[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 27 10:49:54 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c5f37ae by Moritz Muehlenhoff at 2024-09-27T11:49:39+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24,13 +24,13 @@ CVE-2024-7400 (The vulnerability potentially allowed an attacker to misuse ESET\
 CVE-2024-7011 (Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL ...)
 	NOT-FOR-US: Sharp NEC
 CVE-2024-6769 (A DLL Hijacking caused by drive remapping combined with a poisoning of ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-4099 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	TODO: check
 CVE-2024-46628 (Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remo ...)
 	NOT-FOR-US: Tenda
 CVE-2024-45986 (A stored Cross-Site Scripting (XSS) vulnerability was identified in Pr ...)
-	TODO: check
+	NOT-FOR-US: Projectworld Online Voting System
 CVE-2024-40508 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
 	NOT-FOR-US: openPetra
 CVE-2024-40507 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
@@ -38,15 +38,15 @@ CVE-2024-40507 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows
 CVE-2024-40506 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
 	NOT-FOR-US: openPetra
 CVE-2024-39435 (In Logmanager service, there is a possible missing verification incorr ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39434 (In drm service, there is a possible out of bounds read due to a missin ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39433 (In drm service, there is a possible out of bounds write due to a missi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39432 (In UMTS RLC driver, there is a possible out of bounds read due to a mi ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-39431 (In UMTS RLC driver, there is a possible out of bounds write due to a m ...)
-	TODO: check
+	NOT-FOR-US: Unisoc
 CVE-2024-9203 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: Enpass Password Manager
 CVE-2024-9199 (Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an ...)
@@ -58,7 +58,7 @@ CVE-2024-9177 (The Themedy Toolbox plugin for WordPress is vulnerable to Stored
 CVE-2024-9173 (The GF Custom Style plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9166 (The device enables an unauthorized attacker to execute system commands ...)
-	TODO: check
+	NOT-FOR-US: Atelmo Atemio AM 520 HD Full HD Satellite Receiver
 CVE-2024-9155 (Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 f ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-9127 (The Super Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
@@ -98,9 +98,9 @@ CVE-2024-47337 (Missing Authorization vulnerability in Stuart Wilson Joy Of Text
 CVE-2024-47197 (Exposure of Sensitive Information to an Unauthorized Actor, Insecure S ...)
 	NOT-FOR-US: Maven Archetype Plugin
 CVE-2024-47180 (Shields.io is a service for concise, consistent, and legible badges in ...)
-	TODO: check
+	NOT-FOR-US: Shields.io
 CVE-2024-47179 (RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-te ...)
-	TODO: check
+	NOT-FOR-US: RSSHub
 CVE-2024-47174 (Nix is a package manager for Linux and other Unix systems. Starting in ...)
 	TODO: check
 CVE-2024-47171 (Agnai is an artificial-intelligence-agnostic multi-user, mult-bot role ...)
@@ -161,7 +161,7 @@ CVE-2024-45984 (A Cross Site Scripting (XSS) vulnerability in add_donor.php of B
 CVE-2024-45983 (A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725 ...)
 	NOT-FOR-US: kishan0725's Hospital Management System
 CVE-2024-45982 (A host header injection vulnerability in scheduleR v0.0.18 allows atta ...)
-	TODO: check
+	NOT-FOR-US: scheduleR
 CVE-2024-45981 (A host header injection vulnerability in BookReviewLibrary 1.0 allows  ...)
 	NOT-FOR-US: BookReviewLibrary
 CVE-2024-45980 (A host header injection vulnerability in MEANStore 1.0 allows attacker ...)
@@ -177,7 +177,7 @@ CVE-2024-45723 (The goTenna Pro ATAK Plugin does not use SecureRandom when gener
 CVE-2024-45374 (In the goTenna Pro ATAK Plugin application, the encryption keys are  s ...)
 	NOT-FOR-US: goTenna Pro
 CVE-2024-45042 (Ory Kratos is an identity, user management and authentication system f ...)
-	TODO: check
+	NOT-FOR-US: Ory Kratos
 CVE-2024-44860 (An information disclosure vulnerability in the /Letter/PrintQr/ endpoi ...)
 	NOT-FOR-US: Solvait
 CVE-2024-43814 (goTenna Pro ATAK Plugin by default enables frequent unencrypted  Posit ...)
@@ -254,7 +254,7 @@ CVE-2024-4278 (An information disclosure issue has been discovered in GitLab EE
 CVE-2024-47330 (Missing Authorization vulnerability in Supsystic Slider by Supsystic,  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-47083 (Power Platform Terraform Provider allows managing environments and oth ...)
-	TODO: check
+	NOT-FOR-US: Power Platform Terraform Provider
 CVE-2024-47045 (Privilege chaining issue exists in the installer of e-Tax software(com ...)
 	NOT-FOR-US: installer of e-Tax software
 CVE-2024-45836 (Cross-site scripting vulnerability exists in the web management page o ...)
@@ -329,9 +329,9 @@ CVE-2024-47315 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This i
 CVE-2024-47305 (Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-47082 (Strawberry GraphQL is a library for creating GraphQL APIs. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Strawberry GraphQL
 CVE-2024-47078 (Meshtastic is an open source, off-grid, decentralized, mesh network. M ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic
 CVE-2024-46655 (A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.3 ...)
 	NOT-FOR-US: Ellevo
 CVE-2024-46600 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
@@ -339,7 +339,7 @@ CVE-2024-46600 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request
 CVE-2024-46489 (A remote command execution (RCE) vulnerability in promptr v6.0.7 allow ...)
 	NOT-FOR-US: promptr
 CVE-2024-46488 (sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via ...)
-	TODO: check
+	NOT-FOR-US: sqlite-vec
 CVE-2024-46485 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
 	NOT-FOR-US: dingfanzu CMS
 CVE-2024-46461 (VLC media player 3.0.20 and earlier is vulnerable to denial of service ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c5f37ae4290e02f05f2b6857f1f6b2541fcb239

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c5f37ae4290e02f05f2b6857f1f6b2541fcb239
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/7f797d41/attachment.htm>

More information about the debian-security-tracker-commits mailing list