[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 02 Feb 2024 01:08:14 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b771b29b by Moritz Mühlenhoff at 2024-02-02T10:02:57+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,123 +1,123 @@
 CVE-2024-24945 (A stored cross-site scripting (XSS) vulnerability in Travel 
Journal Us ...)
-       TODO: check
+       NOT-FOR-US: Travel Journal Using PHP and MySQL
 CVE-2024-24756 (Crafatar serves Minecraft avatars based on the skin for use in 
externa ...)
-       TODO: check
+       NOT-FOR-US: Crafatar
 CVE-2024-24755 (discourse-group-membership-ip-block is a discourse plugin that 
adds su ...)
-       TODO: check
+       NOT-FOR-US: discourse-group-membership-ip-block
 CVE-2024-24524 (Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS 
v.2.33, ...)
-       TODO: check
+       NOT-FOR-US: flusity-CMS
 CVE-2024-24482 (Aprktool before 2.9.3 on Windows allows ../ and /.. directory 
traversa ...)
-       TODO: check
+       NOT-FOR-US: Aprktool
 CVE-2024-24041 (A stored cross-site scripting (XSS) vulnerability in Travel 
Journal Us ...)
-       TODO: check
+       NOT-FOR-US: Travel Journal Using PHP and MySQL
 CVE-2024-23978 (Heap-based buffer overflow vulnerability exists in HOME SPOT 
CUBE2 V10 ...)
-       TODO: check
+       NOT-FOR-US: HOME SPOT CUBE2
 CVE-2024-23746 (Miro Desktop 0.8.18 on macOS allows Electron code injection.)
-       TODO: check
+       NOT-FOR-US: Miro Desktop
 CVE-2024-23052 (An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 
allows a ...)
-       TODO: check
+       NOT-FOR-US: WuKongOpenSource WukongCRM
 CVE-2024-23034 (Cross Site Scripting vulnerability in the input parameter in 
eyoucms v ...)
-       TODO: check
+       NOT-FOR-US: eyoucms
 CVE-2024-23033 (Cross Site Scripting vulnerability in the path parameter in 
eyoucms v. ...)
-       TODO: check
+       NOT-FOR-US: eyoucms
 CVE-2024-23032 (Cross Site Scripting vulnerability in num parameter in eyoucms 
v.1.6.5 ...)
-       TODO: check
+       NOT-FOR-US: eyoucms
 CVE-2024-23031 (Cross Site Scripting (XSS) vulnerability in is_water parameter 
in eyou ...)
-       TODO: check
+       NOT-FOR-US: eyoucms
 CVE-2024-22927 (Cross Site Scripting (XSS) vulnerability in the func parameter 
in eyou ...)
-       TODO: check
+       NOT-FOR-US: eyoucms
 CVE-2024-22903 (Vinchin Backup & Recovery v7.2 was discovered to contain an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Vinchin Backup & Recovery
 CVE-2024-22902 (Vinchin Backup & Recovery v7.2 was discovered to be configured 
with de ...)
-       TODO: check
+       NOT-FOR-US: Vinchin Backup & Recovery
 CVE-2024-22901 (Vinchin Backup & Recovery v7.2 was discovered to use default 
MYSQL cre ...)
-       TODO: check
+       NOT-FOR-US: Vinchin Backup & Recovery
 CVE-2024-22900 (Vinchin Backup & Recovery v7.2 was discovered to contain an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Vinchin Backup & Recovery
 CVE-2024-22899 (Vinchin Backup & Recovery v7.2 was discovered to contain an 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Vinchin Backup & Recovery
 CVE-2024-22779 (Directory Traversal vulnerability in Kihron ServerRPExposer 
v.1.0.2 an ...)
-       TODO: check
+       NOT-FOR-US: Kihron ServerRPExposer
 CVE-2024-22533 (Before Beetl v3.15.12, the rendering template has a 
server-side templa ...)
-       TODO: check
+       NOT-FOR-US: Beetl
 CVE-2024-22320 (IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 
8.11, 8.11. ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-22319 (IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 
8.11, 8.11. ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2024-22096 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 
5.8.4,an  ...)
