[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 8 11:01:43 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51bcdde4 by Moritz Muehlenhoff at 2024-10-08T12:01:30+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2024-9292 (The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9021 (In the process of testing the Relevanssi  WordPress plugin before 4.23 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8983 (Custom Twitter Feeds  WordPress plugin before 2.2.3 is not filtering s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8964 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7206 (SSL Pinning BypassineWeLink Some hardware productsallows local ATTACKE ...)
-	TODO: check
+	NOT-FOR-US: eWeLink
 CVE-2024-47974 (Race condition during resource shutdown in some Solidigm DC Products m ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2024-47973 (In some Solidigm DC Products, a defect in device overprovisioning may  ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2024-47969 (Improper resource management in firmware of some Solidigm DC Products  ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2024-47968 (Improper resource shutdown in middle of certain operations on some Sol ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2024-47967 (Improper resource initialization handling in firmware of some Solidigm ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2024-47818 (Saltcorn is an extensible, open source, no-code database application b ...)
 	TODO: check
 CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for your webs ...)
@@ -27,45 +27,45 @@ CVE-2024-47814 (Vim is an open source, command line text editor. A use-after-fre
 CVE-2024-47782 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
 	TODO: check
 CVE-2024-47781 (CreateWiki is an extension used at Miraheze for requesting & creating  ...)
-	TODO: check
+	NOT-FOR-US: CreateWiki MediaWiki extension
 CVE-2024-47772 (Discourse is an open source platform for community discussion. An atta ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-47610 (InvenTree is an Open Source Inventory Management System. In affected v ...)
 	TODO: check
 CVE-2024-47594 (SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode use ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-47095 (Cross Site Scripting vulnerability in Follet School Solutions Destiny  ...)
 	TODO: check
 CVE-2024-45919 (A security flaw has been discovered in Solvait version 24.4.2 that all ...)
 	TODO: check
 CVE-2024-45874 (A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: VegaBird
 CVE-2024-45873 (A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attack ...)
-	TODO: check
+	NOT-FOR-US: VegaBird
 CVE-2024-45382 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-45297 (Discourse is an open source platform for community discussion. Users c ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-45291 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
-	TODO: check
+	NOT-FOR-US: PHPSpreadsheet
 CVE-2024-45290 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
-	TODO: check
+	NOT-FOR-US: PHPSpreadsheet
 CVE-2024-45282 (Fields which are in 'read only' state in Bank Statement Draft in Manag ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-45278 (SAP Commerce Backoffice does not sufficiently encode user controlled i ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-45277 (The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-45060 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
-	TODO: check
+	NOT-FOR-US: PHPSpreadsheet
 CVE-2024-45051 (Discourse is an open source platform for community discussion. A malic ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-43789 (Discourse is an open source platform for community discussion. A user  ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2024-43697 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-43696 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-43365 (Cacti is an open source performance and fault management framework. Th ...)
 	TODO: check
 CVE-2024-43364 (Cacti is an open source performance and fault management framework. Th ...)
@@ -75,63 +75,63 @@ CVE-2024-43363 (Cacti is an open source performance and fault management framewo
 CVE-2024-43362 (Cacti is an open source performance and fault management framework. Th ...)
 	TODO: check
 CVE-2024-39831 (in OpenHarmony v4.1.0 allow a local attacker with high privileges arbi ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-39806 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause  ...)
-	TODO: check
+	NOT-FOR-US: OpenHarmony
 CVE-2024-37179 (SAP BusinessObjects Business Intelligence Platform allows an authentic ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-34672 (Improper input validation in SamsungVideoPlayer prior to versions 7.3. ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34671 (Use of implicit intent for sensitive communication in translation\ud63 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34670 (Use of implicit intent for sensitive communication in Sound Assistant  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34669 (Out-of-bounds write in parsing h.263+ format in librtppayload.so prior ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34668 (Out-of-bounds write in parsing h.263 format in librtppayload.so prior  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34667 (Out-of-bounds write in parsing h.265 format in librtppayload.so prior  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34666 (Out-of-bounds write in parsing h.264 format in a specific mode in libr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34665 (Out-of-bounds write in parsing h.264 format in librtppayload.so prior  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34664 (Improper check for exception conditions in Knox Guard prior to SMR Oct ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34663 (Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 al ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34662 (Improper access control in ActivityManager prior to SMR Oct-2024 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-21533 (All versions of the package ggit are vulnerable to Arbitrary Argument  ...)
 	TODO: check
 CVE-2024-21532 (All versions of the package ggit are vulnerable to Command Injection v ...)
 	TODO: check
 CVE-2024-9576 (Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate p ...)
-	TODO: check
+	NOT-FOR-US: Distro Linux Workbooth
 CVE-2024-9574 (SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/u ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2024-9573 (SQL injection vulnerability in SOPlanning <1.45, through /soplanning/w ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2024-9572 (Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to l ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2024-9571 (Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to l ...)
-	TODO: check
+	NOT-FOR-US: SOPlanning
 CVE-2024-9570 (A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-9569 (A vulnerability has been found in D-Link DIR-619L B1 2.06 and classifi ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-9568 (A vulnerability, which was classified as critical, was found in D-Link ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-9567 (A vulnerability, which was classified as critical, has been found in D ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-9566 (A vulnerability classified as critical was found in D-Link DIR-619L B1 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-47976 (Improper access removal handling in firmware of some Solidigm DC Produ ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2024-47975 (Improper access control validation in firmware of some Solidigm DC Pro ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2024-47972 (Improper resource management in firmware of some Solidigm DC Products  ...)
-	TODO: check
+	NOT-FOR-US: Solidigm DC
 CVE-2024-47971 (Improper error handling in firmware of some SSD DC Products may allow  ...)
 	TODO: check
 CVE-2024-47559 (Authenticated RCE via Path Traversal)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51bcdde4c44e16f5d2ac236c52f99fcdb12f7fb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51bcdde4c44e16f5d2ac236c52f99fcdb12f7fb6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241008/09a54c02/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list