[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Nov 22 15:17:16 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f207610c by Moritz Muehlenhoff at 2024-11-22T16:16:57+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2024-7016 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2024-53432 (While parsing certain malformed PLY files, PCL version 1.14.1 crashes  ...)
 	TODO: check
 CVE-2024-53429 (Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, wh ...)
-	TODO: check
+	- open62541 <itp> (bug #985909)
 CVE-2024-53426 (A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 ...)
 	- ntopng <unfixed> (unimportant)
 	NOTE: Crash in CLI tool, no security impact
@@ -31,11 +31,11 @@ CVE-2024-53334 (TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer O
 CVE-2024-53333 (TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command i ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2024-52803 (LLama Factory enables fine-tuning of large language models. A critical ...)
-	TODO: check
+	NOT-FOR-US: LLama Factory
 CVE-2024-52799 (Argo Workflows Chart is used to set up argo and its needed dependencie ...)
-	TODO: check
+	NOT-FOR-US: Argo Workflows Chart
 CVE-2024-52309 (SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S  ...)
-	TODO: check
+	NOT-FOR-US: SFTPGo
 CVE-2024-52307 (authentik is an open-source identity provider. Due to the usage of a n ...)
 	NOT-FOR-US: authentik
 CVE-2024-52289 (authentik is an open-source identity provider. Redirect URIs in the OA ...)
@@ -57,19 +57,19 @@ CVE-2024-51367 (An arbitrary file upload vulnerability in the component \Users\u
 CVE-2024-51366 (An arbitrary file upload vulnerability in the component \Roaming\Omega ...)
 	NOT-FOR-US: OmegaT
 CVE-2024-51365 (An arbitrary file upload vulnerability in the importSettings method of ...)
-	TODO: check
+	NOT-FOR-US: VisiCut
 CVE-2024-51364 (An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows a ...)
 	NOT-FOR-US: ModbusMechanic
 CVE-2024-51337 (Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixe ...)
 	NOT-FOR-US: GibbonEdu Gibbon
 CVE-2024-49588 (Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0  ...)
-	TODO: check
+	NOT-FOR-US: oracle-sidecar
 CVE-2024-49529 (InDesign Desktop versions 19.0, 20.0 and earlier are affected by an ou ...)
 	NOT-FOR-US: Adobe
 CVE-2024-48747 (An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arb ...)
-	TODO: check
+	NOT-FOR-US: alist-tvbox
 CVE-2024-48288 (TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command inject ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-48286 (Linksys E3000 1.0.06.002_US is vulnerable to command injection via the ...)
 	NOT-FOR-US: Linksys E3000
 CVE-2024-47142 (AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L ...)
@@ -117,7 +117,7 @@ CVE-2024-11590 (A vulnerability, which was classified as critical, has been foun
 CVE-2024-11589 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
 	NOT-FOR-US: itsourcecode Tailoring Management System
 CVE-2024-11588 (A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has  ...)
-	TODO: check
+	NOT-FOR-US: AVL-DiTEST-DiagDev
 CVE-2024-11587 (A vulnerability was found in idcCMS 1.60. It has been classified as pr ...)
 	NOT-FOR-US: idcCMS
 CVE-2024-11456 (The Run Contests, Raffles, and Giveaways with ContestsWP plugin for Wo ...)
@@ -357,13 +357,13 @@ CVE-2024-45511 (An issue was discovered in Zimbra Collaboration (ZCS) through 10
 CVE-2024-45510 (An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zi ...)
 	NOT-FOR-US: Zimbra
 CVE-2024-44309 (A cookie management issue was addressed with improved state management ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44308 (The issue was addressed with improved checks. This issue is fixed in S ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44307 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44306 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-33439 (An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an au ...)
 	NOT-FOR-US: Kasda LinkSmart Router KW5515
 CVE-2024-30896 (InfluxDB through 2.7.10 allows allAccess administrators to retrieve al ...)
@@ -424,9 +424,9 @@ CVE-2024-11412 (The Shine PDF Embeder plugin for WordPress is vulnerable to Stor
 CVE-2024-11409 (The Grid View Gallery plugin for WordPress is vulnerable to PHP Object ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11406 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Django CMS
 CVE-2024-11404 (Unrestricted Upload of File with Dangerous Type, Improper Input Valida ...)
-	TODO: check
+	NOT-FOR-US: Django CMS
 CVE-2024-11400 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11388 (The Dino Game \u2013 Embed Google Chrome Dinosaur Game in WordPress pl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f207610c01b7f8940a7bbc80470abb0506c90390

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f207610c01b7f8940a7bbc80470abb0506c90390
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241122/3fba17d0/attachment.htm>

More information about the debian-security-tracker-commits mailing list