[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 10 19:31:09 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70a31c7c by Moritz Muehlenhoff at 2024-11-10T20:30:52+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -502,15 +502,15 @@ CVE-2024-35418 (wac commit 385e1 was discovered to contain a heap overflow via t
 CVE-2024-35410 (wac commit 385e1 was discovered to contain a heap overflow via the int ...)
 	NOT-FOR-US: wac
 CVE-2024-27532 (wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is  ...)
-	TODO: check
+	NOT-FOR-US: wasm-micro-runtime
 CVE-2024-27530 (wasm3 139076a contains a Use-After-Free in ForEachModule.)
-	TODO: check
+	NOT-FOR-US: wasm3
 CVE-2024-27529 (wasm3 139076a contains memory leaks in Read_utf8.)
-	TODO: check
+	NOT-FOR-US: wasm3
 CVE-2024-27528 (wasm3 139076a suffers from Invalid Memory Read, leading to DoS and pot ...)
-	TODO: check
+	NOT-FOR-US: wasm3
 CVE-2024-27527 (wasm3 139076a is vulnerable to Denial of Service (DoS).)
-	TODO: check
+	NOT-FOR-US: wasm3
 CVE-2024-21994 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are ...)
 	NOT-FOR-US: NetAPP
 CVE-2024-11026 (A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on A ...)
@@ -572,13 +572,13 @@ CVE-2024-10973
 CVE-2024-9841 (A Reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
 	NOT-FOR-US: OpenText
 CVE-2024-51997 (Trustee is a set of tools and components for attesting confidential gu ...)
-	TODO: check
+	NOT-FOR-US: Trustee
 CVE-2024-51211 (SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9. ...)
-	TODO: check
+	NOT-FOR-US: openSIS-Classic
 CVE-2024-51152 (File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a r ...)
 	NOT-FOR-US: Laravel CMS
 CVE-2024-51055 (An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary co ...)
-	TODO: check
+	NOT-FOR-US: Hoosk
 CVE-2024-51032 (A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of  ...)
 	NOT-FOR-US: Sourcecodester Toll Tax Management System
 CVE-2024-51031 (A Cross-site Scripting (XSS) vulnerability in manage_account.php in So ...)
@@ -592,7 +592,7 @@ CVE-2024-50811 (hopetree izone lts c011b48 contains a server-side request forger
 CVE-2024-50810 (hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulne ...)
 	NOT-FOR-US: hopetree izone
 CVE-2024-50634 (A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allo ...)
-	TODO: check
+	NOT-FOR-US: Watcharr
 CVE-2024-50593 (An attacker with local access to the medical office computer can  acce ...)
 	NOT-FOR-US: Elefant Service tool
 CVE-2024-50592 (An attacker with local access the to medical office computer can  esca ...)
@@ -626,7 +626,7 @@ CVE-2024-40240 (An incorrect access control issue in HomeServe Home Repair' andr
 CVE-2024-40239 (An incorrect access control issue in Life: Personal Diary, Journal and ...)
 	NOT-FOR-US: Life: Personal Diary, Journal android app
 CVE-2024-25431 (An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and f ...)
-	TODO: check
+	NOT-FOR-US: wasm-micro-runtime
 CVE-2024-10839 (Zohocorp ManageEngine SharePoint Manager Plus versions4503 and prior a ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-10325 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
@@ -642,7 +642,7 @@ CVE-2024-7982 (The Registrations for the Events Calendar  WordPress plugin befor
 CVE-2024-51998 (changedetection.io is a free open source web page change detection too ...)
 	NOT-FOR-US: changedetection.io
 CVE-2024-51987 (Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries  ...)
-	TODO: check
+	NOT-FOR-US: Duende.AccessTokenManagement.OpenIdConnect
 CVE-2024-51434 (Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG  ...)
 	NOT-FOR-US: Froala WYSIWYG editor
 CVE-2024-50766 (SourceCodester Survey Application System 1.0 is vulnerable to SQL Inje ...)
@@ -676,7 +676,7 @@ CVE-2024-36062 (The com.callassistant.android (aka AI Call Assistant & Screener)
 CVE-2024-24409 (Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulne ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2024-21538 (Versions of the package cross-spawn before 7.0.5 are vulnerable to Reg ...)
-	TODO: check
+	NOT-FOR-US: Node cross-spawn
 CVE-2024-11000 (A vulnerability classified as problematic was found in CodeAstro Real  ...)
 	NOT-FOR-US: CodeAstro Real Estate Management System
 CVE-2024-10999 (A vulnerability classified as problematic has been found in CodeAstro  ...)
@@ -893,7 +893,7 @@ CVE-2024-51994 (Combodo iTop is a web based IT Service Management tool. In affec
 CVE-2024-51993 (Combodo iTop is a web based IT Service Management tool. An attacker ac ...)
 	NOT-FOR-US: Combodo iTop
 CVE-2024-51989 (Password Pusher is an open source application to communicate sensitive ...)
-	TODO: check
+	NOT-FOR-US: Password Pusher
 CVE-2024-51758 (Filament is a collection of full-stack components for accelerated Lara ...)
 	NOT-FOR-US: Filament
 CVE-2024-51504 (When using IPAuthenticationProvider in ZooKeeper Admin Server there is ...)
@@ -907,7 +907,7 @@ CVE-2024-51504 (When using IPAuthenticationProvider in ZooKeeper Admin Server th
 	NOTE: Fixed by: https://github.com/apache/zookeeper/commit/bd5be58c562ce992de8af43cdef0bdb34261a525 (release-3.9.3-0)
 	NOTE: Followup to disable (X-Forwarded-For by default): https://github.com/apache/zookeeper/commit/67037ad9087b4e554f77427e88d40df1eb19d6d3 (release-3.9.3-0)
 CVE-2024-51428 (An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denia ...)
-	TODO: check
+	NOT-FOR-US: Espressif Esp idf
 CVE-2024-48954 (An issue was discovered in Logpoint before 7.5.0. Unvalidated input du ...)
 	NOT-FOR-US: Logpoint
 CVE-2024-48953 (An issue was discovered in Logpoint before 7.5.0. Endpoints for creati ...)
@@ -947,7 +947,7 @@ CVE-2024-30141 (HCL BigFix Compliance is vulnerable to the generation of error m
 CVE-2024-30140 (HCL BigFix Compliance is affected by unvalidated redirects and forward ...)
 	NOT-FOR-US: HCL
 CVE-2024-24914 (Authenticated Gaia users can inject code or commands by global variabl ...)
-	TODO: check
+	NOT-FOR-US: Checkpoint
 CVE-2024-10969 (A vulnerability was found in 1000 Projects Bookstore Management System ...)
 	NOT-FOR-US: 1000 Projects Bookstore Management System
 CVE-2024-10968 (A vulnerability was found in 1000 Projects Bookstore Management System ...)
@@ -965,7 +965,7 @@ CVE-2024-10963 (A vulnerability was found in pam_access due to the improper hand
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2324291
 	NOTE: https://github.com/linux-pam/linux-pam/issues/834
 CVE-2024-10668 (There exists an auth bypass in Google Quickshare where an attacker can ...)
-	TODO: check
+	NOT-FOR-US: Google Quickshare
 CVE-2024-10526 (Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a  ...)
 	NOT-FOR-US: Rapid7 Velociraptor MSI Installer
 CVE-2024-10203 (Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70a31c7c8438661f443704f509ee7b1342b543a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70a31c7c8438661f443704f509ee7b1342b543a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241110/93860653/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list