[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 31 Jul 2024 13:33:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7a17a517 by Salvatore Bonaccorso at 2024-07-31T22:33:10+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
 CVE-2024-7340 (The Weave server API allows remote users to fetch files from a 
specifi ...)
-       TODO: check
+       NOT-FOR-US: Weave server
 CVE-2024-7325 (A vulnerability was found in IObit Driver Booster 11.0.0.0. It 
has bee ...)
-       TODO: check
+       NOT-FOR-US: IObit Driver Booster
 CVE-2024-7324 (A vulnerability was found in IObit iTop Data Recovery Pro 
4.4.0.687. I ...)
-       TODO: check
+       NOT-FOR-US: IObit iTop Data Recovery Pro
 CVE-2024-7321 (A vulnerability classified as problematic was found in 
itsourcecode On ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode Online Blood Bank Management System
 CVE-2024-7320 (A vulnerability classified as critical has been found in 
itsourcecode  ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode Online Blood Bank Management System
 CVE-2024-7311 (A vulnerability was found in code-projects Online Bus 
Reservation Site ...)
-       TODO: check
+       NOT-FOR-US: code-projects Online Bus Reservation Site
 CVE-2024-7310 (A vulnerability was found in SourceCodester Record Management 
System 1 ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Record Management System
 CVE-2024-7309 (A vulnerability was found in SourceCodester Record Management 
System 1 ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Record Management System
 CVE-2024-7308 (A vulnerability was found in SourceCodester Establishment 
Billing Mana ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Establishment Billing Management System
 CVE-2024-7307 (A vulnerability has been found in SourceCodester Establishment 
Billing ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Establishment Billing Management System
 CVE-2024-7135 (The Tainacan plugin for WordPress is vulnerable to unauthorized 
access ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6978 (Cato Networks Windows SDP Client Local root certificates can be 
instal ...)
-       TODO: check
+       NOT-FOR-US: Cato Networks
 CVE-2024-6977 (A vulnerability in Cato Networks SDP Client on Windows allows 
the inse ...)
-       TODO: check
+       NOT-FOR-US: Cato Networks
 CVE-2024-6975 (Cato Networks Windows SDP Client Local Privilege Escalation via 
openss ...)
-       TODO: check
+       NOT-FOR-US: Cato Networks
 CVE-2024-6974 (Cato Networks Windows SDP Client Local Privilege Escalation via 
self-u ...)
-       TODO: check
+       NOT-FOR-US: Cato Networks
 CVE-2024-6973 (Remote Code Execution in Cato Windows SDP client via crafted 
URLs. Thi ...)
-       TODO: check
+       NOT-FOR-US: Cato Networks
 CVE-2024-6725 (The Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, 
Payment ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6208 (The Download Manager plugin for WordPress is vulnerable to 
Stored Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-41955 (Mobile Security Framework (MobSF) is a security research 
platform for  ...)
-       TODO: check
+       NOT-FOR-US: Mobile Security Framework (MobSF)
 CVE-2024-41954 (FOG is a cloning/imaging/rescue suite/inventory management 
system. The ...)
-       TODO: check
+       NOT-FOR-US: FOG
 CVE-2024-41953 (Zitadel is an open source identity management system. ZITADEL 
uses HTM ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2024-41952 (Zitadel is an open source identity management system. ZITADEL 
administ ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2024-41951 (Pheonix App is a Python application designed to streamline 
various tas ...)
-       TODO: check
+       NOT-FOR-US: Pheonix App
 CVE-2024-41950 (Haystack is an end-to-end LLM framework that allows you to 
build appli ...)
        TODO: check
 CVE-2024-41947 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2024-41660 (slpd-lite is a unicast SLP UDP server. Any OpenBMC system that 
include ...)
        TODO: check
 CVE-2024-41630 (Stack-based buffer overflow vulnerability in Tenda AC18 
V15.03.3.10_EN ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2024-41108 (FOG is a free open-source cloning/imaging/rescue 
suite/inventory manag ...)
-       TODO: check
+       NOT-FOR-US: FOG
 CVE-2024-40645 (FOG is a cloning/imaging/rescue suite/inventory management 
system. An  ...)