-       TODO: check
+       NOT-FOR-US: Rapid SCADA
 CVE-2024-22016 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 
5.8.4,an  ...)
-       TODO: check
+       NOT-FOR-US: Rapid SCADA
 CVE-2024-21869 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 
5.8.4, th ...)
-       TODO: check
+       NOT-FOR-US: Rapid SCADA
 CVE-2024-21866 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 
5.8.4, th ...)
-       TODO: check
+       NOT-FOR-US: Rapid SCADA
 CVE-2024-21863 (in OpenHarmony v4.0.0 and prior versions allow a local 
attacker cause  ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2024-21860 (in OpenHarmony v4.0.0 and prior versions  allow an adjacent 
attacker a ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2024-21852 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 
5.8.4,an  ...)
-       TODO: check
+       NOT-FOR-US: Rapid SCADA
 CVE-2024-21851 (in OpenHarmony v4.0.0 and prior versions allow a local 
attacker cause  ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2024-21845 (in OpenHarmony v4.0.0 and prior versions allow a local 
attacker cause  ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2024-21794 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 
5.8.4,an  ...)
-       TODO: check
+       NOT-FOR-US: Rapid SCADA
 CVE-2024-21780 (Stack-based buffer overflow vulnerability exists in HOME SPOT 
CUBE2 V1 ...)
-       TODO: check
+       NOT-FOR-US: HOME SPOT CUBE2
 CVE-2024-21764 (In Rapid Software LLC's Rapid SCADA versions prior toVersion 
5.8.4, th ...)
-       TODO: check
+       NOT-FOR-US: Rapid SCADA
 CVE-2024-21485 (Versions of the package dash-core-components before 2.13.0; 
all versio ...)
-       TODO: check
+       NOT-FOR-US: Node dash-core-components
 CVE-2024-21399 (Microsoft Edge (Chromium-based) Remote Code Execution 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-1162 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable 
to Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1143 (Central Dogma versions prior to 0.64.0 is vulnerable to 
Cross-Site Scr ...)
-       TODO: check
+       NOT-FOR-US: Central Dogma
 CVE-2024-1073 (The SlimStat Analytics plugin for WordPress is vulnerable to 
Stored Cr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1047 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable 
to unaut ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1040 (Gessler GmbH WEB-MASTER user account is stored using a weak 
hashing al ...)
-       TODO: check
+       NOT-FOR-US: WEB-MASTER
 CVE-2024-1039 (Gessler GmbH WEB-MASTER has a restoration account that uses 
weak hard  ...)
-       TODO: check
+       NOT-FOR-US: WEB-MASTER
 CVE-2024-0685 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form 
Builder for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0325 (In Helix Sync versions prior to 2024.1, a local command 
injection was  ...)
-       TODO: check
+       NOT-FOR-US: Helix Sync
 CVE-2024-0285 (in OpenHarmony v4.0.0 and prior versions allow a local attacker 
cause  ...)
-       TODO: check
+       NOT-FOR-US: OpenHarmony
 CVE-2023-6221 (The cloud provider MachineSense uses for integration and 
deployment fo ...)
-       TODO: check
+       NOT-FOR-US: MachineSense
 CVE-2023-50962 (IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP 
Strict  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50941 (IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout 
functionality, w ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50940 (IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource 
Sharing (CORS ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50939 (IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected 
cryptographic  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50938 (IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to 
hijack  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50937 (IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected 
cryptographic  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50936 (IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session 
after logout ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50935 (IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict 
access to a U ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50934 (IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor 
authentication which  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50933 (IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. 
A remot ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50328 (IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to 
view sess ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50327 (IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which 
could a ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-50326 (IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account 
lockout setti ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2023-4472 (Objectplanet Opinio version 7.22 and prior uses a 
cryptographically we ...)
        TODO: check
 CVE-2023-49617 (The MachineSense application programmable interface (API) is 
improperl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b771b29b399c185fb9cf8ffcdfe2f9f8d5186ca3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b771b29b399c185fb9cf8ffcdfe2f9f8d5186ca3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to