[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 15 20:56:52 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
127c60da by Salvatore Bonaccorso at 2024-11-15T21:56:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42,15 +42,15 @@ CVE-2024-52513 (Nextcloud Server is a self hosted personal cloud system. After r
 CVE-2024-52512 (user_oidc app is an OpenID Connect user backend for Nextcloud. A malic ...)
 	TODO: check
 CVE-2024-52511 (Nextcloud Tables allows users to to create tables with individual colu ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Tables
 CVE-2024-52510 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
 	TODO: check
 CVE-2024-52509 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivi ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Mail
 CVE-2024-52508 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivi ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Mail
 CVE-2024-52507 (Nextcloud Tables allows users to to create tables with individual colu ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Tables
 CVE-2024-51497 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
 	NOT-FOR-US: LibreNMS
 CVE-2024-51496 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
@@ -68,7 +68,7 @@ CVE-2024-51142 (Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allo
 CVE-2024-51141 (An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local  ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2024-51037 (An issue in kodbox v.1.52.04 and before allows a remote attacker to ob ...)
-	TODO: check
+	NOT-FOR-US: kodbox
 CVE-2024-50986 (An issue in Clementine v.1.3.1 allows a local attacker to execute arbi ...)
 	TODO: check
 CVE-2024-50800 (Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.02024 ...)
@@ -110,29 +110,29 @@ CVE-2024-49758 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitor
 CVE-2024-49754 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring sy ...)
 	NOT-FOR-US: LibreNMS
 CVE-2024-49536 (Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-48068 (A cross-site scripting (XSS) vulnerability in Shenzhen Landray Softwar ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Landray
 CVE-2024-47759 (GLPI is a free Asset and IT management software package. An technician ...)
 	TODO: check
 CVE-2024-46467 (By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 ca ...)
-	TODO: check
+	NOT-FOR-US: ZONEPOINT for Windows
 CVE-2024-46466 (By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3  ...)
-	TODO: check
+	NOT-FOR-US: ZONECENTRAL for Windows
 CVE-2024-46465 (By default, dedicated folders of CRYHOD for Windows up to 2024.3 can b ...)
-	TODO: check
+	NOT-FOR-US: CRYHOD for Windows
 CVE-2024-46463 (By default, dedicated folders of ORIZON for Windows up to 2024.3 can b ...)
-	TODO: check
+	NOT-FOR-US: ORIZON for Windows
 CVE-2024-46462 (By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can  ...)
-	TODO: check
+	NOT-FOR-US: ZEDMAIL for Windows
 CVE-2024-46383 (Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store s ...)
-	TODO: check
+	NOT-FOR-US: Hathway Skyworth Router CM5100-511
 CVE-2024-45971 (Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC618 ...)
-	TODO: check
+	NOT-FOR-US: MZ Automation LibIEC61850
 CVE-2024-45970 (Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC618 ...)
-	TODO: check
+	NOT-FOR-US: MZ Automation LibIEC61850
 CVE-2024-45969 (NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 ...)
-	TODO: check
+	NOT-FOR-US: MZ Automation
 CVE-2024-45784 (Apache Airflow versions before 2.10.3 contain a vulnerability that cou ...)
 	TODO: check
 CVE-2024-45609 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
@@ -140,9 +140,9 @@ CVE-2024-45609 (GLPI is a Free Asset and IT Management Software package, Data ce
 CVE-2024-45608 (GLPI is a free asset and IT management software package. An authentica ...)
 	TODO: check
 CVE-2024-44759 (An arbitrary file download vulnerability in the component /Doc/Downloa ...)
-	TODO: check
+	NOT-FOR-US: NUS-M9 ERP Management Software
 CVE-2024-44625 (Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePos ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2024-43418 (GLPI is a free asset and IT management software package. An unauthenti ...)
 	TODO: check
 CVE-2024-43417 (GLPI is a free asset and IT management software package. An unauthenti ...)
@@ -294,7 +294,7 @@ CVE-2024-49777 (A heap-based buffer overflow in tsMuxer version nightly-2024-03-
 CVE-2024-49776 (A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 a ...)
 	TODO: check
 CVE-2024-48974 (The ventilator does not perform proper file integrity checks when adop ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2024-48973 (The debug port on the ventilator's serial interface is enabled by defa ...)
 	NOT-FOR-US: Life2000 Ventilation System
 CVE-2024-48971 (The Clinician Password and Serial Number Clinician Password are hard-c ...)
@@ -314,11 +314,11 @@ CVE-2024-41209 (A heap-based buffer overflow in tsMuxer version nightly-2024-03-
 CVE-2024-41206 (A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-0 ...)
 	TODO: check
 CVE-2024-40579 (Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMC ...)
-	TODO: check
+	NOT-FOR-US: Virtuozzo Hybrid Server for WHMCS Open Source
 CVE-2024-39707 (Insyde IHISI function 0x49 can restore factory defaults for certain UE ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2024-39610 (Cross-site scripting vulnerability exists in FitNesse releases prior t ...)
-	TODO: check
+	NOT-FOR-US: FitNesse
 CVE-2024-31695 (A misconfiguration in the fingerprint authentication mechanism of Bina ...)
 	TODO: check
 CVE-2024-11120 (Certain EOL GeoVision devices have an OS Command Injection vulnerabili ...)
@@ -474,9 +474,9 @@ CVE-2024-45670 (IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for
 CVE-2024-45642 (IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This v ...)
 	NOT-FOR-US: IBM
 CVE-2024-45254 (VaeMendis - CWE-79: Improper Neutralization of Input During Web Page G ...)
-	TODO: check
+	NOT-FOR-US: VaeMendis
 CVE-2024-45253 (Avigilon \u2013 CWE-22: Improper Limitation of a Pathname to a Restric ...)
-	TODO: check
+	NOT-FOR-US: Avigilon
 CVE-2024-45099 (IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This v ...)
 	NOT-FOR-US: IBM
 CVE-2024-42188 (HCL Connections is vulnerable to a broken access control vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127c60dafd0c629c27fd8d0b499ca3a667b75027

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127c60dafd0c629c27fd8d0b499ca3a667b75027
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241115/2fc2b422/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list