[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 18 15:32:39 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c6a7feea by Moritz Mühlenhoff at 2024-10-18T16:32:22+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2024-9361 (The Bulk images optimizer: Resize, optimize, convert to webp, ren
 CVE-2024-9350 (The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflecte ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9264 (The SQL Expressions experimental feature of Grafana allows for the eva ...)
-	TODO: check
+	- grafana <removed>
 CVE-2024-9206 (The MAS Companies For WP Job Manager plugin for WordPress is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8916 (The Suki Sites Import plugin for WordPress is vulnerable to Stored Cro ...)
@@ -31,13 +31,13 @@ CVE-2024-8790 (The Social Share With Floating Bar plugin for WordPress is vulner
 CVE-2024-8740 (The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7316 (Improper Validation of Specified Quantity in Input vulnerability in Mi ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2024-49023 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-48924 (### Impact  When this library is used to deserialize messagepack data  ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2024-47793 (Stored cross-site scripting vulnerability exists in Exment v6.1.4 and  ...)
-	TODO: check
+	NOT-FOR-US: Exment
 CVE-2024-46897 (Incorrect permission assignment for critical resource issue exists in  ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-43596 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
@@ -57,17 +57,17 @@ CVE-2024-43566 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil
 CVE-2024-38820 (The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...)
 	TODO: check
 CVE-2024-33453 (Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacke ...)
-	TODO: check
+	NOT-FOR-US: esp-idf
 CVE-2024-30875 (Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1 ...)
 	TODO: check
 CVE-2024-27766 (An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute a ...)
 	TODO: check
 CVE-2024-10119 (The wireless router WRTM326 from SECOM does not properly validate a sp ...)
-	TODO: check
+	NOT-FOR-US: SECOM
 CVE-2024-10118 (SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the ...)
-	TODO: check
+	NOT-FOR-US: SECOM
 CVE-2024-10093 (A vulnerability, which was classified as critical, was found in VSO Co ...)
-	TODO: check
+	NOT-FOR-US: VSO
 CVE-2024-10080 (The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10079 (The WP Easy Post Types plugin for WordPress is vulnerable to PHP Objec ...)
@@ -311,19 +311,19 @@ CVE-2024-10100 (A path traversal vulnerability exists in binary-husky/gpt_academ
 CVE-2024-10099 (A stored cross-site scripting (XSS) vulnerability exists in comfyanony ...)
 	NOT-FOR-US: comfyanonymous/comfyui
 CVE-2024-10073 (A vulnerability, which was classified as critical, was found in flairN ...)
-	TODO: check
+	NOT-FOR-US: FlairNLP
 CVE-2024-10072 (A vulnerability, which was classified as critical, has been found in E ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET
 CVE-2024-10071 (A vulnerability classified as critical was found in ESAFENET CDG 5. Th ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET
 CVE-2024-10070 (A vulnerability classified as critical has been found in ESAFENET CDG  ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET
 CVE-2024-10069 (A vulnerability was found in ESAFENET CDG 5. It has been rated as crit ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET
 CVE-2024-10068 (A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. I ...)
-	TODO: check
+	NOT-FOR-US: OpenSight
 CVE-2024-10025 (A vulnerability in the .sdd file allows an attacker to read default pa ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2023-6729 (Nokia SR OS routers allow read-write access to the entire file system  ...)
 	NOT-FOR-US: Nokia
 CVE-2023-6728 (Nokia SR OS bof.cfg file encryption is vulnerable to a brute force att ...)
@@ -331,7 +331,7 @@ CVE-2023-6728 (Nokia SR OS bof.cfg file encryption is vulnerable to a brute forc
 CVE-2018-25104 (A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop ...)
 	NOT-FOR-US: PrestaShop plugin
 CVE-2005-10003 (A vulnerability classified as critical has been found in mikexstudios  ...)
-	TODO: check
+	NOT-FOR-US: xcomic
 CVE-2024-9951 (The WP Photo Album Plus plugin for WordPress is vulnerable to Reflecte ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9940 (The Calculated Fields Form plugin for WordPress is vulnerable to HTML  ...)
@@ -395,11 +395,11 @@ CVE-2024-45766 (Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contai
 CVE-2024-44762 (A discrepancy in error messages for invalid login attempts in Webmin U ...)
 	- webmin <removed>
 CVE-2024-3187 (This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Dou ...)
-	TODO: check
+	NOT-FOR-US: Goahead
 CVE-2024-3186 (CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() funct ...)
-	TODO: check
+	NOT-FOR-US: Goahead
 CVE-2024-3184 (Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found i ...)
-	TODO: check
+	NOT-FOR-US: Goahead
 CVE-2024-9893 (The Nextend Social Login Pro plugin for WordPress is vulnerable to aut ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9858 (There exists an insecure default user permission in Google Cloud Migra ...)
@@ -524,7 +524,7 @@ CVE-2024-29155 (On Microchip RN4870 devices, when more than one consecutive Pair
 CVE-2024-22033 (The OBS service obs-service-download_url was vulnerable to a command i ...)
 	TODO: check
 CVE-2024-22032 (A vulnerability has been identified in which an RKE1 cluster keeps  co ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2024-22030 (A vulnerability has been identified within Rancher that can be exploit ...)
 	NOT-FOR-US: Rancher
 CVE-2024-20512 (A vulnerability in the web-based management interface of Cisco Unified ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6a7feea655504a281c523c3f3d3fdb73df7304b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6a7feea655504a281c523c3f3d3fdb73df7304b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241018/042fc1b1/attachment.htm>

More information about the debian-security-tracker-commits mailing list