[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 25 20:06:28 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4835588 by Salvatore Bonaccorso at 2024-06-25T21:05:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -175,57 +175,57 @@ CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 from
CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7 ...)
NOT-FOR-US: PrestaShop module
CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - Customer Suppor ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-34988 (SQL injection vulnerability in the module "Complete for Create a Quote ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-33898 (Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorre ...)
- TODO: check
+ NOT-FOR-US: Axiros AXESS Auto Configuration Server (ACS)
CVE-2024-32855 (Dell Client Platform BIOS contains an Out-of-bounds Write vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-23159 (A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll t ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23158 (A maliciously crafted IGES file, when parsed in ASMImport229A.dll thro ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23157 (A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL. ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23156 (A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMke ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23155 (A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23154 (A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll throug ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23153 (A maliciously crafted MODEL file, when parsed in libodx.dll through Au ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23152 (A maliciously crafted 3DM file, when parsed in opennurbs.dll through A ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23151 (A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23150 (A maliciously crafted PRT file, when parsed in odxug_dll.dll through A ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23149 (A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll throug ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23148 (A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll throu ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23147 (A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23146 (A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL th ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23145 (A maliciously crafted PRT file, when parsed in opennurbs.dll through A ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23144 (A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMB ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23143 (A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern2 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23142 (A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23141 (A maliciously crafted MODEL file, when parsed in libodxdll through Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-23140 (A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-22385 (Incorrect Default Permissions vulnerability in Hitachi Storage Provide ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-22168 (A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud H ...)
TODO: check
CVE-2023-6198 (Use of Hard-coded Credentials vulnerability in Baicells Snap Router Ba ...)
@@ -259,7 +259,7 @@ CVE-2024-6287 (Incorrect Calculation vulnerability in Renesas arm-trusted-firmwa
CVE-2024-6285 (Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-tr ...)
TODO: check
CVE-2024-6160 (SQL Injection vulnerability in MegaBIP software allows attacker to dis ...)
- TODO: check
+ NOT-FOR-US: MegaBIP
CVE-2024-6104 (go-retryablehttp prior to 0.7.7 did not sanitize urls when writing the ...)
TODO: check
CVE-2024-5862 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
@@ -271,11 +271,11 @@ CVE-2024-4839 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the '
CVE-2024-4754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Next4Biz CRM & BPM Software Business Process Manangement (BPM)
CVE-2024-4748 (The CRUDDIY project is vulnerable to shell command injection via sendi ...)
- TODO: check
+ NOT-FOR-US: CRUDDIY project
CVE-2024-3264 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia ...)
TODO: check
CVE-2024-38373 (FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS ...)
- TODO: check
+ NOT-FOR-US: FreeRTOS-Plus-TCP
CVE-2024-38369 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2024-37825 (An issue in EnvisionWare Computer Access & Reservation Control SelfChe ...)
@@ -311,27 +311,27 @@ CVE-2024-37091 (Improper Neutralization of Special Elements used in a Command ('
CVE-2024-37089 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36497 (The decrypted configuration file contains the password in cleartext w ...)
- TODO: check
+ NOT-FOR-US: WINSelect
CVE-2024-36496 (The configuration file is encrypted with a static key derived from a ...)
- TODO: check
+ NOT-FOR-US: WINSelect
CVE-2024-36495 (The application Faronics WINSelect (Standard + Enterprise)saves its co ...)
- TODO: check
+ NOT-FOR-US: WINSelect
CVE-2024-36038 (Zoho ManageEngine ITOM products versions from128234 to 128248 are affe ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2024-34313 (An issue in VPL Jail System up to v4.0.2 allows attackers to execute a ...)
- TODO: check
+ NOT-FOR-US: VPL Jail System
CVE-2024-34312 (Virtual Programming Lab for Moodle up to v4.2.3 was discovered to cont ...)
- TODO: check
+ NOT-FOR-US: Virtual Programming Lab for Moodle
CVE-2024-33881 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...)
- TODO: check
+ NOT-FOR-US: VirtoSoftware Virto Bulk File Download for SharePoint
CVE-2024-33880 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...)
- TODO: check
+ NOT-FOR-US: VirtoSoftware Virto Bulk File Download for SharePoint
CVE-2024-33879 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...)
- TODO: check
+ NOT-FOR-US: VirtoSoftware Virto Bulk File Download for SharePoint
CVE-2024-33687 (Insufficient verification of data authenticity issue exists in NJ Seri ...)
TODO: check
CVE-2024-33278 (Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware ve ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2023-49793 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
TODO: check
CVE-2024-39292 (In the Linux kernel, the following vulnerability has been resolved: u ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48355888f10156192a077030be8d3175118ce20
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48355888f10156192a077030be8d3175118ce20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240625/3010c6fd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list