[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 10 21:44:19 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
451b1395 by Salvatore Bonaccorso at 2024-09-10T22:44:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...)
-	TODO: check
+	NOT-FOR-US: Mercury MNVR816
 CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leading to  ...)
 	TODO: check
 CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...)
@@ -7,21 +7,21 @@ CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19559
 CVE-2024-8543 (The Slider comparison image before and after plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8504 (An attacker with authenticated access to VICIdial as an "agent" can ex ...)
-	TODO: check
+	NOT-FOR-US: VICIdial
 CVE-2024-8503 (An unauthenticated attacker can leverage a time-based SQL injection vu ...)
-	TODO: check
+	NOT-FOR-US: VICIdial
 CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in Electron  ...)
 	TODO: check
 CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could allow an ...)
-	TODO: check
+	NOT-FOR-US: SpiderControl SCADA Web Server
 CVE-2024-7770 (The Bit File Manager \u2013 100% Free & Open Source File Manager and C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7699 (An low privileged remote attacker can execute OS commands with root pr ...)
 	TODO: check
 CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens of highe ...)
@@ -29,11 +29,11 @@ CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens of
 CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows an loca ...)
 	TODO: check
 CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a symlink in a  ...)
 	TODO: check
 CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting D-Tal ...)
 	TODO: check
 CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug in Ni ...)
@@ -41,7 +41,7 @@ CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug
 CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, integrates audi ...)
 	TODO: check
 CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes the hi ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...)
 	TODO: check
 CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
@@ -53,29 +53,29 @@ CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight. Client
 CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
 	TODO: check
 CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR Manager  ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2024-45044 (Bareos is open source software for backup, archiving, and recovery of  ...)
 	TODO: check
 CVE-2024-45032 (A vulnerability has been identified in Industrial Edge Management Pro  ...)
-	TODO: check
+	NOT-FOR-US: Industrial Edge Management
 CVE-2024-44893 (An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport ...)
-	TODO: check
+	NOT-FOR-US: JimuReport
 CVE-2024-44872 (A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 ...)
-	TODO: check
+	NOT-FOR-US: moziloCMS
 CVE-2024-44871 (An arbitrary file upload vulnerability in the component /admin/index.p ...)
-	TODO: check
+	NOT-FOR-US: moziloCMS
 CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: phpok
 CVE-2024-44815 (An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physica ...)
-	TODO: check
+	NOT-FOR-US: Hathway Skyworth Router CM5100
 CVE-2024-44677 (eladmin v2.7 and before is vulnerable to Server-Side Request Forgery ( ...)
 	TODO: check
 CVE-2024-44676 (eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) wh ...)
 	TODO: check
 CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628 ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router
 CVE-2024-44087 (A vulnerability has been identified in Automation License Manager V5 ( ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted user i ...)
 	TODO: check
 CVE-2024-43799 (Send is a library for streaming files from the file system as a http r ...)
@@ -83,51 +83,51 @@ CVE-2024-43799 (Send is a library for streaming files from the file system as a
 CVE-2024-43796 (Express.js minimalist web framework for node. In express < 4.20.0, pas ...)
 	TODO: check
 CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-43647 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...)
 	TODO: check
 CVE-2024-43495 (Windows libarchive Remote Code Execution Vulnerability)
 	TODO: check
 CVE-2024-43492 (Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43491 (Microsoft is aware of a vulnerability in Servicing Stack that has roll ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43487 (Windows Mark of the Web Security Feature Bypass Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43482 (Microsoft Outlook for iOS Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43479 (Microsoft Power Automate Desktop Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43476 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43475 (Microsoft Windows Admin Center Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43474 (Microsoft SQL Server Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43470 (Azure Network Watcher VM Agent Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43469 (Azure CycleCloud Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43467 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43466 (Microsoft SharePoint Server Denial of Service Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43465 (Microsoft Excel Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43464 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43463 (Microsoft Office Visio Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43461 (Windows MSHTML Platform Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43458 (Windows Networking Information Disclosure Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43457 (Windows Setup and Deployment Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43455 (Windows Remote Desktop Licensing Service Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43454 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-43393 (A low privileged remote attacker can perform configuration changes of  ...)
 	TODO: check
 CVE-2024-43392 (A low privileged remote attacker can perform configuration changes of  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/451b1395170ff46cb9f9753fac406664914d7449

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/451b1395170ff46cb9f9753fac406664914d7449
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240910/39f793db/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list