[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 22 12:30:57 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ded1a6e by Salvatore Bonaccorso at 2024-11-22T13:30:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,101 +51,101 @@ CVE-2024-52053 (Stored Cross-Site Scripting in the Manager component of Wowza St
 CVE-2024-52052 (Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming  ...)
 	NOT-FOR-US: Wowza
 CVE-2024-51367 (An arbitrary file upload vulnerability in the component \Users\usernam ...)
-	TODO: check
+	NOT-FOR-US: BlackBoard
 CVE-2024-51366 (An arbitrary file upload vulnerability in the component \Roaming\Omega ...)
-	TODO: check
+	NOT-FOR-US: OmegaT
 CVE-2024-51365 (An arbitrary file upload vulnerability in the importSettings method of ...)
 	TODO: check
 CVE-2024-51364 (An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: ModbusMechanic
 CVE-2024-51337 (Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixe ...)
-	TODO: check
+	NOT-FOR-US: GibbonEdu Gibbon
 CVE-2024-49588 (Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0  ...)
 	TODO: check
 CVE-2024-49529 (InDesign Desktop versions 19.0, 20.0 and earlier are affected by an ou ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-48747 (An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arb ...)
 	TODO: check
 CVE-2024-48288 (TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command inject ...)
 	TODO: check
 CVE-2024-48286 (Linksys E3000 1.0.06.002_US is vulnerable to command injection via the ...)
-	TODO: check
+	NOT-FOR-US: Linksys E3000
 CVE-2024-47142 (AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L ...)
-	TODO: check
+	NOT-FOR-US: AIPHONE
 CVE-2024-45837 (Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, ...)
-	TODO: check
+	NOT-FOR-US: AIPHONE
 CVE-2024-45517 (An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A  ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2024-45514 (An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2024-45513 (An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A  ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2024-45512 (An issue was discovered in webmail in Zimbra Collaboration (ZCS) throu ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2024-45194 (In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Web ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2024-39290 (Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM ...)
-	TODO: check
+	NOT-FOR-US: AIPHONE
 CVE-2024-38296 (Dell Edge Gateway 5200 (Coffee Lake S), versions prior to 12.0.94.2380 ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-31408 (OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG ...)
-	TODO: check
+	NOT-FOR-US: AIPHONE
 CVE-2024-29224 (An OS command injection vulnerability exists in the NAT parameter of G ...)
-	TODO: check
+	NOT-FOR-US: GoCast
 CVE-2024-28892 (An OS command injection vulnerability exists in the name parameter of  ...)
-	TODO: check
+	NOT-FOR-US: GoCast
 CVE-2024-28027 (Three OS command injection vulnerabilities exist in the web interface  ...)
-	TODO: check
+	NOT-FOR-US: MC Technologies MC LR Router
 CVE-2024-28026 (Three OS command injection vulnerabilities exist in the web interface  ...)
-	TODO: check
+	NOT-FOR-US: MC Technologies MC LR Router
 CVE-2024-28025 (Three OS command injection vulnerabilities exist in the web interface  ...)
-	TODO: check
+	NOT-FOR-US: MC Technologies MC LR Router
 CVE-2024-21855 (A lack of authentication vulnerability exists in the HTTP API function ...)
-	TODO: check
+	NOT-FOR-US: GoCast
 CVE-2024-21786 (An OS command injection vulnerability exists in the web interface conf ...)
-	TODO: check
+	NOT-FOR-US: MC Technologies MC LR Router
 CVE-2024-11601 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11592 (A vulnerability has been found in 1000 Projects Beauty Parlour Managem ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Beauty Parlour Management System
 CVE-2024-11591 (A vulnerability, which was classified as critical, was found in 1000 P ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Beauty Parlour Management System
 CVE-2024-11590 (A vulnerability, which was classified as critical, has been found in 1 ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Bookstore Management System
 CVE-2024-11589 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Tailoring Management System
 CVE-2024-11588 (A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has  ...)
 	TODO: check
 CVE-2024-11587 (A vulnerability was found in idcCMS 1.60. It has been classified as pr ...)
-	TODO: check
+	NOT-FOR-US: idcCMS
 CVE-2024-11456 (The Run Contests, Raffles, and Giveaways with ContestsWP plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11381 (The Control horas plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11371 (The Theater for WordPress plugin for WordPress is vulnerable to Reflec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11355 (The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11320 (Arbitrary commands execution on the server by exploiting a command inj ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2024-11225 (The Premium Packages \u2013 Sell Digital Products Securely plugin for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11104 (The Sky Addons for Elementor (Free Templates Library, Live Copy, Anima ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11089 (The Anonymous Restricted Content plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11088 (The Simple Membership plugin for WordPress is vulnerable to Sensitive  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10792 (The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10675 (The affiliate-toolkit plugin for WordPress is vulnerable to Reflected  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10666 (The Easy Twitter Feed \u2013 Twitter feeds plugin for WP plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10316 (The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10034 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTub ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-52067 (Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 includ ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2024-11596 (ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ded1a6eb3621bbf6e25a3d5a999066ed39a01de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ded1a6eb3621bbf6e25a3d5a999066ed39a01de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241122/5230a970/attachment.htm>

More information about the debian-security-tracker-commits mailing list