[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 10 21:44:19 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
451b1395 by Salvatore Bonaccorso at 2024-09-10T22:44:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...)
- TODO: check
+ NOT-FOR-US: Mercury MNVR816
CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leading to ...)
TODO: check
CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...)
@@ -7,21 +7,21 @@ CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19559
CVE-2024-8543 (The Slider comparison image before and after plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8504 (An attacker with authenticated access to VICIdial as an "agent" can ex ...)
- TODO: check
+ NOT-FOR-US: VICIdial
CVE-2024-8503 (An unauthenticated attacker can leverage a time-based SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: VICIdial
CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in Electron ...)
TODO: check
CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could allow an ...)
- TODO: check
+ NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2024-7770 (The Bit File Manager \u2013 100% Free & Open Source File Manager and C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7699 (An low privileged remote attacker can execute OS commands with root pr ...)
TODO: check
CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens of highe ...)
@@ -29,11 +29,11 @@ CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens of
CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows an loca ...)
TODO: check
CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a symlink in a ...)
TODO: check
CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting D-Tal ...)
TODO: check
CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug in Ni ...)
@@ -41,7 +41,7 @@ CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug
CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, integrates audi ...)
TODO: check
CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes the hi ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...)
TODO: check
CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
@@ -53,29 +53,29 @@ CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight. Client
CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...)
TODO: check
CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR Manager ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-45044 (Bareos is open source software for backup, archiving, and recovery of ...)
TODO: check
CVE-2024-45032 (A vulnerability has been identified in Industrial Edge Management Pro ...)
- TODO: check
+ NOT-FOR-US: Industrial Edge Management
CVE-2024-44893 (An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport ...)
- TODO: check
+ NOT-FOR-US: JimuReport
CVE-2024-44872 (A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 ...)
- TODO: check
+ NOT-FOR-US: moziloCMS
CVE-2024-44871 (An arbitrary file upload vulnerability in the component /admin/index.p ...)
- TODO: check
+ NOT-FOR-US: moziloCMS
CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read vulnerabil ...)
- TODO: check
+ NOT-FOR-US: phpok
CVE-2024-44815 (An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physica ...)
- TODO: check
+ NOT-FOR-US: Hathway Skyworth Router CM5100
CVE-2024-44677 (eladmin v2.7 and before is vulnerable to Server-Side Request Forgery ( ...)
TODO: check
CVE-2024-44676 (eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) wh ...)
TODO: check
CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628 ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router
CVE-2024-44087 (A vulnerability has been identified in Automation License Manager V5 ( ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted user i ...)
TODO: check
CVE-2024-43799 (Send is a library for streaming files from the file system as a http r ...)
@@ -83,51 +83,51 @@ CVE-2024-43799 (Send is a library for streaming files from the file system as a
CVE-2024-43796 (Express.js minimalist web framework for node. In express < 4.20.0, pas ...)
TODO: check
CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-43647 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...)
TODO: check
CVE-2024-43495 (Windows libarchive Remote Code Execution Vulnerability)
TODO: check
CVE-2024-43492 (Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43491 (Microsoft is aware of a vulnerability in Servicing Stack that has roll ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43487 (Windows Mark of the Web Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43482 (Microsoft Outlook for iOS Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43479 (Microsoft Power Automate Desktop Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43476 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43475 (Microsoft Windows Admin Center Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43474 (Microsoft SQL Server Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43470 (Azure Network Watcher VM Agent Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43469 (Azure CycleCloud Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43467 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43466 (Microsoft SharePoint Server Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43465 (Microsoft Excel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43464 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43463 (Microsoft Office Visio Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43461 (Windows MSHTML Platform Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43458 (Windows Networking Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43457 (Windows Setup and Deployment Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43455 (Windows Remote Desktop Licensing Service Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43454 (Windows Remote Desktop Licensing Service Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-43393 (A low privileged remote attacker can perform configuration changes of ...)
TODO: check
CVE-2024-43392 (A low privileged remote attacker can perform configuration changes of ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/451b1395170ff46cb9f9753fac406664914d7449
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/451b1395170ff46cb9f9753fac406664914d7449
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240910/39f793db/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list