[Git][security-tracker-team/security-tracker][master] Proces some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 12 10:13:06 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c1ecd43 by Salvatore Bonaccorso at 2024-11-12T11:12:42+01:00
Proces some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -82,51 +82,51 @@ CVE-2024-50990 (A Reflected Cross Site Scriptng (XSS) vulnerability was found in
 CVE-2024-50989 (A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul  ...)
 	NOT-FOR-US: PHPGurukul Online Marriage Registration System
 CVE-2024-50667 (The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vuln ...)
-	TODO: check
+	NOT-FOR-US: Trendnet
 CVE-2024-50636 (PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, whi ...)
 	TODO: check
 CVE-2024-50601 (Persistent and reflected XSS vulnerabilities in the themeMode cookie a ...)
-	TODO: check
+	NOT-FOR-US: Axigen Mail Server
 CVE-2024-49560 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-49558 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-49557 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-48838 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-48837 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-48322 (UsersController.php in Run.codes 1.5.2 and older has a reset password  ...)
 	TODO: check
 CVE-2024-47799 (Exposure of sensitive system information to an unauthorized control sp ...)
 	TODO: check
 CVE-2024-47595 (An attacker who gains local membership to sapsys group could replace l ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47593 (SAP NetWeaver Application Server ABAP allows an unauthenticated attack ...)
 	NOT-FOR-US: SAP
 CVE-2024-47592 (SAP NetWeaver AS Java allows an unauthenticated attacker to brute forc ...)
 	NOT-FOR-US: SAP
 CVE-2024-47590 (An unauthenticated attacker can create a malicious link which they can ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47588 (In SAP NetWeaver Java (Software Update Manager 1.1), under certain con ...)
 	NOT-FOR-US: SAP
 CVE-2024-47587 (Cash Operations does not perform necessary authorization check for an  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47586 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an  ...)
 	NOT-FOR-US: SAP
 CVE-2024-47131 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-46966 (The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) appl ...)
-	TODO: check
+	NOT-FOR-US: Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application
 CVE-2024-46965 (The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser ...)
-	TODO: check
+	NOT-FOR-US: DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application
 CVE-2024-46964 (The com.video.downloader.all (aka All Video Downloader) application th ...)
-	TODO: check
+	NOT-FOR-US: com.video.downloader.all (aka All Video Downloader) application
 CVE-2024-46963 (The com.superfast.video.downloader (aka Super Unlimited Video Download ...)
-	TODO: check
+	NOT-FOR-US: com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application
 CVE-2024-46962 (The SYQ com.downloader.video.fast (aka Master Video Downloader) applic ...)
-	TODO: check
+	NOT-FOR-US: SYQ com.downloader.video.fast (aka Master Video Downloader) application
 CVE-2024-45827 (Improper neutralization of special elements used in an OS command ('OS ...)
 	TODO: check
 CVE-2024-45088 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site ...)
@@ -154,15 +154,15 @@ CVE-2024-43427 (A flaw was found in moodle. When creating an export of site admi
 CVE-2024-42372 (Due to missing authorization check in SAP NetWeaver AS Java (System La ...)
 	NOT-FOR-US: SAP
 CVE-2024-39605 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-39354 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2024-36061 (EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command inje ...)
-	TODO: check
+	NOT-FOR-US: EnGenius EWS356-FIT devices
 CVE-2024-34015 (Sensitive information disclosure during file browsing due to improper  ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2024-34014 (Arbitrary file overwrite during recovery due to improper symbolic link ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2024-29075 (Active debug code vulnerability exists in Mesh Wi-Fi router RP562B fir ...)
 	TODO: check
 CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection vulnerabi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c1ecd433439f6c3d50b1e936cfe5949fc7f1798

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c1ecd433439f6c3d50b1e936cfe5949fc7f1798
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241112/b5a44dcb/attachment.htm>

More information about the debian-security-tracker-commits mailing list