-       TODO: check
+       NOT-FOR-US: FOG
 CVE-2024-3083 (A \u201cCWE-352: Cross-Site Request Forgery (CSRF)\u201d can be 
exploi ...)
        TODO: check
 CVE-2024-3082 (A \u201cCWE-256: Plaintext Storage of a Password\u201d 
affecting the a ...)
@@ -63,31 +63,31 @@ CVE-2024-3082 (A \u201cCWE-256: Plaintext Storage of a 
Password\u201d affecting
 CVE-2024-39694 (Duende IdentityServer is an OpenID Connect and OAuth 2.x 
framework for ...)
        TODO: check
 CVE-2024-39379 (Acrobat for Edge versions 126.0.2592.81 and earlier are 
affected by an ...)
-       TODO: check
+       NOT-FOR-US: Acrobat for Edge
 CVE-2024-39318 (The Ibexa Admin UI Bundle contains all the necessary parts to 
run the  ...)
-       TODO: check
+       NOT-FOR-US: Ibexa Admin UI Bundle
 CVE-2024-37901 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2024-37900 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2024-37898 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2024-37142 (Dell Peripheral Manager, versions prior to 1.7.6, contain an 
uncontrol ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-37135 (DM5500 5.16.0.0, contains an information disclosure 
vulnerability. A l ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-37129 (Dell Inventory Collector, versions prior to 12.3.0.6 contains 
a Path T ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-37127 (Dell Peripheral Manager, versions prior to 1.7.6, contain an 
uncontrol ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-32857 (Dell Peripheral Manager, versions prior to 1.7.6, contain an 
uncontrol ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-31203 (A \u201cCWE-121: Stack-based Buffer Overflow\u201d in the 
wd210std.dll ...)
-       TODO: check
+       NOT-FOR-US: ThermoscanIP installer
 CVE-2024-31202 (A \u201cCWE-732: Incorrect Permission Assignment for Critical 
Resource ...)
-       TODO: check
+       NOT-FOR-US: ThermoscanIP
 CVE-2024-31201 (A \u201cCWE-428: Unquoted Search Path or Element\u201d affects 
the The ...)
-       TODO: check
+       NOT-FOR-US: ThermoscanIP
 CVE-2024-31200 (A \u201cCWE-201: Insertion of Sensitive Information Into Sent 
Data\u20 ...)
        TODO: check
 CVE-2024-31199 (A \u201cCWE-79: Improper Neutralization of Input During Web 
Page Gener ...)
@@ -141,13 +141,13 @@ CVE-2024-7274 (A vulnerability, which was classified as 
critical, has been found
 CVE-2024-7273 (A vulnerability classified as critical was found in 
itsourcecode Alton ...)
        NOT-FOR-US: itsourcecode Alton Management System
 CVE-2024-7205 (When the device is shared,the homepage module are before 2.19.0 
in eWe ...)
-       TODO: check
+       NOT-FOR-US: eWeLink Cloud Service homepage module
 CVE-2024-6980 (A verbose error handling issue in the proxy service implemented 
in the ...)
        NOT-FOR-US: GravityZone Update Server
 CVE-2024-6770 (The Lifetime free Drag & Drop Contact Form Builder for 
WordPress VForm ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6695 (it's possible for an attacker to gain administrative access 
without ha ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6412 (The HTML Forms  WordPress plugin before 1.3.34 does not have 
CSRF chec ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6408 (The Slider by 10Web  WordPress plugin before 1.2.57 does not 
sanitise  ...)
@@ -161,7 +161,7 @@ CVE-2024-6165 (The WANotifier  WordPress plugin before 
2.6.1 does not sanitise a
 CVE-2024-5901 (The SiteOrigin Widgets Bundle plugin for WordPress is 
vulnerable to St ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-42381 (os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to 
load ELF fi ...)
-       TODO: check
+       NOT-FOR-US: Homebrew brew
 CVE-2024-39950 (A vulnerability has been found in Dahua products. Attackers 
can send c ...)
        NOT-FOR-US: Dahua
 CVE-2024-39949 (A vulnerability has been found in Dahua products.Attackers can 
send ca ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a17a51758897d51148ebb31f8e219b2893e5f4d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a17a51758897d51148ebb31f8e219b2893e5f4d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to