[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 30 20:58:32 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd5e00b5 by Salvatore Bonaccorso at 2024-10-30T21:57:47+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,91 +1,91 @@
 CVE-2024-9419 (Client / Server PCs with the HP Smart Universal Printing Driver instal ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2024-9388 (The Black Widgets For Elementor plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9110 (A medium severity vulnerability has been identified within Privileged  ...)
 	TODO: check
 CVE-2024-8512 (The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Exec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-51304 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51301 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51300 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51299 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51298 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51296 (In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands  ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51258 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-51257 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious command ...)
-	TODO: check
+	NOT-FOR-US: Draytek Vigor3900
 CVE-2024-50419 (Incorrect Authorization vulnerability in Wpsoul Greenshift \u2013 anim ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50353 (ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage ...)
 	TODO: check
 CVE-2024-50344 (I, Librarian is an open-source version of a PDF managing SaaS. Supplem ...)
 	TODO: check
 CVE-2024-48648 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sag ...)
-	TODO: check
+	NOT-FOR-US: Sage 1000
 CVE-2024-48647 (A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulne ...)
-	TODO: check
+	NOT-FOR-US: Sage 1000
 CVE-2024-48646 (An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0,  ...)
-	TODO: check
+	NOT-FOR-US: Sage 1000
 CVE-2024-48569 (Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-S ...)
-	TODO: check
+	NOT-FOR-US: Proactive Risk Manager
 CVE-2024-48272 (D-Link DSL6740C v6.TR069.20211230 was discovered to use an insecure de ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-48271 (D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure defau ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-48241 (An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to c ...)
 	TODO: check
 CVE-2024-48214 (KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: KERUI HD 3MP 1080P Tuya Camera
 CVE-2024-48202 (icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploa ...)
-	TODO: check
+	NOT-FOR-US: icecms
 CVE-2024-46531 (phpgurukul Vehicle Record Management System v1.0 was discovered to con ...)
-	TODO: check
+	NOT-FOR-US: phpgurukul Vehicle Record Management System
 CVE-2024-42041 (The com.videodownload.browser.videodownloader (aka AppTool-Browser-Vid ...)
 	TODO: check
 CVE-2024-3935 (In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitt ...)
 	TODO: check
 CVE-2024-37573 (The Talkatone com.talkatone.android application 8.4.6 for Android enab ...)
-	TODO: check
+	NOT-FOR-US: Talkatone com.talkatone.android application
 CVE-2024-36060 (EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS comma ...)
-	TODO: check
+	NOT-FOR-US: EnGenius EnStation5-AC A8J-ENS500AC
 CVE-2024-33700 (The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input va ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router firmware
 CVE-2024-33699 (The LevelOne WBR-6012 router's web application has a vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-33626 (The LevelOne WBR-6012 router contains a vulnerability within its web a ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-33623 (A denial of service vulnerability exists in the Web Application functi ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-33603 (The LevelOne WBR-6012 router has an information disclosure vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-32946 (A vulnerability in the LevelOne WBR-6012 router's firmware version R0. ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-31975 (EnGenius ESR580 devices through 1.1.30 allow a remote attacker to cond ...)
-	TODO: check
+	NOT-FOR-US: EnGenius ESR580 devices
 CVE-2024-31973 (Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote att ...)
-	TODO: check
+	NOT-FOR-US: Hitron CODA-4582 2AHKM-CODA4589
 CVE-2024-31972 (EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct ...)
-	TODO: check
+	NOT-FOR-US: EnGenius ESR580 A8J-EMR5000 devices
 CVE-2024-31152 (The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to im ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-31151 (A security flaw involving hard-coded credentials in LevelOne WBR-6012' ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-28875 (A security flaw involving hard-coded credentials in LevelOne WBR-6012' ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-28052 (The WBR-6012 is a wireless SOHO router. It is a low-cost device which  ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-24777 (A cross-site request forgery (CSRF) vulnerability exists in the Web Ap ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-23309 (The LevelOne WBR-6012 router with firmware R0.40e6 has an authenticati ...)
-	TODO: check
+	NOT-FOR-US: LevelOne WBR-6012 router
 CVE-2024-10546 (A vulnerability classified as critical was found in open-scratch Teach ...)
 	TODO: check
 CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a maliciou ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5e00b5774efd03cca276731bfd5eb100a2a5ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd5e00b5774efd03cca276731bfd5eb100a2a5ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241030/8942f4c2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list