[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 02 May 2024 02:38:09 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f72cfcbb by Moritz Muehlenhoff at 2024-05-02T11:37:27+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-4142 (An Improper input validation vulnerability that could 
potentially lead ...)
-       TODO: check
+       NOT-FOR-US: JFrog Artifactory
 CVE-2024-3490 (The WP Recipe Maker plugin for WordPress is vulnerable to 
Stored Cross ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-3481 (The Counter Box  WordPress plugin before 1.2.4 does not have 
CSRF chec ...)
@@ -21,15 +21,15 @@ CVE-2024-3471 (The Button Generator  WordPress plugin 
before 3.0 does not have C
 CVE-2024-3280 (The Follow Us Badges plugin for WordPress is vulnerable to 
Stored Cros ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32971 (Apollo Router is a configurable, graph router written in Rust 
to run a ...)
-       TODO: check
+       NOT-FOR-US: Apollo Router
 CVE-2024-32962 (xml-crypto is an xml digital signature and encryption library 
for Node ...)
-       TODO: check
+       NOT-FOR-US: Node xml-crypto
 CVE-2024-32882 (Wagtail is an open source content management system built on 
Django. I ...)
-       TODO: check
+       NOT-FOR-US: Wagtail
 CVE-2024-2405 (The Float menu  WordPress plugin before 6.0.1 does not have 
CSRF check ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-51631 (D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer 
Overflow ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in 
the remo ...)
        NOT-FOR-US: Tenda
 CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 
Firmware V ...)
@@ -67,7 +67,7 @@ CVE-2024-33424 (A cross-site scripting (XSS) vulnerability in 
the Settings menu
 CVE-2024-33423 (Cross-Site Scripting (XSS) vulnerability in the Settings menu 
of CMSim ...)
        NOT-FOR-US: CMSimple
 CVE-2024-33393 (An issue in spidernet-io spiderpool v.0.9.3 and before allows 
a local  ...)
-       TODO: check
+       NOT-FOR-US: spiderpool
 CVE-2024-33307 (SourceCodester Laboratory Management System 1.0 is vulnerable 
to Cross ...)
        NOT-FOR-US: SourceCodester Laboratory Management System
 CVE-2024-33306 (SourceCodester Laboratory Management System 1.0 is vulnerable 
to Cross ...)
@@ -79,13 +79,13 @@ CVE-2024-33300 (Typora v1.0.0 through v1.7 version (below) 
Markdown editor has a
 CVE-2024-33292 (SQL Injection vulnerability in Realisation MGSD v.1.0 allows a 
remote  ...)
        NOT-FOR-US: Realisation MGSD
 CVE-2024-33078 (Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user 
can send  ...)
-       TODO: check
+       NOT-FOR-US: libpag
 CVE-2024-32984 (Yamux is a stream multiplexer over reliable, ordered 
connections such  ...)
        TODO: check
 CVE-2024-32979 (Nautobot is a Network Source of Truth and Network Automation 
Platform  ...)
-       TODO: check
+       NOT-FOR-US: Nautobot
 CVE-2024-32973 (Pluto is a superset of Lua 5.4 with a focus on general-purpose 
program ...)
-       TODO: check
+       NOT-FOR-US: Pluto
 CVE-2024-32213 (The LoMag WareHouse Management application version 1.0.20.120 
and olde ...)
        NOT-FOR-US: LoMag WareHouse Management application
 CVE-2024-32212 (SQL Injection vulnerability in LOGINT LoMag Inventory 
Management v1.0. ...)
@@ -95,15 +95,15 @@ CVE-2024-32211 (An issue in LOGINT LoMag Inventory 
Management v1.0.20.120 and be
 CVE-2024-32210 (The LoMag WareHouse Management application version 1.0.20.120 
and olde ...)
        NOT-FOR-US: LoMag WareHouse Management application
 CVE-2024-31413 (Free of pointer not at start of buffer vulnerability exists in 
CX-One  ...)
