[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 8 12:52:21 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ba37325 by Moritz Muehlenhoff at 2024-10-08T13:51:44+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,27 +19,27 @@ CVE-2024-47968 (Improper resource shutdown in middle of certain operations on so
 CVE-2024-47967 (Improper resource initialization handling in firmware of some Solidigm ...)
 	NOT-FOR-US: Solidigm DC
 CVE-2024-47818 (Saltcorn is an extensible, open source, no-code database application b ...)
-	TODO: check
+	NOT-FOR-US: Saltcorn
 CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for your webs ...)
-	TODO: check
+	NOT-FOR-US: Lara-zeus Dynamic Dashboard
 CVE-2024-47814 (Vim is an open source, command line text editor. A use-after-free was  ...)
 	- vim <unfixed>
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
 	NOTE: https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 (v9.1.0764)
 CVE-2024-47782 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
-	TODO: check
+	NOT-FOR-US: WikiDiscover MediaWiki extension
 CVE-2024-47781 (CreateWiki is an extension used at Miraheze for requesting & creating  ...)
 	NOT-FOR-US: CreateWiki MediaWiki extension
 CVE-2024-47772 (Discourse is an open source platform for community discussion. An atta ...)
 	NOT-FOR-US: Discourse
 CVE-2024-47610 (InvenTree is an Open Source Inventory Management System. In affected v ...)
-	TODO: check
+	NOT-FOR-US: InvenTree
 CVE-2024-47594 (SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode use ...)
 	NOT-FOR-US: SAP
 CVE-2024-47095 (Cross Site Scripting vulnerability in Follet School Solutions Destiny  ...)
-	TODO: check
+	NOT-FOR-US: Follet School Solutions
 CVE-2024-45919 (A security flaw has been discovered in Solvait version 24.4.2 that all ...)
-	TODO: check
+	NOT-FOR-US: Solvait
 CVE-2024-45874 (A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers ...)
 	NOT-FOR-US: VegaBird
 CVE-2024-45873 (A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attack ...)
@@ -105,9 +105,9 @@ CVE-2024-34663 (Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Releas
 CVE-2024-34662 (Improper access control in ActivityManager prior to SMR Oct-2024 Relea ...)
 	NOT-FOR-US: Samsung
 CVE-2024-21533 (All versions of the package ggit are vulnerable to Arbitrary Argument  ...)
-	TODO: check
+	NOT-FOR-US: Node ggit
 CVE-2024-21532 (All versions of the package ggit are vulnerable to Command Injection v ...)
-	TODO: check
+	NOT-FOR-US: Node ggit
 CVE-2024-9576 (Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate p ...)
 	NOT-FOR-US: Distro Linux Workbooth
 CVE-2024-9574 (SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/u ...)
@@ -135,77 +135,77 @@ CVE-2024-47975 (Improper access control validation in firmware of some Solidigm
 CVE-2024-47972 (Improper resource management in firmware of some Solidigm DC Products  ...)
 	NOT-FOR-US: Solidigm DC
 CVE-2024-47971 (Improper error handling in firmware of some SSD DC Products may allow  ...)
-	TODO: check
+	NOT-FOR-US: Solidigmt
 CVE-2024-47559 (Authenticated RCE via Path Traversal)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2024-47558 (Authenticated RCE via Path Traversal)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2024-47557 (Pre-Auth RCE via Path Traversal)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2024-47556 (Pre-Auth RCE via Path Traversal)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2024-47555 (Missing Authentication - User & System Configuration)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2024-47079 (Meshtastic is an open source, off-grid, decentralized, mesh network bu ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic
 CVE-2024-46446 (Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can  ...)
-	TODO: check
+	NOT-FOR-US: Mecha CMS
 CVE-2024-46325 (TP-Link WR740N V6 has a stack overflow vulnerability via the ssid para ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-46300 (itsourcecode Placement Management System 1.0 is vulnerable to Cross Si ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Placement Management System
 CVE-2024-46278 (Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the managem ...)
-	TODO: check
+	NOT-FOR-US: Teedy
 CVE-2024-46076 (RuoYi v4.7.9 and before has a security flaw that allows escaping from  ...)
