[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 15 21:31:23 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
851f485b by Salvatore Bonaccorso at 2024-05-15T22:30:17+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,19 +17,19 @@ CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been declared
 CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...)
 	NOT-FOR-US: Telerik Report Server
 CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Loc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices can expo ...)
-	TODO: check
+	NOT-FOR-US: alpitronic Hypercharger EV charging devices
 CVE-2024-4357 (An information disclosure vulnerability exists in Progress Telerik Rep ...)
-	TODO: check
+	NOT-FOR-US: Progress Telerik Report Server
 CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...)
 	TODO: check
 CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
@@ -37,7 +37,7 @@ CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iMana
 CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
 	TODO: check
 CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI for Win ...)
-	TODO: check
+	NOT-FOR-US: Telerik
 CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in OpenText ...)
 	TODO: check
 CVE-2024-3487 (Broken Authentication vulnerability discovered in OpenText\u2122 iMana ...)
@@ -51,105 +51,105 @@ CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This c
 CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
 	TODO: check
 CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) Transform ...)
-	TODO: check
+	NOT-FOR-US: Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints
 CVE-2024-3318 (A file path traversal vulnerability was identified in the DelimitedFil ...)
-	TODO: check
+	NOT-FOR-US: DelimitedFileConnector Cloud Connector
 CVE-2024-3317 (An improper access control was identified in the Identity Security Clo ...)
-	TODO: check
+	NOT-FOR-US: Identity Security Cloud (ISC) message server API
 CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal Installer i ...)
 	TODO: check
 CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...)
-	TODO: check
+	NOT-FOR-US: Stalwart Mail Server
 CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv- ...)
-	TODO: check
+	NOT-FOR-US: VITEC AvediaServer
 CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injection via ...)
-	TODO: check
+	NOT-FOR-US: Code-projects Budget Management
 CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...)
-	TODO: check
+	NOT-FOR-US: Code-projects Budget Management
 CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...)
 	TODO: check
 CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...)
-	TODO: check
+	NOT-FOR-US: KYKMS
 CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...)
-	TODO: check
+	NOT-FOR-US: dootask
 CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34097 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34096 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34095 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34094 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34082 (Grav is a file-based Web platform. Prior to version 1.7.46, a low priv ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2024-34025 (CyberPower PowerPanel business application code contains a hard-coded  ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel business application code
 CVE-2024-33625 (CyberPower PowerPanel business  application code contains a hard-coded ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel business application code
 CVE-2024-33615 (A specially crafted Zip file containing path traversal characters can  ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel server
 CVE-2024-32053 (Hard-coded credentials are used by the CyberPower PowerPanel    platfo ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32047 (Hard-coded credentials for the  CyberPower PowerPanel test server can  ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32042 (The key used to encrypt passwords stored in the database can be found  ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31856 (An attacker with certain MQTT permissions can create malicious message ...)
 	TODO: check
 CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical certific ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31409 (Certain MQTT wildcards are not blocked on the  CyberPower PowerPanel   ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31216 (The source-controller is a Kubernetes operator, specialised in artifac ...)
 	TODO: check
 CVE-2024-30312 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30311 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30310 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30284 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-2248 (A Header Injection vulnerability in the JFrog platform in versions bel ...)
 	TODO: check
 CVE-2024-28087 (In Bonitasoft runtime Community edition, the lack of dynamic permissio ...)
-	TODO: check
+	NOT-FOR-US: Bonitasoft
 CVE-2024-28042 (SUBNET Solutions Inc. has identified vulnerabilities in third-party co ...)
 	TODO: check
 CVE-2024-27593 (A stored cross-site scripting (XSS) vulnerability in the Filter functi ...)
 	TODO: check
 CVE-2024-27353 (A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde  ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2024-25079 (A memory corruption vulnerability in HddPassword in Insyde InsydeH2O k ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2024-25078 (A memory corruption vulnerability in StorageSecurityCommandDxe in Insy ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2024-20394 (A vulnerability in Cisco AppDynamics Network Visibility Agent could al ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20392 (A vulnerability in the web-based management API of Cisco AsyncOS Softw ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20391 (A vulnerability in the Network Access Manager (NAM) module of Cisco Se ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20383 (A vulnerability in the Cisco Crosswork NSO CLI and the ConfD CLI could ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20369 (A vulnerability in the web-based management interface of Cisco Crosswo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20366 (A vulnerability in the Tail-f High Availability Cluster Communications ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20258 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20257 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20256 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2023-7258 (A denial of service exists in Gvisor Sandbox where a bug in reference  ...)
 	TODO: check
 CVE-2023-6324 (ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session  ...)
@@ -651,15 +651,15 @@ CVE-2024-26238 (Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vu
 CVE-2024-26007 (An improper check or handling of exceptional conditions vulnerability  ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-23105 (A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet Forti ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2024-22270 (VMware Workstation and Fusion contain an information disclosure vulner ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-22269 (VMware Workstation and Fusion contain an information disclosure vulner ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-22268 (VMware Workstation and Fusion contain a heap buffer-overflow vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-22267 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities could cau ...)
 	TODO: check
 CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities could cau ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/851f485b8b37a7c6f0140234b9049514ba3805f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/851f485b8b37a7c6f0140234b9049514ba3805f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240515/85425554/attachment.htm>

More information about the debian-security-tracker-commits mailing list