[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Nov 19 08:14:46 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee1aef74 by Moritz Muehlenhoff at 2024-11-19T09:14:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -388,11 +388,11 @@ CVE-2024-41967 (A low privileged remote attackermay modify the boot mode configu
 CVE-2024-3370 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Egebilgi Software Website Template
 CVE-2024-37155 (OpenCTI is an open source platform allowing organizations to manage th ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2024-28058 (In RSA NetWitness (NW) Platform before 12.5.1, even when an administra ...)
 	NOT-FOR-US: RSA NetWitness (NW) Platform
 CVE-2024-11319 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: django-cms
 CVE-2024-11318 (An IDOR (Insecure Direct Object Reference) vulnerability has been disc ...)
 	NOT-FOR-US: AbsysNet
 CVE-2024-11304 (Missing input validation in the SEH Computertechnik utnserver Pro, SEH ...)
@@ -400,7 +400,7 @@ CVE-2024-11304 (Missing input validation in the SEH Computertechnik utnserver Pr
 CVE-2024-11303 (The pathname of the root directory to a Restricted Directory ('Path Tr ...)
 	NOT-FOR-US: Korenix JetPort
 CVE-2024-11023 (Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store ...)
-	TODO: check
+	NOT-FOR-US: Firebase JavaScript SDK
 CVE-2024-10390 (The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to un ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0012 (An authentication bypass in Palo Alto Networks PAN-OS software enables ...)
@@ -1807,7 +1807,7 @@ CVE-2024-28728 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE Wit
 CVE-2024-28726 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G ...)
 	NOT-FOR-US: D-Link
 CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to Arbitrary C ...)
-	TODO: check
+	NOT-FOR-US: Node dom-iterator
 CVE-2024-21540
 	REJECTED
 CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions improperly valida ...)
@@ -1989,7 +1989,7 @@ CVE-2024-50557 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G)
 CVE-2024-50386 (Account users in Apache CloudStack by default are allowed to register  ...)
 	NOT-FOR-US: Apache CloudStack
 CVE-2024-50336 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
-	TODO: check
+	NOT-FOR-US: matrix-js-sdk
 CVE-2024-50331 (An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 a ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-50330 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
@@ -2324,7 +2324,7 @@ CVE-2024-43449 (Windows USB Video Class System Driver Elevation of Privilege Vul
 CVE-2024-43447 (Windows SMBv3 Server Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-43415 (An improper neutralization of special elements used in an SQL command  ...)
-	TODO: check
+	NOT-FOR-US: decidim-module-decidim_awesome
 CVE-2024-42442 (APTIOV contains a vulnerability in the BIOS where a user or attacker m ...)
 	NOT-FOR-US: APTIOV
 CVE-2024-40592 (An improper verification of cryptographic signature vulnerability [CWE ...)
@@ -2350,7 +2350,7 @@ CVE-2024-36140 (A vulnerability has been identified in OZW672 (All versions < V5
 CVE-2024-35274 (An improper limitation of a pathname to a restricted directory ('Path  ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-33660 (An exploit is possible where an actor with physical access can manipul ...)
-	TODO: check
+	NOT-FOR-US: AMI
 CVE-2024-33658 (APTIOV contains a vulnerability in BIOS where an attacker may cause an ...)
 	NOT-FOR-US: APTIOV
 CVE-2024-33510 (Animproper neutralization of special elements in output used by a down ...)
@@ -2440,9 +2440,9 @@ CVE-2024-10923 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-10245 (The Relais 2FA plugin for WordPress is vulnerable to authentication by ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10218 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),monito ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2024-10217 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),monito ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2023-52268 (The End-User Portal module before 1.0.65 for FreeScout sometimes allow ...)
 	NOT-FOR-US: FreeScout module
 CVE-2023-50176 (A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and ...)
@@ -2549,7 +2549,7 @@ CVE-2024-51187 (TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.
 CVE-2024-51186 (D-Link DIR-820L 1.05b03 was discovered to contain a remote code execut ...)
 	NOT-FOR-US: D-Link
 CVE-2024-51135 (An XML External Entity (XXE) vulnerability in the component DocumentBu ...)
-	TODO: check
+	NOT-FOR-US: powertac
 CVE-2024-51054 (A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/sea ...)
 	NOT-FOR-US: PHPGurukul Online Marriage Registration System
 CVE-2024-51026 (The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting ...)
@@ -2645,7 +2645,7 @@ CVE-2024-34014 (Arbitrary file overwrite during recovery due to improper symboli
 CVE-2024-29075 (Active debug code vulnerability exists in Mesh Wi-Fi router RP562B fir ...)
 	NOT-FOR-US: Mesh Wi-Fi router RP562B firmware
 CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Sublime Text
 CVE-2024-25254 (SuperScan v4.1 was discovered to contain a buffer overflow via the Hos ...)
 	NOT-FOR-US: SuperScan
 CVE-2024-25253 (Driver Booster v10.6 was discovered to contain a buffer overflow via t ...)
@@ -2681,7 +2681,7 @@ CVE-2024-11068 (The D-Link DSL6740C modem has an Incorrect Use of Privileged API
 CVE-2024-11067 (The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing ...)
 	NOT-FOR-US: D-Link
 CVE-2024-10917 (In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLe ...)
-	TODO: check
+	NOT-FOR-US: Eclipse OpenJ9
 CVE-2024-10790 (The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerab ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10695 (The Futurio Extra plugin for WordPress is vulnerable to Information Ex ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee1aef7439989101a45b2e8b66b8c9a4069f4a23

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee1aef7439989101a45b2e8b66b8c9a4069f4a23
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241119/31eae85a/attachment.htm>

More information about the debian-security-tracker-commits mailing list