-	TODO: check
+	NOT-FOR-US: RuoYi
 CVE-2024-46041 (IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authenticatio ...)
-	TODO: check
+	NOT-FOR-US: IoT Haat Smart Plug
 CVE-2024-46040 (IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insuf ...)
-	TODO: check
+	NOT-FOR-US: IoT Haat Smart Plug
 CVE-2024-45933 (OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which  ...)
-	TODO: check
+	NOT-FOR-US: OnlineNewsSite
 CVE-2024-45932 (Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the  ...)
-	TODO: check
+	NOT-FOR-US: Krayin CRM
 CVE-2024-45894 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name par ...)
-	TODO: check
+	NOT-FOR-US: BlueCMS
 CVE-2024-45293 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
-	TODO: check
+	NOT-FOR-US: PHPSpreadsheet
 CVE-2024-45292 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
-	TODO: check
+	NOT-FOR-US: PHPSpreadsheet
 CVE-2024-45153 (Adobe Experience Manager versions 6.5.20 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-44674 (D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the fu ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-44068 (An issue was discovered in the m2m scaler driver in Samsung Mobile Pro ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-43047 (Memory corruption while maintaining memory maps of HLOS memory.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-42831 (A reflected cross-site scripting (XSS) vulnerability in Elaine's Realt ...)
-	TODO: check
+	NOT-FOR-US: Elaine's Realtime CRM Automation
 CVE-2024-42027 (The E2EE password entropy generated by Rocket.Chat Mobile prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat Mobile
 CVE-2024-38425 (Information disclosure while sending implicit broadcast containing APP ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38399 (Memory corruption while processing user packets to generate page fault ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-38397 (Transient DOS while parsing probe response and assoc response frame.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33073 (Information disclosure while parsing the BSS parameter change count or ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33071 (Transient DOS while parsing the MBSSID IE from the beacons when IE len ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33070 (Transient DOS while parsing ESP IE from beacon/probe response frame.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33069 (Transient DOS when transmission of management frame sent by host is no ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33066 (Memory corruption while redirecting log file to any file location with ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33065 (Memory corruption while taking snapshot when an offset variable is set ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33064 (Information disclosure while parsing the multiple MBSSID IEs from the  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-33049 (Transient DOS while parsing noninheritance IE of Extension element whe ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-31449 (Redis is an open source, in-memory database that persists on disk. An  ...)
 	- redis <unfixed>
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
@@ -220,31 +220,31 @@ CVE-2024-31227 (Redis is an open source, in-memory database that persists on dis
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh
 	NOTE: https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a (7.2.6)
 CVE-2024-28710 (Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 a ...)
-	TODO: check
+	- limesurvey <itp> (bug #472802)
 CVE-2024-28709 (Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611  ...)
-	TODO: check
+	- limesurvey <itp> (bug #472802)
 CVE-2024-27458 (A potential security vulnerability has been identified in the HP Hotke ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2024-23379 (Memory corruption while unmapping the fastrpc map when two threads can ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23378 (Memory corruption while invoking IOCTL calls for MSM module from the u ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23376 (Memory corruption while sending the persist buffer command packet from ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23375 (Memory corruption during the network scan request.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23374 (Memory corruption is possible when an attempt is made from userspace o ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23370 (Memory corruption when a process invokes IOCTL calls from user-space t ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-23369 (Memory corruption when invalid length is provided from HLOS for FRS/UD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2024-21455 (Memory corruption when a compat IOCTL call is followed by another IOCT ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-6362 (A vulnerability has been discovered in Winhex affecting version 16.1 S ...)
-	TODO: check
+	NOT-FOR-US: Winhex
 CVE-2023-6361 (A vulnerability has been discovered in Winhex affecting version 16.1 S ...)
-	TODO: check
+	NOT-FOR-US: Winhex
 CVE-2024-9565 (A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and cla ...)
 	NOT-FOR-US: D-Link
 CVE-2024-9564 (A vulnerability, which was classified as critical, was found in D-Link ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ba37325385d1f0a87c0439cc025a6df753c23e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ba37325385d1f0a87c0439cc025a6df753c23e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241008/ec9b24a3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list