[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Sep 12 09:18:50 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa807b99 by Moritz Muehlenhoff at 2024-09-12T10:18:30+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -229,7 +229,7 @@ CVE-2024-7716 (The Logo Slider  WordPress plugin before 3.6.9 does not sanitise
 CVE-2024-7626 (The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Deli ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-45597 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...)
-	TODO: check
+	NOT-FOR-US: Pluto
 CVE-2024-44107 (DLL hijacking in the management console of Ivanti Workspace Control ve ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-44106 (Insufficient server-side controls in the management console of Ivanti  ...)
@@ -243,35 +243,35 @@ CVE-2024-44103 (DLL hijacking in the management console of Ivanti Workspace Cont
 CVE-2024-43690 (Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in t ...)
 	NOT-FOR-US: Gallagher
 CVE-2024-40662 (In scheme of Uri.java, there is a possible way to craft a malformed Ur ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40659 (In getRegistration of RemoteProvisioningService.java, there is a possi ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40658 (In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40657 (In addPreferencesForType of AccountTypePreferenceLoader.java, there is ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40656 (In handleCreateConferenceComplete of ConnectionServiceWrapper.java, th ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40655 (In bindAndGetCallIdentification of CallScreeningServiceHelper.java, th ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40654 (In multiple locations, there is a possible permission bypass due to a  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40652 (In onCreate of SettingsHomepageActivity.java, there is a possible way  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-40650 (In wifi_item_edit_content of styles.xml , there is a possible FRP bypa ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-3899 (The Gallery Plugin for WordPress  WordPress plugin before 1.8.15 does  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-39808 (Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000  ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2024-31336 (Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severi ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-24972 (Buffer Copy without Checking Size of Input (CWE-120) in the Controller ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2024-23906 (Improper Neutralization of Input During Web Page Generation (CWE-79) i ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2024-23716 (In DevmemIntPFNotify of devicemem_server.c, there is a possible use-af ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-21529 (Versions of the package dset before 3.1.4 are vulnerable to Prototype  ...)
 	NOT-FOR-US: Node dset
 CVE-2024-1656 (Affected versions of Octopus Server had a weak content security policy ...)
@@ -323,7 +323,7 @@ CVE-2024-8503 (An unauthenticated attacker can leverage a time-based SQL injecti
 CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in Electron  ...)
-	TODO: check
+	NOT-FOR-US: Logitech
 CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could allow an ...)
@@ -360,7 +360,7 @@ CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.2
 	NOTE: https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
 	NOTE: https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce (1.20.3)
 CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
-	TODO: check
+	NOT-FOR-US: Yeti
 CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a SAML au ...)
 	TODO: check
 CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight. Clients that ...)
@@ -620,67 +620,67 @@ CVE-2024-37337 (Microsoft SQL Server Native Scoring Information Disclosure Vulne
 CVE-2024-37335 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-36511 (An improperly implemented security check for standard vulnerability [C ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-35783 (A vulnerability has been identified in SIMATIC BATCH V9.1 (All version ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-35282 (A cleartext storage of sensitive information in memory vulnerability [ ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-34831 (cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allow ...)
-	TODO: check
+	NOT-FOR-US: Gibbon Core
 CVE-2024-33698 (A vulnerability has been identified in SIMATIC Information Server 2022 ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-33508 (An improper neutralization of special elements used in a command('Comm ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-32006 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-31960 (An issue was discovered in Samsung Mobile Processor Exynos 1480, Exyno ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-31490 (An exposure of sensitive information to an unauthorized actor in Forti ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-31489 (AAn improper certificate validation vulnerability [CWE-295] in FortiCl ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-30073 (Windows Security Zone Mapping Security Feature Bypass Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-27257 (IBM OpenPages 8.3 and 9.0 potentially exposes information about client ...)
 	NOT-FOR-US: IBM
 CVE-2024-26191 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-26186 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-25074 (An issue was discovered in Samsung Semiconductor Mobile Processor, Aut ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-25073 (An issue was discovered in Samsung Semiconductor Mobile Processor, Aut ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-21753 (A improper limitation of a pathname to a restricted directory ('path t ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2024-21416 (Windows TCP/IP Remote Code Execution Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2023-6841 (A denial of service vulnerability was found in keycloak where the amou ...)
 	NOT-FOR-US: Keycloak
 CVE-2023-49069 (A vulnerability has been identified in Mendix Runtime V10 (All version ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-44254 (An authorization bypass through user-controlled key[CWE-639] vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2023-37234 (Loftware Spectrum through 4.6 has unprotected JMX Registry.)
-	TODO: check
+	NOT-FOR-US: Loftware
 CVE-2023-37233 (Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.)
-	TODO: check
+	NOT-FOR-US: Loftware
 CVE-2023-37232 (Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to  ...)
-	TODO: check
+	NOT-FOR-US: Loftware
 CVE-2023-37231 (Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.)
-	TODO: check
+	NOT-FOR-US: Loftware
 CVE-2023-37230 (Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.)
-	TODO: check
+	NOT-FOR-US: Loftware
 CVE-2023-37229 (Loftware Spectrum before 5.1 allows SSRF.)
-	TODO: check
+	NOT-FOR-US: Loftware
 CVE-2023-37227 (Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.)
-	TODO: check
+	NOT-FOR-US: Loftware
 CVE-2023-37226 (Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Cri ...)
-	TODO: check
+	NOT-FOR-US: Loftware
 CVE-2023-36103 (Command Injection vulnerability in goform/SetIPTVCfg interface of Tend ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-2919 (The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8611 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
 	NOT-FOR-US: itsourcecode Tailoring Management System
 CVE-2024-8610 (A vulnerability classified as problematic has been found in SourceCode ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa807b992cd77840e6ceb09031f334260fa58e48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa807b992cd77840e6ceb09031f334260fa58e48
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240912/1a26cfc1/attachment.htm>

More information about the debian-security-tracker-commits mailing list