[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 27 21:23:45 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ff77823 by Salvatore Bonaccorso at 2024-09-27T22:23:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-9301 (A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b144 ...)
- TODO: check
+ NOT-FOR-US: E2Nest
CVE-2024-9284 (A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2024-9283 (A vulnerability classified as problematic has been found in RelaxedJS ...)
TODO: check
CVE-2024-9282 (A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classifi ...)
- TODO: check
+ NOT-FOR-US: bg5sbk MiniCMS
CVE-2024-9281 (A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified ...)
- TODO: check
+ NOT-FOR-US: bg5sbk MiniCMS
CVE-2024-9280 (A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1e ...)
TODO: check
CVE-2024-9279 (A vulnerability, which was classified as problematic, was found in fun ...)
- TODO: check
+ NOT-FOR-US: funnyzpc Mee-Admin
CVE-2024-9278 (A vulnerability, which was classified as critical, has been found in H ...)
- TODO: check
+ NOT-FOR-US: HuankeMao SCRM
CVE-2024-9277 (A vulnerability classified as problematic was found in Langflow up to ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2024-9276 (A vulnerability classified as problematic has been found in TMsoft MyA ...)
- TODO: check
+ NOT-FOR-US: TMsoft MyAuth Gateway 3
CVE-2024-9275 (A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has ...)
- TODO: check
+ NOT-FOR-US: jeanmarc77 123solar
CVE-2024-9273
REJECTED
CVE-2024-9268
@@ -29,83 +29,83 @@ CVE-2024-9202 (In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Conn
CVE-2024-9171
REJECTED
CVE-2024-9160 (In versions of the PEADM Forge Module prior to 3.24.0 a security misco ...)
- TODO: check
+ NOT-FOR-US: PEADM Forge Module
CVE-2024-9136 (Access permission verification vulnerability in the App Multiplier mod ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-8644 (Cleartext Storage of Sensitive Information in a Cookie vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8643 (Session Fixation vulnerability in Oceanic Software ValeApp allows Brut ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8630 (Alisonic Sibylla devices are vulnerable to SQL injection attacks, whic ...)
- TODO: check
+ NOT-FOR-US: Alisonic Sibylla devices
CVE-2024-8609 (Insertion of Sensitive Information into Log File vulnerability in Ocea ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8608 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8607 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Oceanic Software ValeApp
CVE-2024-8310 (OPW Fuel Management Systems SiteSentinel could allow an attacker to b ...)
- TODO: check
+ NOT-FOR-US: OPW Fuel Management Systems SiteSentinel
CVE-2024-7149 (The Event Manager, Events Calendar, Tickets, Registrations \u2013 Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6983 (mudler/localai version 2.17.1 is vulnerable to remote code execution. ...)
- TODO: check
+ NOT-FOR-US: mudler/localai
CVE-2024-6981 (OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an atta ...)
- TODO: check
+ NOT-FOR-US: OMNTEC Proteus Tank Monitoring OEL8000III Series
CVE-2024-6931 (The The Events Calendar plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6654 (Products for macOS enables auser logged on to the system to perform a ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2024-6436 (An input validation vulnerability exists in the Rockwell Automation Se ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-47294 (Access permission verification vulnerability in the input method frame ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47293 (Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47292 (Path traversal vulnerability in the Bluetooth module Impact: Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47291 (Permission vulnerability in the ActivityManagerService (AMS) module Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47290 (Input validation vulnerability in the USB service module Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-47184 (Ampache is a web based audio/video streaming application and file mana ...)
TODO: check
CVE-2024-47182 (Dozzle is a realtime log viewer for docker containers. Before version ...)
