[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 5 21:37:16 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b23e645a by Salvatore Bonaccorso at 2024-09-05T22:37:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,75 +1,75 @@
CVE-2024-8473 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8472 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8471 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8470 (SQL injection vulnerability, by which an attacker could send a special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8469 (SQL injection vulnerability, by which an attacker could send a special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8468 (SQL injection vulnerability, by which an attacker could send a special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8467 (SQL injection vulnerability, by which an attacker could send a special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8466 (SQL injection vulnerability, by which an attacker could send a special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8465 (SQL injection vulnerability, by which an attacker could send a special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8464 (SQL injection vulnerability, by which an attacker could send a special ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8463 (File upload restriction bypass vulnerability in PHPGurukul Job Portal ...)
- TODO: check
+ NOT-FOR-US: Job Portal
CVE-2024-8462 (A vulnerability was found in Windmill 1.380.0. It has been classified ...)
- TODO: check
+ NOT-FOR-US: Windmill
CVE-2024-8461 (A vulnerability, which was classified as problematic, was found in D-L ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-8460 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-8445 (The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all ...)
TODO: check
CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL queries, whi ...)
- TODO: check
+ NOT-FOR-US: FlyCASS CASS and KCM systems
CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7884 (When a canister method is called via ic_cdk::call* , a new Future Call ...)
TODO: check
CVE-2024-7605 (The HelloAsso plugin for WordPress is vulnerable to unauthorized modif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7591 (Improper Input Validation vulnerability in Progress LoadMaster allows ...)
- TODO: check
+ NOT-FOR-US: LoadMaster
CVE-2024-7381 (The Geo Controller plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7380 (The Geo Controller plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6929 (The Dynamic Featured Image plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6894 (The RD Station plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6332 (The Booking for Appointments and Events Calendar \u2013 Amelia Premium ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5957 (This vulnerability allows unauthenticated remote attackers to bypass a ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-5956 (This vulnerability allows unauthenticated remote attackers to bypass a ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-5309 (The Form Vibes \u2013 Database Manager for Forms plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45589 (RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 imprope ...)
- TODO: check
+ NOT-FOR-US: RapidIdentity
CVE-2024-45401 (stripe-cli is a command-line tool for the payment processor Stripe. A ...)
TODO: check
CVE-2024-45392 (SuiteCRM is an open-source customer relationship management (CRM) syst ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-45178 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45176 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45175 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45173 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45171 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)
- TODO: check
+ NOT-FOR-US: za-internet C-MOR Video Surveillance
CVE-2024-45159 (An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, wh ...)
TODO: check
CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer o ...)
@@ -77,7 +77,7 @@ CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack bu
CVE-2024-45157 (An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1 ...)
TODO: check
CVE-2024-45107 (Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-45098 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass int ...)
NOT-FOR-US: IBM
CVE-2024-45097 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass int ...)
@@ -85,17 +85,17 @@ CVE-2024-45097 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypa
CVE-2024-45096 (IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access t ...)
NOT-FOR-US: IBM
CVE-2024-44728 (Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: Sourcecodehero Event Management System
CVE-2024-44727 (Sourcecodehero Event Management System1.0 is vulnerable to SQL Injecti ...)
- TODO: check
+ NOT-FOR-US: Sourcecodehero Event Management System
CVE-2024-44587 (itsourcecode Alton Management System 1.0 is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Alton Management System
CVE-2024-42885 (SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an a ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG
CVE-2024-42491 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...)
TODO: check
CVE-2024-24759 (MindsDB is a platform for building artificial intelligence from enterp ...)
- TODO: check
+ NOT-FOR-US: MindsDB
CVE-2023-51712 (An issue was discovered in Trusted Firmware-M through 2.0.0. The lack ...)
TODO: check
CVE-2024-8178 (The ctl_write_buffer and ctl_read_buffer functions allocated memory to ...)
@@ -553,65 +553,65 @@ CVE-2024-41433 (PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow
CVE-2024-39921 (Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02N ...)
TODO: check
CVE-2024-34661 (Improper handling of insufficient permissions in Samsung Assistant pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34660 (Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34659 (Exposure of sensitive information in GroupSharing prior to version 13. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34658 (Out-of-bounds read in Samsung Notes allows local attackers to bypass A ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34657 (Stack-based out-of-bounds write in Samsung Notes prior to version 4.4. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34656 (Path traversal in Samsung Notes prior to version 4.4.21.62 allows loca ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34655 (Incorrect use of privileged API in UniversalCredentialManager prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34654 (Improper Export of android application component in My Files prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34653 (Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows phys ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34652 (Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 al ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34651 (Improper authorization in My Files prior to SMR Sep-2024 Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34650 (Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34649 (Improper access control in new Dex Mode in multitasking framework prio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34648 (Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34647 (Incorrect use of privileged API in DualDarManagerProxy prior to SMR Se ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34646 (Improper access control in DualDarManagerProxy prior to SMR Sep-2024 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34645 (Improper input validation in ThemeCenter prior to SMR Sep-2024 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34644 (Improper access control in item selection related in Dressroom prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34643 (Improper access control in key input related function in Dressroom pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34642 (Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34641 (Improper Export of Android Application Components in FeliCaTest prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34640 (Improper access control vulnerability in BGProtectManager prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34639 (Improper handling of exceptional conditions in Setupwizard prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34638 (Improper handling of exceptional conditions in ThemeCenter prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34637 (Improper access control in WindowManagerService prior to SMR Sep-2024 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-20503 (A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authen ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20497 (A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20469 (A vulnerability in specific CLI commands in Cisco Identity Services En ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20440 (A vulnerability in Cisco Smart Licensing Utility could allow an unauth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility could allow an unauth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-44082
- ironic <unfixed>
- ironic-python-agent <unfixed>
@@ -135472,7 +135472,7 @@ CVE-2022-4531
CVE-2022-4530
REJECTED
CVE-2022-4529 (The Security, Antivirus, Firewall \u2013 S.A.F plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4528
REJECTED
CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It has been ...)
@@ -151695,7 +151695,7 @@ CVE-2022-3558 (The Import and export users and customers WordPress plugin before
CVE-2022-3557
RESERVED
CVE-2022-3556 (The Cab fare calculator plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3555
REJECTED
CVE-2022-3554
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23e645aab3ee6727f927f90528f7489a841544f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23e645aab3ee6727f927f90528f7489a841544f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240905/bdd03835/attachment.htm>
More information about the debian-security-tracker-commits
mailing list