[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Nov 26 08:46:38 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
805f893a by Moritz Muehlenhoff at 2024-11-26T09:46:27+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,15 +17,15 @@ CVE-2024-53597 (masterstack_imgcap v0.0.1 was discovered to contain a SQL inject
 CVE-2024-53556 (An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to red ...)
 	NOT-FOR-US: Taiga
 CVE-2024-53554 (A Client-Side Template Injection (CSTI) vulnerability in the component ...)
-	TODO: check
+	NOT-FOR-US: Taiga
 CVE-2024-53278 (Cross-site scripting vulnerability exists in WP Admin UI Customize ver ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-52899 (IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an au ...)
 	NOT-FOR-US: IBM
 CVE-2024-50672 (A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool ...)
-	TODO: check
+	NOT-FOR-US: Adapt Learning Adapt Authoring Tool
 CVE-2024-50671 (Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.1 ...)
-	TODO: check
+	NOT-FOR-US: Adapt Learning Adapt Authoring Tool
 CVE-2024-49597 (Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Imp ...)
 	NOT-FOR-US: Dell
 CVE-2024-49596 (Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missi ...)
@@ -37,35 +37,35 @@ CVE-2024-49353 (IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
 CVE-2024-49351 (IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in  ...)
 	NOT-FOR-US: IBM
 CVE-2024-47257 (Florent Thi\xe9ry has found that selected Axis devices were vulnerable ...)
-	TODO: check
+	NOT-FOR-US: AXIS
 CVE-2024-36254 (Out-of-bounds read vulnerability exists in Sharp Corporation and Toshi ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-36251 (The web interface of the affected devices process some crafted HTTP re ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-36249 (Cross-site scripting vulnerability exists in Sharp Corporation and Tos ...)
 	NOT-FOR-US: Sharp
 CVE-2024-36248 (API keys for some cloud services are hardcoded in the "main" binary. A ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-35244 (There are several hidden accounts. Some of them are intended for maint ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-34162 (The web interface of the affected devices is designed to hide the LDAP ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-33616 (Admin authentication can be bypassed with some specific invalid creden ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-33610 ("sessionlist.html" and "sys_trayentryreboot.html" are accessible with  ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-33605 (Improper processing of some parameters of installed_emanual_list.html  ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-32151 (User passwords are decrypted and stored on memory before any user logg ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-29978 (User passwords are decrypted and stored on memory before any user logg ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-29146 (User passwords are decrypted and stored on memory before any user logg ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-28955 (Affected devices create coredump files when crashed, storing them with ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-28038 (The web interface of the affected devices processes a cookie value imp ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2024-11678 (A vulnerability was found in CodeAstro Hospital Management System 1.0. ...)
 	NOT-FOR-US: CodeAstro Hospital Management System
 CVE-2024-11677 (A vulnerability was found in CodeAstro Hospital Management System 1.0. ...)
@@ -125,7 +125,7 @@ CVE-2024-53096 (In the Linux kernel, the following vulnerability has been resolv
 	[bookworm] - linux 6.1.119-1
 	NOTE: https://git.kernel.org/linus/5de195060b2e251a835f622759550e6202167641 (6.12-rc7)
 CVE-2024-8272 (The com.uaudio.bsd.helperservice, responsible for handling privileged  ...)
-	TODO: check
+	NOT-FOR-US: Universal Audio UAConnect
 CVE-2024-7915 (The application Sensei Mac Cleaner contains a local privilege escalati ...)
 	NOT-FOR-US: Sensei Mac Cleaner
 CVE-2024-7056 (The WPForms  WordPress plugin before 1.9.1.6 does not sanitise and esc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/805f893ae428c66ed912bfadb2e416aa89355603

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/805f893ae428c66ed912bfadb2e416aa89355603
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241126/32cf4178/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list