[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu May 2 10:38:01 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f72cfcbb by Moritz Muehlenhoff at 2024-05-02T11:37:27+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-4142 (An Improper input validation vulnerability that could potentially lead ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2024-3490 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3481 (The Counter Box WordPress plugin before 1.2.4 does not have CSRF chec ...)
@@ -21,15 +21,15 @@ CVE-2024-3471 (The Button Generator WordPress plugin before 3.0 does not have C
CVE-2024-3280 (The Follow Us Badges plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2024-32971 (Apollo Router is a configurable, graph router written in Rust to run a ...)
- TODO: check
+ NOT-FOR-US: Apollo Router
CVE-2024-32962 (xml-crypto is an xml digital signature and encryption library for Node ...)
- TODO: check
+ NOT-FOR-US: Node xml-crypto
CVE-2024-32882 (Wagtail is an open source content management system built on Django. I ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2024-2405 (The Float menu WordPress plugin before 6.0.1 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51631 (D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...)
NOT-FOR-US: Tenda
CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...)
@@ -67,7 +67,7 @@ CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in the Settings menu
CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSim ...)
NOT-FOR-US: CMSimple
CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows a local ...)
- TODO: check
+ NOT-FOR-US: spiderpool
CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...)
NOT-FOR-US: SourceCodester Laboratory Management System
CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable to Cross ...)
@@ -79,13 +79,13 @@ CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) Markdown editor has a
CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote ...)
NOT-FOR-US: Realisation MGSD
CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send ...)
- TODO: check
+ NOT-FOR-US: libpag
CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered connections such ...)
TODO: check
CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation Platform ...)
- TODO: check
+ NOT-FOR-US: Nautobot
CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...)
- TODO: check
+ NOT-FOR-US: Pluto
CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...)
NOT-FOR-US: LoMag WareHouse Management application
CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0. ...)
@@ -95,15 +95,15 @@ CVE-2024-32211 (An issue in LOGINT LoMag Inventory Management v1.0.20.120 and be
CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 and olde ...)
NOT-FOR-US: LoMag WareHouse Management application
CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in CX-One ...)
- TODO: check
+ NOT-FOR-US: CX-One
CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer included in C ...)
- TODO: check
+ NOT-FOR-US: CX-One
CVE-2024-30176 (In Logpoint before 7.4.0, an attacker can enumerate a valid list of us ...)
- TODO: check
+ NOT-FOR-US: Logpoint
CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to authenti ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially vulnerable to ...)
NOT-FOR-US: HP
CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. ...)
@@ -111,17 +111,17 @@ CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scrip
CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with privileged ...)
NOT-FOR-US: IBM
CVE-2024-26504 (An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute ...)
- TODO: check
+ NOT-FOR-US: Wifire Hotspot
CVE-2024-26305 (There is a buffer overflow vulnerability in the underlying Utility dae ...)
NOT-FOR-US: HPE Aruba Networking
CVE-2024-26304 (There is a buffer overflow vulnerability in the underlying L2/L3 Manag ...)
NOT-FOR-US: HPE Aruba Networking
CVE-2024-25676 (An issue was discovered in ViewerJS 0.5.8. A script from the component ...)
- TODO: check
+ NOT-FOR-US: ViewerJS
CVE-2024-25458 (An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board ident ...)
NOT-FOR-US: CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera firmware
CVE-2024-25355 (s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes ...)
- TODO: check
+ NOT-FOR-US: s3-url-parser
CVE-2024-25015 (IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a r ...)
NOT-FOR-US: IBM
CVE-2024-24978 (Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. Receivi ...)
@@ -131,17 +131,17 @@ CVE-2024-24912 (A local privilege escalation vulnerability has been identified i
CVE-2024-24403
REJECTED
CVE-2024-24313 (An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote att ...)
- TODO: check
+ NOT-FOR-US: Vaales Technologies V_QRS
CVE-2024-24312 (SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 ...)
- TODO: check
+ NOT-FOR-US: Vaales Technologies V_QRS
CVE-2024-23597 (Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8 ...)
NOT-FOR-US: TvRock
CVE-2024-23480 (A fallback mechanism in code sign checking on macOS may allow arbitrar ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2024-23457 (The anti-tampering functionality of the Zscaler Client Connector can b ...)
NOT-FOR-US: Zscaler
CVE-2024-22830 (Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2 ...)
- TODO: check
+ NOT-FOR-US: Anti-Cheat Expert
CVE-2024-20378 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
NOT-FOR-US: Cisco
CVE-2024-20376 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72cfcbbb7d0c98df6670d72ca2ec5ff14510488
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72cfcbbb7d0c98df6670d72ca2ec5ff14510488
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240502/c56ca86e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list