[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 24 21:36:31 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2d17d50 by Salvatore Bonaccorso at 2024-10-24T22:36:09+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,65 +35,65 @@ CVE-2024-49681 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2024-48548 (The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can ca ...)
 	TODO: check
 CVE-2024-48547 (Incorrect access control in the firmware update and download processes ...)
-	TODO: check
+	NOT-FOR-US: DreamCatcher Life
 CVE-2024-48546 (Incorrect access control in the firmware update and download processes ...)
-	TODO: check
+	NOT-FOR-US: Wear Sync
 CVE-2024-48545 (Incorrect access control in the firmware update and download processes ...)
-	TODO: check
+	NOT-FOR-US: IVY Smart
 CVE-2024-48544 (Incorrect access control in the firmware update and download processes ...)
-	TODO: check
+	NOT-FOR-US: Sylvania Smart Home
 CVE-2024-48542 (Incorrect access control in the firmware update and download processes ...)
-	TODO: check
+	NOT-FOR-US: Yamaha Headphones Controller
 CVE-2024-48541 (Incorrect access control in the firmware update and download processes ...)
-	TODO: check
+	NOT-FOR-US: Ruochan Smart
 CVE-2024-48540 (Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to ac ...)
-	TODO: check
+	NOT-FOR-US: XIAO HE Smart
 CVE-2024-48539 (Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key i ...)
-	TODO: check
+	NOT-FOR-US: Neye3C
 CVE-2024-48538 (Incorrect access control in the firmware update and download processes ...)
-	TODO: check
+	NOT-FOR-US: Neye3C
 CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An at ...)
 	TODO: check
 CVE-2024-48454 (An issue in SourceCodester Purchase Order Management System v1.0 allow ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Purchase Order Management System
 CVE-2024-48442 (Incorrect access control in Shenzhen Tuoshi Network Communications Co. ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Tuoshi Network Communications 5G CPE Router NR500-EA
 CVE-2024-48441 (Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPE ...)
-	TODO: check
+	NOT-FOR-US: Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router
 CVE-2024-48440 (Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA  ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router
 CVE-2024-48427 (A SQL injection vulnerability in Sourcecodester Packers and Movers Man ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Packers and Movers Management System
 CVE-2024-48145 (A prompt injection vulnerability in the chatbox of Netangular Technolo ...)
-	TODO: check
+	NOT-FOR-US: Netangular Technologies ChatNet AI
 CVE-2024-48144 (A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI ...)
-	TODO: check
+	NOT-FOR-US: Fusion Chat Chat AI Assistant Ask Me Anything
 CVE-2024-48143 (A lack of rate limiting in the OTP validation component of Digitory Mu ...)
-	TODO: check
+	NOT-FOR-US: Digitory Multi Channel Integrated POS
 CVE-2024-48142 (A prompt injection vulnerability in the chatbox of Butterfly Effect Li ...)
-	TODO: check
+	NOT-FOR-US: Butterfly Effect Limited Monica ChatGPT AI Assistant
 CVE-2024-48141 (A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v ...)
-	TODO: check
+	NOT-FOR-US: Zhipu AI CodeGeeX
 CVE-2024-48140 (A prompt injection vulnerability in the chatbox of Butterfly Effect Li ...)
-	TODO: check
+	NOT-FOR-US: Butterfly Effect Limited Monica ChatGPT AI Assistant
 CVE-2024-48139 (A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 ...)
-	TODO: check
+	NOT-FOR-US: Blackbox
 CVE-2024-47173 (Aimeos is an e-commerce framework. All SaaS and marketplace setups usi ...)
-	TODO: check
+	NOT-FOR-US: Aimeos
 CVE-2024-46998 (baserCMS is a website development framework. Versions prior to 5.1.2 h ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2024-46996 (baserCMS is a website development framework. Versions prior to 5.1.2 h ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2024-46995 (baserCMS is a website development framework. Versions prior to 5.1.2 h ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2024-46994 (baserCMS is a website development framework. Versions prior to 5.1.2 h ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2024-46478 (HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pd ...)
 	TODO: check
 CVE-2024-45259 (An issue was discovered on certain GL-iNet devices, including MT6000,  ...)
-	TODO: check
+	NOT-FOR-US: GL-iNet devices
 CVE-2024-45242 (EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 all ...)
-	TODO: check
+	NOT-FOR-US: EnGenius ENH1350EXT A8J-ENH1350EXT devices
 CVE-2024-45031 (When editing objects in the Syncope Console, incomplete HTML tags coul ...)
 	TODO: check
 CVE-2024-44206 (An issue in the handling of URL protocols was addressed with improved  ...)
@@ -109,25 +109,25 @@ CVE-2024-40810 (An out-of-bounds write issue was addressed with improved input v
 CVE-2024-38314 (IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 c ...)
 	NOT-FOR-US: IBM
 CVE-2024-10338 (A vulnerability classified as critical was found in SourceCodeHero Clo ...)
-	TODO: check
+	NOT-FOR-US: SourceCodeHero Clothes Recommendation System
 CVE-2024-10337 (A vulnerability classified as critical has been found in SourceCodeHer ...)
-	TODO: check
+	NOT-FOR-US: SourceCodeHero Clothes Recommendation System
 CVE-2024-10336 (A vulnerability was found in SourceCodeHero Clothes Recommendation Sys ...)
-	TODO: check
+	NOT-FOR-US: SourceCodeHero Clothes Recommendation System
 CVE-2024-10335 (A vulnerability was found in SourceCodester Garbage Collection Managem ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Garbage Collection Management System
 CVE-2024-10332 (A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 f ...)
 	TODO: check
 CVE-2024-10331 (A vulnerability, which was classified as critical, has been found in P ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Vehicle Record System
 CVE-2024-10313 (iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversa ...)
-	TODO: check
+	NOT-FOR-US: iniNet Solutions SpiderControl SCADA PC HMI Editor
 CVE-2024-10180 (The Contact Form 7 \u2013 Repeatable Fields plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10176 (The Compact WP Audio Player plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10050 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10295 (A flaw was found in Gateway. Sending a non-base64 'basic' auth with sp ...)
 	NOT-FOR-US: 3scale API Gateway
 CVE-2024-9943 (The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketpla ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2d17d50bddce40d846807dc81505124e8c93fdb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2d17d50bddce40d846807dc81505124e8c93fdb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241024/01e8e3c7/attachment.htm>

More information about the debian-security-tracker-commits mailing list