[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 15 15:06:19 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0be297da by Salvatore Bonaccorso at 2024-10-15T10:28:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,152 +23,152 @@ CVE-2024-9944 (The WooCommerce plugin for WordPress is vulnerable to HTML Inject
 CVE-2024-9837 (The The AADMY \u2013 Add Auto Date Month Year Into Posts plugin for Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9820 (The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Fac ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9687 (The WP 2FA with Telegram plugin for WordPress is vulnerable to Authent ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9548 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9546 (The WPIDE \u2013 File Manager & Code Editor plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6757 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6207 (CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/s ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-48911 (OpenCanary, a multi-protocol network honeypot, directly executed comma ...)
-	TODO: check
+	NOT-FOR-US: OpenCanary
 CVE-2024-48909 (SpiceDB is an open source database for scalably storing and querying f ...)
-	TODO: check
+	NOT-FOR-US: SpiceDB
 CVE-2024-48824 (An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081 ...)
-	TODO: check
+	NOT-FOR-US: Automatic Systems Maintenance SlimLane
 CVE-2024-48823 (Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d ...)
-	TODO: check
+	NOT-FOR-US: Automatic Systems Maintenance SlimLane
 CVE-2024-48822 (Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d ...)
-	TODO: check
+	NOT-FOR-US: Automatic Systems Maintenance SlimLane
 CVE-2024-48821 (Cross Site Scripting vulnerability in Automatic Systems Maintenance Sl ...)
-	TODO: check
+	NOT-FOR-US: Automatic Systems Maintenance SlimLane
 CVE-2024-46898 (SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, ...)
-	TODO: check
+	NOT-FOR-US: SHIRASAGI
 CVE-2024-35520 (Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_inv ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-35519 (Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-35518 (Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_f ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-30117 (A dynamic search for a prerequisite library could allow the possibilit ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-21535 (Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to ...)
 	TODO: check
 CVE-2024-0129 (NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a u ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2024-9936 (When manipulating the selection node cache, an attacker may have been  ...)
 	- firefox 131.0.3-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936
 CVE-2024-9823 (There exists a security vulnerability in Jetty's DosFilter which can b ...)
 	TODO: check
 CVE-2024-9139 (The affected product permits OS command injection through improperly r ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2024-9137 (The affected product lacks an authentication check when sending comman ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2024-8602 (When the XML is read from the codes in the PDF and parsed using a Docu ...)
-	TODO: check
+	NOT-FOR-US: DocumentBuilder
 CVE-2024-8184 (There exists a security vulnerability in Jetty's ThreadLimitHandler.ge ...)
 	TODO: check
 CVE-2024-7847 (VULNERABILITY DETAILS  Rockwell Automation used the latest versions of ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-6763 (Eclipse Jetty is a lightweight, highly scalable, Java-based web server ...)
 	TODO: check
 CVE-2024-6762 (Jetty PushSessionCacheFilter can be exploited by unauthenticated users ...)
 	TODO: check
 CVE-2024-48799 (An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows ...)
-	TODO: check
+	NOT-FOR-US: LOREX
 CVE-2024-48798 (An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 a ...)
-	TODO: check
+	NOT-FOR-US: Hubble Connected
 CVE-2024-48797 (An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2 ...)
-	TODO: check
+	NOT-FOR-US: PCS Engineering Preston Cinema
 CVE-2024-48796 (An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obt ...)
-	TODO: check
+	NOT-FOR-US: EQUES
 CVE-2024-48795 (An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 ...)
-	TODO: check
+	NOT-FOR-US: Creative Labs Pte Ltd com.creative.apps.xficonnect
 CVE-2024-48793 (An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: INATRONIC
 CVE-2024-48792 (An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obta ...)
-	TODO: check
+	NOT-FOR-US: Hideez
 CVE-2024-48791 (An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allo ...)
-	TODO: check
+	NOT-FOR-US: Plug n Play Camera com.starvedia.mCamView.zwave
 CVE-2024-48790 (An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker ...)
-	TODO: check
+	NOT-FOR-US: ILIFE com.ilife.home.global
 CVE-2024-48789 (An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a rem ...)
-	TODO: check
+	NOT-FOR-US: INATRONIC com.inatronic.drivedeck.home
 CVE-2024-48261
 	REJECTED
 CVE-2024-48259 (Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station ...)
-	TODO: check
+	NOT-FOR-US: Cloudlog
 CVE-2024-48257 (Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL in ...)
-	TODO: check
+	NOT-FOR-US: Wavelog
 CVE-2024-48255 (Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL inject ...)
-	TODO: check
+	NOT-FOR-US: Cloudlog
 CVE-2024-48253 (Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.)
-	TODO: check
+	NOT-FOR-US: Cloudlog
 CVE-2024-48251 (Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQ ...)
-	TODO: check
+	NOT-FOR-US: Wavelog
 CVE-2024-48249 (Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injectio ...)
-	TODO: check
+	NOT-FOR-US: Wavelog
 CVE-2024-48168 (A stack overflow vulnerability exists in the sub_402280 function of th ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-48153 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
-	TODO: check
+	NOT-FOR-US: DrayTek
 CVE-2024-48150 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_ ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-48120 (X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the ...)
-	TODO: check
+	NOT-FOR-US: X2CRM
 CVE-2024-48119 (Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module par ...)
-	TODO: check
+	NOT-FOR-US: Vtiger CRM
 CVE-2024-47885 (The Astro web framework has a DOM Clobbering gadget in the client-side ...)
-	TODO: check
+	NOT-FOR-US: Astro web framework
 CVE-2024-47831 (Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x,  ...)
 	TODO: check
 CVE-2024-47826 (eLabFTW is an open source electronic lab notebook for research labs. A ...)
-	TODO: check
+	NOT-FOR-US: eLabFTW
 CVE-2024-47767 (Tuleap is a tool for end to end traceability of application and system ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2024-47766 (Tuleap is a tool for end to end traceability of application and system ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2024-46988 (Tuleap is a tool for end to end traceability of application and system ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2024-46980 (Tuleap is a tool for end to end traceability of application and system ...)
-	TODO: check
+	NOT-FOR-US: Tuleap
 CVE-2024-46911 (Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Apache Roller
 CVE-2024-46535 (Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Jepaas
 CVE-2024-46528 (An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere ...)
 	TODO: check
 CVE-2024-45741 (In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud P ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45740 (In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud P ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45739 (In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the softw ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45738 (In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the softw ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45737 (In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45736 (In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45735 (In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45734 (In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privilege ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45733 (In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45732 (In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9. ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-45731 (In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1. ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2024-43701 (Software installed and run as a non-privileged user may conduct GPU sy ...)
 	TODO: check
 CVE-2024-41997 (An issue was discovered in version of Warp Terminal prior to 2024.07.1 ...)
-	TODO: check
+	NOT-FOR-US: Warp Terminal
 CVE-2024-40616
 	REJECTED
 CVE-2023-50780 (Apache ActiveMQ Artemis allows access to diagnostic information and co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0be297da74d8f158bc2f8bbde653e6b349d9a47d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0be297da74d8f158bc2f8bbde653e6b349d9a47d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241015/bbf5db54/attachment.htm>


More information about the debian-security-tracker-commits mailing list