[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 6 21:51:55 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e08a5e5b by Salvatore Bonaccorso at 2024-09-06T22:51:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22,15 +22,15 @@ CVE-2024-7599 (The Advanced Sermons plugin for WordPress is vulnerable to Stored
CVE-2024-7493 (The WPCOM Member plugin for WordPress is vulnerable to privilege escal ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6445 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: DataFlowX Technology DataDiodeX
CVE-2024-45758 (H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JD ...)
TODO: check
CVE-2024-45405 (`gix-path` is a crate of the `gitoxide` project (an implementation of ...)
TODO: check
CVE-2024-45300 (alf.io is an open source ticket reservation system for conferences, tr ...)
- TODO: check
+ NOT-FOR-US: Alf.io
CVE-2024-45299 (alf.io is an open source ticket reservation system for conferences, tr ...)
- TODO: check
+ NOT-FOR-US: Alf.io
CVE-2024-45295
REJECTED
CVE-2024-45294 (The HL7 FHIR Core Artifacts repository provides the java core object h ...)
@@ -40,69 +40,69 @@ CVE-2024-45040 (gnark is a fast zk-SNARK library that offers a high-level API to
CVE-2024-45039 (gnark is a fast zk-SNARK library that offers a high-level API to desig ...)
TODO: check
CVE-2024-44837 (A cross-site scripting (XSS) vulnerability in the component \bean\Mana ...)
- TODO: check
+ NOT-FOR-US: Drug
CVE-2024-44739 (Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Forum Website
CVE-2024-44408 (D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44402 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_ ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44401 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub4 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-38642 (An improper certificate validation vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38641 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38640 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32771 (An improper restriction of excessive authentication attempts vulnerabi ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32763 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32762 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27126 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27125 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27122 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-25584 (Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requi ...)
- TODO: check
+ NOT-FOR-US: OX Dovecot Pro core
CVE-2024-21906 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21904 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21903 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21898 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21897 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-1744 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Ariva Computer Accord ORS
CVE-2023-51368 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-51367 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-51366 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50366 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50360 (A SQL injection vulnerability has been reported to affect Video Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47563 (An OS command injection vulnerability has been reported to affect Vide ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-45038 (An improper authentication vulnerability has been reported to affect M ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39300 (An OS command injection vulnerability has been reported to affect lega ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-39298 (A missing authorization vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-34979 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-34974 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-45498
- airflow <itp> (bug #819700)
CVE-2024-45034
@@ -173,11 +173,11 @@ CVE-2024-45400 (ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript
CVE-2024-42495 (Credentials to access device configuration were transmitted using an u ...)
NOT-FOR-US: Hughes Network Systems
CVE-2024-40865 (The issue was addressed by suspending Persona when the virtual keyboar ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-39585 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 ...)
NOT-FOR-US: Dell
CVE-2024-39278 (Credentials to access device configuration information stored unencryp ...)
- TODO: check
+ NOT-FOR-US: Hughes Network Systems
CVE-2024-38486 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 ...)
NOT-FOR-US: Dell
CVE-2024-8473 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...)
@@ -738,11 +738,11 @@ CVE-2024-41927 (Cleartext transmission of sensitive information vulnerability ex
CVE-2024-41716 (Cleartext storage of sensitive information vulnerability exists in Win ...)
TODO: check
CVE-2024-41434 (PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via th ...)
- TODO: check
+ NOT-FOR-US: PingCAP TiDB
CVE-2024-41433 (PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via th ...)
TODO: check
CVE-2024-39921 (Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02N ...)
- TODO: check
+ NOT-FOR-US: Fujitsu
CVE-2024-34661 (Improper handling of insufficient permissions in Samsung Assistant pri ...)
NOT-FOR-US: Samsung
CVE-2024-34660 (Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.2 ...)
@@ -195450,7 +195450,7 @@ CVE-2022-27594
CVE-2022-27593 (An externally controlled reference to a resource vulnerability has bee ...)
NOT-FOR-US: QNAP
CVE-2022-27592 (An unquoted search path or element vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-27591
RESERVED
CVE-2022-27590
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e08a5e5bf1152ab7bdeaac2cefdf859ba96976c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e08a5e5bf1152ab7bdeaac2cefdf859ba96976c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240906/983d348d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list