Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d16275de by Salvatore Bonaccorso at 2024-08-28T22:37:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,73 +1,73 @@
CVE-2024-8195 (The Permalink Manager Lite plugin for WordPress is vulnerable
to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7745 (In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing
Critical ...)
- TODO: check
+ NOT-FOR-US: Progress WS_FTP Server
CVE-2024-7744 (In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper
Limitat ...)
- TODO: check
+ NOT-FOR-US: Progress WS_FTP Server
CVE-2024-7447 (The Interactive Contact Form and Multi Step Form Builder with
Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7269 (Improper Neutralization of Input During Web Page Generation
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: ConnX ESP HR Management
CVE-2024-6450 (HyperViewGeoportal Toolkit in versions though8.2.4 is
vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: HyperView Geoportal Toolkit
CVE-2024-6449 (HyperViewGeoportal Toolkit in versions though8.2.4 does not
restrict c ...)
- TODO: check
+ NOT-FOR-US: HyperView Geoportal Toolkit
CVE-2024-6053 (Improper access control in the clipboard synchronization
feature in Te ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2024-5546 (ZohocorpManageEngine Password Manager Pro versions before 12431
andMan ...)
- TODO: check
+ NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-45054 (Hwameistor is an HA local storage system for cloud-native
stateful wor ...)
- TODO: check
+ NOT-FOR-US: Hwameistor
CVE-2024-45043 (The OpenTelemetry Collector module AWS firehose receiver is
for ingest ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry Collector
CVE-2024-44915 (An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview
v4.67.1.0 a ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2024-44914 (An issue in the component EXR!ReadEXR+0x3df50 of Irfanview
v4.67.1.0 a ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2024-44913 (An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview
v4.67.1.0 a ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2024-44761 (An issue in EQ Enterprise Management System before v2.0.0
allows attac ...)
- TODO: check
+ NOT-FOR-US: EQ Enterprise Management System
CVE-2024-44760 (Incorrect access control in the component
/servlet/SnoopServlet of She ...)
- TODO: check
+ NOT-FOR-US: Shenzhou News Union Enterprise Management System
CVE-2024-43805 (jupyterlab is an extensible environment for interactive and
reproducib ...)
TODO: check
CVE-2024-42905 (Beijing Digital China Cloud Technology Co., Ltd. DCME-320
v.7.4.12.60 ...)
- TODO: check
+ NOT-FOR-US: Beijing Digital China Cloud Technology Co., Ltd. DCME-320
CVE-2024-42900 (Ruoyi v4.7.9 and before was discovered to contain a cross-site
scripti ...)
- TODO: check
+ NOT-FOR-US: Ruoyi
CVE-2024-42793 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
Kashipa ...)
- TODO: check
+ NOT-FOR-US: Kashipara Music Management System
CVE-2024-42698 (Roughly Enough Items (REI) v.16.0.729 and before contains an
Improper ...)
- TODO: check
+ NOT-FOR-US: Roughly Enough Items (REI)
CVE-2024-41565 (JustEnoughItems (JEI) 19.5.0.33 and before contains an
Improper Valida ...)
- TODO: check
+ NOT-FOR-US: JustEnoughItems (JEI)
CVE-2024-41564 (EMI v.1.1.10 and before, fixed in v.1.1.11, contains an
Improper Valid ...)
- TODO: check
+ NOT-FOR-US: EMI
CVE-2024-41236 (A SQL injection vulnerability in /smsa/admin_login.php in
Kashipara Re ...)
- TODO: check
+ NOT-FOR-US: Kashipara Responsive School Management System
CVE-2024-34198 (TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011
is vulne ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-34195 (TOTOLINK AC1200 Wireless Router A3002R Firmware
V1.1.1-B20200824 is vu ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-20478 (A vulnerability in the software upgrade component of Cisco
Application ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20446 (A vulnerability in the DHCPv6 relay agent of Cisco NX-OS
Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20413 (A vulnerability in Cisco NX-OS Software could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20411 (A vulnerability in Cisco NX-OS Software could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20289 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20286 (A vulnerability in the Python interpreter of Cisco NX-OS
Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20285 (A vulnerability in the Python interpreter of Cisco NX-OS
Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20284 (A vulnerability in the Python interpreter of Cisco NX-OS
Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20279 (A vulnerability in the restricted security domain
implementation of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-8231 (A vulnerability classified as critical has been found in Tenda
O6 1.0. ...)
NOT-FOR-US: Tenda
CVE-2024-8230 (A vulnerability was found in Tenda O6 1.0.0.7(2054). It has
been rated ...)
@@ -119,7 +119,7 @@ CVE-2024-4554 (Improper Input Validation vulnerability in
OpenText NetIQ Access
CVE-2024-45346 (The Xiaomi Security Center expresses heartfelt thanks to Ken
Gannon an ...)
NOT-FOR-US: XiaomiGetApps application
CVE-2024-45049 (Hydra is a Continuous Integration service for Nix based
projects. It i ...)
- TODO: check
+ NOT-FOR-US: Hydra
CVE-2024-45038 (Meshtastic device firmware is a firmware for meshtastic
devices to run ...)
NOT-FOR-US: Meshtastic device firmware
CVE-2024-39771 (QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and
earlier ...)
@@ -210,9 +210,9 @@ CVE-2024-43788 (Webpack is a module bundler. Its main
purpose is to bundle JavaS
NOTE:
https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986
NOTE: Fixed by:
https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61
(v5.94.0)
CVE-2024-43783 (The Apollo Router Core is a configurable, high-performance
graph route ...)
- TODO: check
+ NOT-FOR-US: Apollo Router
CVE-2024-43414 (Apollo Federation is an architecture for declaratively
composing APIs ...)
- TODO: check
+ NOT-FOR-US: Apollo Federation
CVE-2024-42851 (Buffer Overflow vulnerability in open source exiftags v.1.01
allows a ...)
TODO: check
CVE-2024-41622 (D-Link DIR-846W A1 FW100A43 was discovered to contain a remote
command ...)
@@ -255,7 +255,7 @@ CVE-2024-43916 (Authorization Bypass Through
User-Controlled Key vulnerability i
CVE-2024-43915 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-43798 (Chisel is a fast TCP/UDP tunnel, transported over HTTP,
secured via SS ...)
- TODO: check
+ NOT-FOR-US: Chisel
CVE-2024-43356 (Cross-Site Request Forgery (CSRF) vulnerability in
bobbingwide.This is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-43340 (Cross-Site Request Forgery (CSRF) vulnerability in Nasirahmed
Advanced ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d16275def0ee9b6f52aee7da723c7b0a570ca63b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d16275def0ee9b6f52aee7da723c7b0a570ca63b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
