[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 15 Oct 2024 07:06:28 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0be297da by Salvatore Bonaccorso at 2024-10-15T10:28:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,152 +23,152 @@ CVE-2024-9944 (The WooCommerce plugin for WordPress is 
vulnerable to HTML Inject
 CVE-2024-9837 (The The AADMY \u2013 Add Auto Date Month Year Into Posts plugin 
for Wo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-9820 (The WP 2FA with Telegram plugin for WordPress is vulnerable to 
Two-Fac ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-9687 (The WP 2FA with Telegram plugin for WordPress is vulnerable to 
Authent ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-9548 (The SlimStat Analytics plugin for WordPress is vulnerable to 
Stored Cr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-9546 (The WPIDE \u2013 File Manager & Code Editor plugin for 
WordPress is vu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6757 (The Elementor Website Builder \u2013 More than Just a Page 
Builder plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6207 (CVE 2021-22681 
https://www.rockwellautomation.com/en-us/trust-center/s ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2024-48911 (OpenCanary, a multi-protocol network honeypot, directly 
executed comma ...)
-       TODO: check
+       NOT-FOR-US: OpenCanary
 CVE-2024-48909 (SpiceDB is an open source database for scalably storing and 
querying f ...)
-       TODO: check
+       NOT-FOR-US: SpiceDB
 CVE-2024-48824 (An issue in Automatic Systems Maintenance SlimLane 
29565_d74ecce0c1081 ...)
-       TODO: check
+       NOT-FOR-US: Automatic Systems Maintenance SlimLane
 CVE-2024-48823 (Local file inclusion in Automatic Systems Maintenance SlimLane 
29565_d ...)
-       TODO: check
+       NOT-FOR-US: Automatic Systems Maintenance SlimLane
 CVE-2024-48822 (Privilege escalation in Automatic Systems Maintenance SlimLane 
29565_d ...)
-       TODO: check
+       NOT-FOR-US: Automatic Systems Maintenance SlimLane
 CVE-2024-48821 (Cross Site Scripting vulnerability in Automatic Systems 
Maintenance Sl ...)
-       TODO: check
+       NOT-FOR-US: Automatic Systems Maintenance SlimLane
 CVE-2024-46898 (SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests 
improperly, ...)
-       TODO: check
+       NOT-FOR-US: SHIRASAGI
 CVE-2024-35520 (Netgear R7000 1.0.11.136 is vulnerable to Command Injection in 
RMT_inv ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2024-35519 (Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and 
Netgear EX3700 ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2024-35518 (Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in 
genie_f ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2024-30117 (A dynamic search for a prerequisite library could allow the 
possibilit ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2024-21535 (Versions of the package markdown-to-jsx before 7.4.0 are 
vulnerable to ...)
        TODO: check
 CVE-2024-0129 (NVIDIA NeMo contains a vulnerability in SaveRestoreConnector 
where a u ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2024-9936 (When manipulating the selection node cache, an attacker may 
have been  ...)
        - firefox 131.0.3-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936
 CVE-2024-9823 (There exists a security vulnerability in Jetty's DosFilter 
which can b ...)
        TODO: check
 CVE-2024-9139 (The affected product permits OS command injection through 
improperly r ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2024-9137 (The affected product lacks an authentication check when sending 
comman ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2024-8602 (When the XML is read from the codes in the PDF and parsed using 
a Docu ...)
-       TODO: check
+       NOT-FOR-US: DocumentBuilder
 CVE-2024-8184 (There exists a security vulnerability in Jetty's 
ThreadLimitHandler.ge ...)
        TODO: check
 CVE-2024-7847 (VULNERABILITY DETAILS  Rockwell Automation used the latest 
versions of ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2024-6763 (Eclipse Jetty is a lightweight, highly scalable, Java-based web 
server ...)
        TODO: check
 CVE-2024-6762 (Jetty PushSessionCacheFilter can be exploited by 
unauthenticated users ...)
        TODO: check
 CVE-2024-48799 (An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 
1.4.22 allows ...)
-       TODO: check
+       NOT-FOR-US: LOREX
 CVE-2024-48798 (An issue in Hubble Connected (com.hubbleconnected.vervelife) 
2.00.81 a ...)
-       TODO: check
+       NOT-FOR-US: Hubble Connected
 CVE-2024-48797 (An issue in PCS Engineering Preston Cinema 
(com.prestoncinema.app) 0.2 ...)
-       TODO: check
+       NOT-FOR-US: PCS Engineering Preston Cinema
 CVE-2024-48796 (An issue in EQUES com.eques.plug 1.0.1 allows a remote 
attacker to obt ...)
-       TODO: check
+       NOT-FOR-US: EQUES
 CVE-2024-48795 (An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 
2.00.02 ...)
-       TODO: check
+       NOT-FOR-US: Creative Labs Pte Ltd com.creative.apps.xficonnect
 CVE-2024-48793 (An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote 
attacker ...)
