[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Oct 25 14:41:06 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b468066b by Moritz Muehlenhoff at 2024-10-25T15:32:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2024-49760 (OpenRefine is a free, open source tool for working with messy da
 	NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qfwq-6jh6-8xx4
 	NOTE: https://github.com/OpenRefine/OpenRefine/commit/24d084052dc55426fe460f2a17524fd18d28b20c
 CVE-2024-49750 (The Snowflake Connector for Python provides an interface for developin ...)
-	TODO: check
+	NOT-FOR-US: Snowflake Connector for Python
 CVE-2024-49359 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
 	NOT-FOR-US: ZimaOS
 CVE-2024-49358 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
@@ -41,7 +41,7 @@ CVE-2024-48931 (ZimaOS is a fork of CasaOS, an operating system for Zima devices
 CVE-2024-48870 (Sharp and Toshiba Tec MFPs improperly validate input data in URI data  ...)
 	NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-48208 (pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an  ...)
-	TODO: check
+	TODO: seems bogus
 CVE-2024-47883 (The OpenRefine fork of the MIT Simile Butterfly server is a modular we ...)
 	- openrefine-butterfly <unfixed>
 	NOTE: https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8
@@ -73,7 +73,7 @@ CVE-2024-47549 (Sharp and Toshiba Tec MFPs improperly process query parameters i
 CVE-2024-47406 (Sharp and Toshiba Tec MFPs improperly process HTTP authentication requ ...)
 	NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-47158 (N-LINE 2.0.6 and prior versions contain a code injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: N-LINE
 CVE-2024-47005 (Sharp and Toshiba Tec MFPs provide configuration related APIs. They ar ...)
 	NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-45842 (Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT req ...)
@@ -81,7 +81,7 @@ CVE-2024-45842 (Sharp and Toshiba Tec MFPs improperly process URI data in HTTP P
 CVE-2024-45829 (Sharp and Toshiba Tec MFPs provide the web page to download data, wher ...)
 	NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-45785 (MUSASI version 3 contains an issue with use of client-side authenticat ...)
-	TODO: check
+	NOT-FOR-US: MUSASI
 CVE-2024-45263 (An issue was discovered on certain GL-iNet devices, including MT6000,  ...)
 	NOT-FOR-US: GL-iNet
 CVE-2024-45262 (An issue was discovered on certain GL-iNet devices, including MT6000,  ...)
@@ -99,7 +99,7 @@ CVE-2024-41618 (Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerab
 CVE-2024-41617 (Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to  ...)
 	NOT-FOR-US: web-money-manager-ex
 CVE-2024-10372 (A vulnerability classified as problematic was found in chidiwilliams b ...)
-	TODO: check
+	NOT-FOR-US: chidiwilliams buzz
 CVE-2024-10371 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester
 CVE-2024-10370 (A vulnerability was found in Codezips Sales Management System 1.0. It  ...)
@@ -183,7 +183,7 @@ CVE-2024-49682 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
 CVE-2024-49681 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-48548 (The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can ca ...)
-	TODO: check
+	NOT-FOR-US: Cloud Smart Lock
 CVE-2024-48547 (Incorrect access control in the firmware update and download processes ...)
 	NOT-FOR-US: DreamCatcher Life
 CVE-2024-48546 (Incorrect access control in the firmware update and download processes ...)
@@ -203,7 +203,7 @@ CVE-2024-48539 (Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption
 CVE-2024-48538 (Incorrect access control in the firmware update and download processes ...)
 	NOT-FOR-US: Neye3C
 CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An at ...)
-	TODO: check
+	NOT-FOR-US: php-heic-to-jpg
 CVE-2024-48454 (An issue in SourceCodester Purchase Order Management System v1.0 allow ...)
 	NOT-FOR-US: SourceCodester Purchase Order Management System
 CVE-2024-48442 (Incorrect access control in Shenzhen Tuoshi Network Communications Co. ...)
@@ -245,17 +245,17 @@ CVE-2024-45259 (An issue was discovered on certain GL-iNet devices, including MT
 CVE-2024-45242 (EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 all ...)
 	NOT-FOR-US: EnGenius ENH1350EXT A8J-ENH1350EXT devices
 CVE-2024-45031 (When editing objects in the Syncope Console, incomplete HTML tags coul ...)
-	TODO: check
+	NOT-FOR-US: Apache Syncope
 CVE-2024-44206 (An issue in the handling of URL protocols was addressed with improved  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44205 (A privacy issue was addressed with improved private data redaction for ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44185 (The issue was addressed with improved checks. This issue is fixed in t ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44141 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-40810 (An out-of-bounds write issue was addressed with improved input validat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-38314 (IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 c ...)
 	NOT-FOR-US: IBM
 CVE-2024-10338 (A vulnerability classified as critical was found in SourceCodeHero Clo ...)
@@ -267,7 +267,7 @@ CVE-2024-10336 (A vulnerability was found in SourceCodeHero Clothes Recommendati
 CVE-2024-10335 (A vulnerability was found in SourceCodester Garbage Collection Managem ...)
 	NOT-FOR-US: SourceCodester Garbage Collection Management System
 CVE-2024-10332 (A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 f ...)
-	TODO: check
+	NOT-FOR-US: Janto
 CVE-2024-10331 (A vulnerability, which was classified as critical, has been found in P ...)
 	NOT-FOR-US: PHPGurukul Vehicle Record System
 CVE-2024-10313 (iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b468066bf87b4ab25e82b67781a0b7de18fe111f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b468066bf87b4ab25e82b67781a0b7de18fe111f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241025/65d6e101/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list