-       TODO: check
+       NOT-FOR-US: CX-One
 CVE-2024-31412 (Out-of-bounds read vulnerability exists in CX-Programmer 
included in C ...)
-       TODO: check
+       NOT-FOR-US: CX-One
 CVE-2024-30176 (In Logpoint before 7.4.0, an attacker can enumerate a valid 
list of us ...)
-       TODO: check
+       NOT-FOR-US: Logpoint
 CVE-2024-29011 (Use of hard-coded password in the GMS ECM endpoint leading to 
authenti ...)
-       TODO: check
+       NOT-FOR-US: SonicWall
 CVE-2024-29010 (The XML document processed in the GMS ECM URL endpoint is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: SonicWall
 CVE-2024-28893 (Certain HP software packages (SoftPaqs) are potentially 
vulnerable to  ...)
        NOT-FOR-US: HP
 CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is vulnerable to cross-site 
scripting.  ...)
@@ -111,17 +111,17 @@ CVE-2024-28775 (IBM WebSphere Automation 1.7.0 is 
vulnerable to cross-site scrip
 CVE-2024-28764 (IBM WebSphere Automation 1.7.0 could allow an attacker with 
privileged ...)
        NOT-FOR-US: IBM
 CVE-2024-26504 (An issue in Wifire Hotspot v.4.5.3 allows a local attacker to 
execute  ...)
-       TODO: check
+       NOT-FOR-US: Wifire Hotspot
 CVE-2024-26305 (There is a buffer overflow vulnerability in the underlying 
Utility dae ...)
        NOT-FOR-US: HPE Aruba Networking
 CVE-2024-26304 (There is a buffer overflow vulnerability in the underlying 
L2/L3 Manag ...)
        NOT-FOR-US: HPE Aruba Networking
 CVE-2024-25676 (An issue was discovered in ViewerJS 0.5.8. A script from the 
component ...)
-       TODO: check
+       NOT-FOR-US: ViewerJS
 CVE-2024-25458 (An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit 
board ident ...)
        NOT-FOR-US: CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera firmware
 CVE-2024-25355 (s3-url-parser 1.0.3 is vulnerable to Denial of service via the 
regexes ...)
-       TODO: check
+       NOT-FOR-US: s3-url-parser
 CVE-2024-25015 (IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could 
allow a r ...)
        NOT-FOR-US: IBM
 CVE-2024-24978 (Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. 
Receivi ...)
@@ -131,17 +131,17 @@ CVE-2024-24912 (A local privilege escalation 
vulnerability has been identified i
 CVE-2024-24403
        REJECTED
 CVE-2024-24313 (An issue in Vaales Technologies V_QRS v.2024-01-17 allows a 
remote att ...)
-       TODO: check
+       NOT-FOR-US: Vaales Technologies V_QRS
 CVE-2024-24312 (SQL injection vulnerability in Vaales Technologies V_QRS 
v.2024-01-17  ...)
-       TODO: check
+       NOT-FOR-US: Vaales Technologies V_QRS
 CVE-2024-23597 (Cross-site request forgery (CSRF) vulnerability exists in 
TvRock 0.9t8 ...)
        NOT-FOR-US: TvRock
 CVE-2024-23480 (A fallback mechanism in code sign checking on macOS may allow 
arbitrar ...)
-       TODO: check
+       NOT-FOR-US: Zscaler
 CVE-2024-23457 (The anti-tampering functionality of the Zscaler Client 
Connector can b ...)
        NOT-FOR-US: Zscaler
 CVE-2024-22830 (Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" 
version 1.0.2 ...)
-       TODO: check
+       NOT-FOR-US: Anti-Cheat Expert
 CVE-2024-20378 (A vulnerability in the web-based management interface of Cisco 
IP Phon ...)
        NOT-FOR-US: Cisco
 CVE-2024-20376 (A vulnerability in the web-based management interface of Cisco 
IP Phon ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72cfcbbb7d0c98df6670d72ca2ec5ff14510488

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72cfcbbb7d0c98df6670d72ca2ec5ff14510488
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to