- TODO: check
+ NOT-FOR-US: Dozzle
CVE-2024-47077 (authentik is an open-source identity provider. Prior to versions 2024. ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2024-47070 (authentik is an open-source identity provider. A vulnerability that ex ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2024-46472 (CodeAstro Membership Management System 1.0 is vulnerable to SQL Inject ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Membership Management System
CVE-2024-46471 (The Directory Listing in /uploads/ Folder in CodeAstro Membership Mana ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Membership Management System
CVE-2024-46470 (Cross Site Scripting vulnerability in CodeAstro Membership Management ...)
- TODO: check
+ NOT-FOR-US: CodeAstro Membership Management System
CVE-2024-46441 (An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers ...)
- TODO: check
+ NOT-FOR-US: YPay
CVE-2024-46367 (A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM ...)
- TODO: check
+ NOT-FOR-US: Webkul Krayin CRM
CVE-2024-46366 (A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin ...)
- TODO: check
+ NOT-FOR-US: Webkul Krayin CRM
CVE-2024-46333 (An authenticated cross-site scripting (XSS) vulnerability in Piwigo v1 ...)
TODO: check
CVE-2024-46331 (ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerab ...)
- TODO: check
+ NOT-FOR-US: ModStartCMS
CVE-2024-46257 (A Command injection vulnerability in requestLetsEncryptSslWithDnsChall ...)
TODO: check
CVE-2024-46256 (A Command injection vulnerability in requestLetsEncryptSsl in NginxPro ...)
TODO: check
CVE-2024-46097 (TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestP ...)
- TODO: check
+ NOT-FOR-US: TestLink
CVE-2024-45863 (A null-dereference vulnerability involving parsing requests specifying ...)
TODO: check
CVE-2024-45773 (A use-after-free vulnerability involving upgradeToRocket requests can ...)
TODO: check
CVE-2024-45745 (TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated ...)
- TODO: check
+ NOT-FOR-US: TopQuadrant
CVE-2024-45744 (TopQuadrant TopBraid EDG stores external credentials insecurely. An au ...)
- TODO: check
+ NOT-FOR-US: TopQuadrant
CVE-2024-44912 (NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read ...)
TODO: check
CVE-2024-44911 (NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read ...)
@@ -113,35 +113,35 @@ CVE-2024-44911 (NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds
CVE-2024-44910 (NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read ...)
TODO: check
CVE-2024-41930 (Cross-site scripting vulnerability exists in MF Teacher Performance Ma ...)
- TODO: check
+ NOT-FOR-US: MF Teacher Performance Management System
CVE-2024-40512 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
- TODO: check
+ NOT-FOR-US: openPetra
CVE-2024-40511 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
- TODO: check
+ NOT-FOR-US: openPetra
CVE-2024-40510 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
- TODO: check
+ NOT-FOR-US: openPetra
CVE-2024-40509 (Cross Site Scripting vulnerability in openPetra v.2023.02 allows a rem ...)
- TODO: check
+ NOT-FOR-US: openPetra
CVE-2024-3373 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: RSM Design Website Template
CVE-2024-39364 (Advantech ADAM-5630 has built-in commands that can be executed withou ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-39275 (Cookies of authenticated Advantech ADAM-5630 users remain as active va ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-38861 (Improper Certificate Validation in Checkmk Exchange plugin MikroTik al ...)
TODO: check
CVE-2024-38308 (Advantech ADAM 5550's web application includes a "logs" page where all ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-37187 (Advantech ADAM-5550 share user credentials with a low level of encrypt ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-34542 (Advantech ADAM-5630 shares user credentials plain text between the dev ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-33369 (Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1. ...)
- TODO: check
+ NOT-FOR-US: Plasmoapp RPShare Fabric mod
CVE-2024-33368 (An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: Plasmoapp RPShare Fabric mod
CVE-2024-28948 (Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulne ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2024-25412 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows at ...)
TODO: check
CVE-2024-25411 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows at ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ff7782359567a58b4df979d92382335548bf944
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ff7782359567a58b4df979d92382335548bf944
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/f8baa8ce/attachment.htm>
More information about the debian-security-tracker-commits
mailing list