[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) Wed, 18 Sep 2024 13:58:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3697dd62 by Salvatore Bonaccorso at 2024-09-18T22:53:08+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2024-5958 (Improper Neutralization of Special Elements 
used in an SQL Comman
 CVE-2024-5682 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
        NOT-FOR-US: Yordam Library Automation System
 CVE-2024-47001 (Hidden functionality issue in multiple digital video recorders 
provide ...)
-       TODO: check
+       NOT-FOR-US: TAKENAKA
 CVE-2024-46990 (Directus is a real-time API and App dashboard for managing SQL 
databas ...)
        NOT-FOR-US: Directus
 CVE-2024-46989 (spicedb is an Open Source, Google Zanzibar-inspired 
permissions databa ...)
@@ -43,7 +43,7 @@ CVE-2024-46987 (Camaleon CMS is a dynamic and advanced 
content management system
 CVE-2024-46986 (Camaleon CMS is a dynamic and advanced content management 
system based ...)
        NOT-FOR-US: Camaleon CMS
 CVE-2024-46982 (Next.js is a React framework for building full-stack web 
applications. ...)
-       TODO: check
+       NOT-FOR-US: Next.js
 CVE-2024-46979 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
        NOT-FOR-US: XWiki
 CVE-2024-46978 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
@@ -127,7 +127,7 @@ CVE-2024-46086 (FrogCMS V0.9.5 was discovered to contain a 
Cross-Site Request Fo
 CVE-2024-45858 (An arbitrary code execution vulnerability exists in versions 
0.2.9 up  ...)
        NOT-FOR-US: Guardrails AI Guardrails framework
 CVE-2024-45813 (find-my-way is a fast, open source HTTP router, internally 
using a Rad ...)
-       TODO: check
+       NOT-FOR-US: find-my-way
 CVE-2024-45679 (Heap-based buffer overflow vulnerability in Assimp versions 
prior to 5 ...)
        TODO: check
 CVE-2024-45601 (Mesop is a Python-based UI framework designed for rapid web 
apps devel ...)
@@ -141,7 +141,7 @@ CVE-2024-45451 (Improper Neutralization of Input During Web 
Page Generation (XSS
 CVE-2024-45366 (Welcart e-Commerce prior to 2.11.2 contains a cross-site 
scripting vul ...)
        NOT-FOR-US: Welcart e-Commerce
 CVE-2024-45298 (Wiki.js is an open source wiki app built on Node.js. A 
disabled user c ...)
-       TODO: check
+       NOT-FOR-US: Wiki.js
 CVE-2024-44589 (Stack overflow vulnerability in the Login function in the HNAP 
service ...)
        NOT-FOR-US: D-Link
 CVE-2024-44542 (SQL Injection vulnerability in todesk v.1.1 allows a remote 
attacker t ...)
@@ -211,7 +211,7 @@ CVE-2024-43969 (Improper Neutralization of Special Elements 
used in an SQL Comma
 CVE-2024-43938 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-43778 (OS command injection vulnerability in multiple digital video 
recorders ...)
-       TODO: check
+       NOT-FOR-US: TAKENAKA
 CVE-2024-43188 (IBM Business Automation Workflow   22.0.2, 23.0.1, 23.0.2, and 
24.0.0  ...)
        NOT-FOR-US: IBM
 CVE-2024-43025 (An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 
and ear ...)
@@ -221,11 +221,11 @@ CVE-2024-43024 (Multiple stored cross-site scripting 
(XSS) vulnerabilities in RW
 CVE-2024-42404 (SQL injection vulnerability in Welcart e-Commerce prior to 
2.11.2 allo ...)
        NOT-FOR-US: Welcart e-Commerce
 CVE-2024-41929 (Improper authentication vulnerability in multiple digital 
video record ...)
-       TODO: check
+       NOT-FOR-US: TAKENAKA
 CVE-2024-39590 (Multiple invalid pointer dereference vulnerabilities exist in 
the Open ...)
-       TODO: check
+       NOT-FOR-US: OpenPLC
 CVE-2024-39589 (Multiple invalid pointer dereference vulnerabilities exist in 
the Open ...)
-       TODO: check
+       NOT-FOR-US: OpenPLC
 CVE-2024-39339 (A vulnerability has been discovered in all versions of 
Smartplay headu ...)
        TODO: check
 CVE-2024-39081 (An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to 
perform a ...)
@@ -233,9 +233,9 @@ CVE-2024-39081 (An issue in SMART TYRE CAR & BIKE v4.2.0 
allows attackers to per
 CVE-2024-37985 (Windows Kernel Information Disclosure Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-36981 (An out-of-bounds read vulnerability exists in the OpenPLC 
Runtime Ethe ...)
-       TODO: check
+       NOT-FOR-US: OpenPLC
 CVE-2024-36980 (An out-of-bounds read vulnerability exists in the OpenPLC 
Runtime Ethe ...)
-       TODO: check
+       NOT-FOR-US: OpenPLC
 CVE-2024-35515 (Insecure deserialization in sqlitedict up to v2.1.0 allows 
attackers t ...)
        TODO: check
 CVE-2024-34399 (**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC 
Remedy Mi ...)
@@ -243,7 +243,7 @@ CVE-2024-34399 (**UNSUPPORTED WHEN ASSIGNED** An issue was 
discovered in BMC Rem
 CVE-2024-34057 (Triangle Microworks TMW IEC 61850 Client source code libraries 
before  ...)
        NOT-FOR-US: Triangle Microworks
 CVE-2024-34026 (A stack-based buffer overflow vulnerability exists in the 
OpenPLC Runt ...)
-       TODO: check
+       NOT-FOR-US: OpenPLC
 CVE-2024-31198 (Out-of-bounds Read vulnerability in Open Networking Foundation 
(ONF) l ...)
        TODO: check
 CVE-2024-31197 (Improper Null Termination vulnerability in Open Networking 
Foundation  ...)
@@ -323,11 +323,11 @@ CVE-2023-49203 (Technitium 11.5.3 allows remote attackers 
to cause a denial of s
 CVE-2023-47105 (exec.CommandContext in Chaosblade 0.3 through 1.7.3, when 
server mode  ...)
        TODO: check
 CVE-2023-41612 (Victure PC420 1.1.39 was discovered to use a weak encryption 
key for t ...)
-       TODO: check
+       NOT-FOR-US: Victure
 CVE-2023-41611 (Victure PC420 1.1.39 was discovered to use a weak and 
partially hardco ...)
-       TODO: check
+       NOT-FOR-US: Victure
 CVE-2023-41610 (Victure PC420 1.1.39 was discovered to contain a hardcoded 
root passwo ...)
-       TODO: check
+       NOT-FOR-US: Victure
 CVE-2024-XXXX [get_groups does not always returns the group of the action]
        - tryton-server 6.0.52-1
        NOTE: 
https://discuss.tryton.org/t/security-release-for-issues-13505-and-13506/7846
@@ -165512,7 +165512,7 @@ CVE-2022-39070 (There is an access control 
vulnerability in some ZTE PON OLT pro
 CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to 
lack of ...)
        NOT-FOR-US: ZTE
 CVE-2022-39068 (There is a buffer overflow vulnerability in ZTE MF296R. Due to 
insuffi ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2022-39067 (There is a buffer overflow vulnerability in ZTE MF286R. Due to 
lack of ...)
        NOT-FOR-US: ZTE
 CVE-2022-39066 (There is a SQL injection vulnerability in ZTE MF286R. Due to 
insuffici ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3697dd621d5a1237da5a7653706de09f45f55132

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3697dd621d5a1237da5a7653706de09f45f55132
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Reply via email to