[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 4 20:52:05 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f638078c by Salvatore Bonaccorso at 2024-11-04T21:51:51+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,153 +37,153 @@ CVE-2024-51557 (This vulnerability exists in the Wave 2.0 due to missing rate li
 CVE-2024-51556 (This vulnerability exists in the Wave 2.0 due to weak encryption of se ...)
 	TODO: check
 CVE-2024-51408 (AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource fo ...)
-	TODO: check
+	NOT-FOR-US: AppSmith Community
 CVE-2024-51329 (A Host header injection vulnerability in Agile-Board 1.0 allows attack ...)
-	TODO: check
+	NOT-FOR-US: Agile-Board
 CVE-2024-51328 (Cross Site Scripting vulnerability in addcategory.php in projectworld' ...)
-	TODO: check
+	NOT-FOR-US: projectworld's Travel Management System
 CVE-2024-51327 (SQL Injection in loginform.php in ProjectWorld's Travel Management Sys ...)
-	TODO: check
+	NOT-FOR-US: projectworld's Travel Management System
 CVE-2024-51326 (SQL Injection vulnerability in projectworlds Travel management System  ...)
-	TODO: check
+	NOT-FOR-US: projectworld's Travel Management System
 CVE-2024-51253 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51251 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51249 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51246 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51136 (An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1. ...)
-	TODO: check
+	NOT-FOR-US: openimaj
 CVE-2024-51127 (An issue in the createTempFile method of hornetq v2.4.9 allows attacke ...)
-	TODO: check
+	NOT-FOR-US: HornetQ
 CVE-2024-50531 (Unrestricted Upload of File with Dangerous Type vulnerability in David ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50530 (Unrestricted Upload of File with Dangerous Type vulnerability in Myria ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50529 (Unrestricted Upload of File with Dangerous Type vulnerability in Rudra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50528 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50527 (Unrestricted Upload of File with Dangerous Type vulnerability in Stack ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50526 (Unrestricted Upload of File with Dangerous Type vulnerability in mahla ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50525 (Unrestricted Upload of File with Dangerous Type vulnerability in Hello ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50523 (Unrestricted Upload of File with Dangerous Type vulnerability in Rainb ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-48878 (Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulne ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-48809 (An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and ono ...)
-	TODO: check
+	NOT-FOR-US: Open Networking Foundations sdran-in-a-box
 CVE-2024-48336 (The install() function of ProviderInstaller.java in Magisk App before  ...)
-	TODO: check
+	NOT-FOR-US: Magisk App
 CVE-2024-45893 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45891 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45890 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45889 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45888 (DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45887 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45885 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45884 (DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injec ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45882 (DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: DrayTek Vigor3900
 CVE-2024-45185 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-45164 (Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Se ...)
-	TODO: check
+	NOT-FOR-US: Akamai SIA (Secure Internet Access Enterprise) ThreatAvert
 CVE-2024-45086 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML e ...)
 	NOT-FOR-US: IBM
 CVE-2024-38424 (Memory corruption during GNSS HAL process initialization.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38423 (Memory corruption while processing GPU page table switch.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38422 (Memory corruption while processing voice packet with arbitrary data re ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38421 (Memory corruption while processing GPU commands.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38419 (Memory corruption while invoking IOCTL calls from the use-space for HG ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38415 (Memory corruption while handling session errors from firmware.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38410 (Memory corruption while IOCLT is called when device is in invalid stat ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38409 (Memory corruption while station LL statistic handling.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38408 (Cryptographic issue when a controller receives an LMP start encryption ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38407 (Memory corruption while processing input parameters for any IOCTL call ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38406 (Memory corruption while handling IOCTL calls in JPEG Encoder driver.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38405 (Transient DOS while processing the CU information from RNR IE.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38403 (Transient DOS while parsing BTM ML IE when per STA profile is not incl ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-36485 (Zohocorp ManageEngine ADAudit Plus versions8121 and prior are vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-34891 (Insufficiently protected credentials in DAV server settings in 1C-Bitr ...)
-	TODO: check
+	NOT-FOR-US: 1C-Bitrix Bitrix24
 CVE-2024-34887 (Insufficiently protected credentials in AD/LDAP server settings in 1C- ...)
-	TODO: check
+	NOT-FOR-US: 1C-Bitrix Bitrix24
 CVE-2024-34885 (Insufficiently protected credentials in SMTP server settings in 1C-Bit ...)
-	TODO: check
+	NOT-FOR-US: 1C-Bitrix Bitrix24
 CVE-2024-34883 (Insufficiently protected credentials in DAV server settings in 1C-Bitr ...)
-	TODO: check
+	NOT-FOR-US: 1C-Bitrix Bitrix24
 CVE-2024-34882 (Insufficiently protected credentials in SMTP server settings in 1C-Bit ...)
-	TODO: check
+	NOT-FOR-US: 1C-Bitrix Bitrix24
 CVE-2024-33068 (Transient DOS while parsing fragments of MBSSID IE from beacon frame.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33033 (Memory corruption while processing IOCTL calls to unmap the buffers.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33032 (Memory corruption when the user application modifies the same shared m ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33031 (Memory corruption while processing the update SIM PB records request.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33030 (Memory corruption while parsing IPC frequency table parameters for LPL ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33029 (Memory corruption while handling the PDR in driver for getting the rem ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-30619 (Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2024-30618 (A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11. ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2024-30617 (A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11. ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2024-30616 (Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2024-23386 (memory corruption when WiFi display APIs are invoked with large random ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23385 (Transient DOS as modem reset occurs when an unexpected MAC RAR (with i ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23377 (Memory corruption while invoking IOCTL command from user-space, when a ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-10791 (A vulnerability, which was classified as critical, has been found in C ...)
-	TODO: check
+	NOT-FOR-US: Codezips Hospital Appointment System
 CVE-2024-10768 (A vulnerability classified as problematic was found in PHPGurukul Onli ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Online Shopping Portal
 CVE-2024-10766 (A vulnerability, which was classified as critical, has been found in C ...)
-	TODO: check
+	NOT-FOR-US: Codezips Free Exam Hall Seating Management System
 CVE-2024-10765 (A vulnerability classified as critical was found in Codezips Online In ...)
-	TODO: check
+	NOT-FOR-US: Codezips Online Institute Management System
 CVE-2024-10764 (A vulnerability classified as critical has been found in Codezips Onli ...)
-	TODO: check
+	NOT-FOR-US: Codezips Online Institute Management System
 CVE-2024-10523 (This vulnerability exists in TP-Link IoT Smart Hub due to storage of W ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-10389 (There exists a Path Traversal vulnerability in Safearchive on Platform ...)
 	TODO: check
 CVE-2024-10035 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: BG-TEK Informatics Security Technologies CoslatV3
 CVE-2024-23590 (Session Fixation vulnerability in Apache Kylin.  This issue affects Ap ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2024-48342



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f638078cf1f5cb6e3ca43ead6f0e3d1785729255

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f638078cf1f5cb6e3ca43ead6f0e3d1785729255
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241104/2485ffa1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list