-       TODO: check
+       NOT-FOR-US: INATRONIC
 CVE-2024-48792 (An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker 
to obta ...)
-       TODO: check
+       NOT-FOR-US: Hideez
 CVE-2024-48791 (An issue in Plug n Play Camera com.starvedia.mCamView.zwave 
5.5.1 allo ...)
-       TODO: check
+       NOT-FOR-US: Plug n Play Camera com.starvedia.mCamView.zwave
 CVE-2024-48790 (An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote 
attacker ...)
-       TODO: check
+       NOT-FOR-US: ILIFE com.ilife.home.global
 CVE-2024-48789 (An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 
allows a rem ...)
-       TODO: check
+       NOT-FOR-US: INATRONIC com.inatronic.drivedeck.home
 CVE-2024-48261
        REJECTED
 CVE-2024-48259 (Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via 
station ...)
-       TODO: check
+       NOT-FOR-US: Cloudlog
 CVE-2024-48257 (Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes 
station_id SQL in ...)
-       TODO: check
+       NOT-FOR-US: Wavelog
 CVE-2024-48255 (Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id 
SQL inject ...)
-       TODO: check
+       NOT-FOR-US: Cloudlog
 CVE-2024-48253 (Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL 
injection.)
-       TODO: check
+       NOT-FOR-US: Cloudlog
 CVE-2024-48251 (Wavelog 1.8.5 allows Activated_gridmap_model.php 
get_band_confirmed SQ ...)
-       TODO: check
+       NOT-FOR-US: Wavelog
 CVE-2024-48249 (Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL 
injectio ...)
-       TODO: check
+       NOT-FOR-US: Wavelog
 CVE-2024-48168 (A stack overflow vulnerability exists in the sub_402280 
function of th ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-48153 (DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious 
command ...)
-       TODO: check
+       NOT-FOR-US: DrayTek
 CVE-2024-48150 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in 
the sub_ ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-48120 (X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting 
(XSS) in the ...)
-       TODO: check
+       NOT-FOR-US: X2CRM
 CVE-2024-48119 (Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the 
module par ...)
-       TODO: check
+       NOT-FOR-US: Vtiger CRM
 CVE-2024-47885 (The Astro web framework has a DOM Clobbering gadget in the 
client-side ...)
-       TODO: check
+       NOT-FOR-US: Astro web framework
 CVE-2024-47831 (Next.js is a React Framework for the Web. Cersions on the 
10.x, 11.x,  ...)
        TODO: check
 CVE-2024-47826 (eLabFTW is an open source electronic lab notebook for research 
labs. A ...)
-       TODO: check
+       NOT-FOR-US: eLabFTW
 CVE-2024-47767 (Tuleap is a tool for end to end traceability of application 
and system ...)
-       TODO: check
+       NOT-FOR-US: Tuleap
 CVE-2024-47766 (Tuleap is a tool for end to end traceability of application 
and system ...)
-       TODO: check
+       NOT-FOR-US: Tuleap
 CVE-2024-46988 (Tuleap is a tool for end to end traceability of application 
and system ...)
-       TODO: check
+       NOT-FOR-US: Tuleap
 CVE-2024-46980 (Tuleap is a tool for end to end traceability of application 
and system ...)
-       TODO: check
+       NOT-FOR-US: Tuleap
 CVE-2024-46911 (Cross-site Resource Forgery (CSRF), Privilege escalation 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Apache Roller
 CVE-2024-46535 (Jepaas v7.2.8 was discovered to contain a SQL injection 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Jepaas
 CVE-2024-46528 (An Insecure Direct Object Reference (IDOR) vulnerability in 
KubeSphere ...)
        TODO: check
 CVE-2024-45741 (In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk 
Cloud P ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45740 (In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk 
Cloud P ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45739 (In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, 
the softw ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45738 (In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, 
the softw ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45737 (In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 
and Splunk ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45736 (In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 
and Splunk ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45735 (In Splunk Enterprise versions below 9.2.3 and 9.1.6, and 
Splunk Secure ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45734 (In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a 
low-privilege ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45733 (In Splunk Enterprise for Windows versions below 9.2.3 and 
9.1.6, a low ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45732 (In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions 
below 9. ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-45731 (In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, 
and 9.1. ...)
-       TODO: check
+       NOT-FOR-US: Splunk
 CVE-2024-43701 (Software installed and run as a non-privileged user may 
conduct GPU sy ...)
        TODO: check
 CVE-2024-41997 (An issue was discovered in version of Warp Terminal prior to 
2024.07.1 ...)
-       TODO: check
+       NOT-FOR-US: Warp Terminal
 CVE-2024-40616
        REJECTED
 CVE-2023-50780 (Apache ActiveMQ Artemis allows access to diagnostic 
information and co ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0be297da74d8f158bc2f8bbde653e6b349d9a47d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0be297da74d8f158bc2f8bbde653e6b349d9a47d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to