Command Class packets can be sent to crash PC C ...)
 	NOT-FOR-US: Silabs
 CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be sent to th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feae722f15f348e7caf7c1ecdd9f1ff00a720293

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feae722f15f348e7caf7c1ecdd9f1ff00a720293
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240223/376e81bb/attachment.htm>

More information about the debian-security-tracker-commits mailing list