[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 22 20:43:32 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
987f8afd by Salvatore Bonaccorso at 2024-11-22T21:43:10+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,115 +1,115 @@
CVE-2024-7882 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Special Minds Design and Software e-Commerce
CVE-2024-7837 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Firmanet Software ERP
CVE-2024-53438 (EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2024-53253 (Sentry is an error tracking and performance monitoring platform. Versi ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2024-52998 (Substance3D - Stager versions 3.0.2 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-52814 (Argo Helm is a collection of community maintained charts for `argoproj ...)
- TODO: check
+ NOT-FOR-US: Argo Helm
CVE-2024-52804 (Tornado is a Python web framework and asynchronous networking library. ...)
TODO: check
CVE-2024-52802 (RIOT is an operating system for internet of things (IoT) devices. In v ...)
- TODO: check
+ NOT-FOR-US: RIOT
CVE-2024-52793 (The Deno Standard Library provides APIs for Deno and the Web. Prior to ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2024-52726 (CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics f ...)
- TODO: check
+ NOT-FOR-US: CRMEB
CVE-2024-52723 (In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-51766 (A potential security vulnerability has been identified in the HPE NonS ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51074 (Incorrect access control in Instrument Cluster KIA Seltos Software v1. ...)
- TODO: check
+ NOT-FOR-US: Instrument Cluster KIA Seltos
CVE-2024-51073 (An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 ...)
- TODO: check
+ NOT-FOR-US: Instrument Cluster KIA Seltos
CVE-2024-51072 (An issue in Instrument Cluster KIA Seltos Software v1.0, Hardware v1.0 ...)
- TODO: check
+ NOT-FOR-US: Instrument Cluster KIA Seltos
CVE-2024-50965 (Cross Site Scripting vulnerability in Public Knowledge Project PKP Pla ...)
- TODO: check
+ NOT-FOR-US: Public Knowledge Project PKP Platform OJS/OMP/OPS-
CVE-2024-50657 (An issue in Owncloud android apk v.4.3.1 allows a physically proximate ...)
- TODO: check
+ NOT-FOR-US: Owncloud android apk
CVE-2024-50401 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50400 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50399 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50398 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50397 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50396 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50395 (An authorization bypass through user-controlled key vulnerability has ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-49054 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-48862 (A link following vulnerability has been reported to affect QuLog Cente ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48861 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48860 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-47863 (An issue was discovered in Centreon Web through 24.10. A stored XSS wa ...)
TODO: check
CVE-2024-45719 (Inadequate Encryption Strength vulnerability in Apache Answer. This i ...)
- TODO: check
+ NOT-FOR-US: Apache Answer
CVE-2024-44786 (Incorrect access control in Meabilis CMS 1.0 allows attackers to acces ...)
- TODO: check
+ NOT-FOR-US: Meabilis CMS
CVE-2024-41781 (IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through ...)
NOT-FOR-US: IBM
CVE-2024-41779 (IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0. ...)
NOT-FOR-US: IBM
CVE-2024-38647 (An exposure of sensitive information vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38646 (An incorrect permission assignment for critical resource vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38645 (A server-side request forgery (SSRF) vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38644 (An OS command injection vulnerability has been reported to affect Note ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38643 (A missing authentication for critical function vulnerability has been ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37783 (A reflected cross-site scripting (XSS) vulnerability in Gladinet Centr ...)
- TODO: check
+ NOT-FOR-US: Gladinet CentreStack
CVE-2024-37782 (An LDAP injection vulnerability in the login page of Gladinet CentreSt ...)
- TODO: check
+ NOT-FOR-US: Gladinet CentreStack
CVE-2024-37050 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37049 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37048 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37047 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37046 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37045 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37044 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37043 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37042 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-37041 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32770 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32769 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32768 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32767 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-11618 (A vulnerability classified as critical was found in IPC Unigy Manageme ...)
- TODO: check
+ NOT-FOR-US: IPC Unigy Management System
CVE-2024-10863 (: Insufficient Logging vulnerability in OpenText Secure Content Manage ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-10220 (The Kubernetes kubelet component allows arbitrary command execution vi ...)
TODO: check
CVE-2024-9542 (The Sky Addons for Elementor plugin for WordPress is vulnerable to Sen ...)
@@ -146441,9 +146441,9 @@ CVE-2023-24469 (Potential Cross-Site Scripting in ArcSight Logger versions prior
CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...)
NOT-FOR-US: NetIQ
CVE-2023-24467 (Possible Command Injection in iManager GET parameter has been disco ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2023-24466 (Possible XML External Entity Injection in iManager GET parameter ha ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2023-24020 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerab ...)
@@ -220328,7 +220328,7 @@ CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted in
CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
NOT-FOR-US: NetIQ Access Manager
CVE-2022-26324 (Possible XSS in iManager URL for access Component has been discovered ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2022-26323
RESERVED
CVE-2022-26322 (Possible Insertion of Sensitive Information into Log File Vulnerabilit ...)
@@ -260446,9 +260446,9 @@ CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a
CVE-2021-3688 (A flaw was found in Red Hat JBoss Core Services HTTP Server in all ver ...)
NOT-FOR-US: Red Hat JBoss Core Services HTTP Server
CVE-2021-38135 (Possible External Service Interaction attack in iManager has been di ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38134 (Possible XSS in iManager URL for access Component has been discovered ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38133 (Possible External Service Interaction attack in eDirectory has been ...)
NOT-FOR-US: NetIQ
CVE-2021-38132 (Possible External Service Interaction attack in eDirectory has been ...)
@@ -260478,13 +260478,13 @@ CVE-2021-38121 (Insufficient or weak TLS protocol version identified in Advance
CVE-2021-38120 (A vulnerability identified in Advance Authentication that allows bash ...)
NOT-FOR-US: NetIQ
CVE-2021-38119 (Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManag ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38118 (Possible improper input validation Vulnerability in iManager has been ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38117 (Possible Command injection Vulnerability in iManager has been discove ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38116 (Possible Elevation of Privilege Vulnerability in iManager has been di ...)
- TODO: check
+ NOT-FOR-US: NetIQ
CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...)
{DLA-3781-1}
- libgd2 2.3.3-1 (bug #991912)
@@ -280669,7 +280669,7 @@ CVE-2021-30301 (Possible denial of service due to out of memory while processing
CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...)
NOT-FOR-US: Qualcomm
CVE-2021-30299 (Possible out of bound access in audio module due to lack of validation ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...)
@@ -523384,7 +523384,7 @@ CVE-2017-9713
CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9711 (Certain unprivileged processes are able to perform IOCTL calls.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/987f8afdf93b9271ec5e0a6aeeca3780ceeaa315
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/987f8afdf93b9271ec5e0a6aeeca3780ceeaa315
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241122/8d66e0ec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list