[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 10 Sep 2024 13:44:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
451b1395 by Salvatore Bonaccorso at 2024-09-10T22:44:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. 
It has b ...)
-       TODO: check
+       NOT-FOR-US: Mercury MNVR816
 CVE-2024-8654 (MongoDB Server may access non-initialized region of memory 
leading to  ...)
        TODO: check
 CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 
4.0.15 a ...)
@@ -7,21 +7,21 @@ CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 
4.0.5 and 4.0.0 to 4.0
        NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19559
 CVE-2024-8543 (The Slider comparison image before and after plugin for 
WordPress is v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8504 (An attacker with authenticated access to VICIdial as an "agent" 
can ex ...)
-       TODO: check
+       NOT-FOR-US: VICIdial
 CVE-2024-8503 (An unauthenticated attacker can leverage a time-based SQL 
injection vu ...)
-       TODO: check
+       NOT-FOR-US: VICIdial
 CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets 
plugin for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in 
Electron  ...)
        TODO: check
 CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is 
vulnerable to St ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could 
allow an ...)
-       TODO: check
+       NOT-FOR-US: SpiderControl SCADA Web Server
 CVE-2024-7770 (The Bit File Manager \u2013 100% Free & Open Source File 
Manager and C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-7699 (An low privileged remote attacker can execute OS commands with 
root pr ...)
        TODO: check
 CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens 
of highe ...)
@@ -29,11 +29,11 @@ CVE-2024-7698 (A low privileged remote attacker canget 
access to CSRF tokens of
 CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows 
an loca ...)
        TODO: check
 CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, 
Conditio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a 
symlink in a  ...)
        TODO: check
 CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
-       TODO: check
+       NOT-FOR-US: Directus
 CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users 
hosting D-Tal ...)
        TODO: check
 CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A 
bug in Ni ...)
@@ -41,7 +41,7 @@ CVE-2024-45593 (Nix is a package manager for Linux and other 
Unix systems. A bug
 CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, 
integrates audi ...)
        TODO: check
 CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API 
exposes the hi ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser 
<1.20.3 is ...)
        TODO: check
 CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by 
providing a ...)
@@ -53,29 +53,29 @@ CVE-2024-45407 (Sunshine is a self-hosted game stream host 
for Moonlight. Client
 CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video 
and ima ...)
        TODO: check
 CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-45044 (Bareos is open source software for backup, archiving, and 
recovery of  ...)
        TODO: check
 CVE-2024-45032 (A vulnerability has been identified in Industrial Edge 
Management Pro  ...)
-       TODO: check
+       NOT-FOR-US: Industrial Edge Management
 CVE-2024-44893 (An issue in the component /jeecg-boot/jmreport/dict/list of 
JimuReport ...)
-       TODO: check
+       NOT-FOR-US: JimuReport
 CVE-2024-44872 (A reflected cross-site scripting (XSS) vulnerability in 
moziloCMS v3.0 ...)
-       TODO: check
+       NOT-FOR-US: moziloCMS
 CVE-2024-44871 (An arbitrary file upload vulnerability in the component 
/admin/index.p ...)
-       TODO: check
+       NOT-FOR-US: moziloCMS
 CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: phpok
 CVE-2024-44815 (An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a 
physica ...)
-       TODO: check
+       NOT-FOR-US: Hathway Skyworth Router CM5100
 CVE-2024-44677 (eladmin v2.7 and before is vulnerable to Server-Side Request 
Forgery ( ...)
        TODO: check
 CVE-2024-44676 (eladmin v2.7 and before is vulnerable to Cross Site Scripting 
(XSS) wh ...)
        TODO: check
 CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE 
Router M7628 ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE 
Router
 CVE-2024-44087 (A vulnerability has been identified in Automation License 
Manager V5 ( ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-43800 (serve-static serves static files. serve-static passes 
untrusted user i ...)
        TODO: check
 CVE-2024-43799 (Send is a library for streaming files from the file system as 
a http r ...)
@@ -83,51 +83,51 @@ CVE-2024-43799 (Send is a library for streaming files from 
the file system as a
 CVE-2024-43796 (Express.js minimalist web framework for node. In express < 
4.20.0, pas ...)
        TODO: check
 CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All 
versions ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2024-43647 (A vulnerability has been identified in SIMATIC S7-200 SMART 
CPU CR40 ( ...)
        TODO: check
 CVE-2024-43495 (Windows libarchive Remote Code Execution Vulnerability)
        TODO: check
 CVE-2024-43492 (Microsoft AutoUpdate (MAU) Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43491 (Microsoft is aware of a vulnerability in Servicing Stack that 
has roll ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43487 (Windows Mark of the Web Security Feature Bypass Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43482 (Microsoft Outlook for iOS Information Disclosure Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43479 (Microsoft Power Automate Desktop Remote Code Execution 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43476 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting 
Vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43475 (Microsoft Windows Admin Center Information Disclosure 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43474 (Microsoft SQL Server Information Disclosure Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43470 (Azure Network Watcher VM Agent Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43469 (Azure CycleCloud Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43467 (Windows Remote Desktop Licensing Service Remote Code Execution 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43466 (Microsoft SharePoint Server Denial of Service Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43465 (Microsoft Excel Elevation of Privilege Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43464 (Microsoft SharePoint Server Remote Code Execution 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43463 (Microsoft Office Visio Remote Code Execution Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43461 (Windows MSHTML Platform Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43458 (Windows Networking Information Disclosure Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43457 (Windows Setup and Deployment Elevation of Privilege 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43455 (Windows Remote Desktop Licensing Service Spoofing 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43454 (Windows Remote Desktop Licensing Service Remote Code Execution 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-43393 (A low privileged remote attacker can perform configuration 
changes of  ...)
        TODO: check
 CVE-2024-43392 (A low privileged remote attacker can perform configuration 
changes of  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/451b1395170ff46cb9f9753fac406664914d7449

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/451b1395170ff46cb9f9753fac406664914d7449
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to