Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2d17d50 by Salvatore Bonaccorso at 2024-10-24T22:36:09+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,65 +35,65 @@ CVE-2024-49681 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2024-48548 (The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL
that can ca ...)
TODO: check
CVE-2024-48547 (Incorrect access control in the firmware update and download
processes ...)
- TODO: check
+ NOT-FOR-US: DreamCatcher Life
CVE-2024-48546 (Incorrect access control in the firmware update and download
processes ...)
- TODO: check
+ NOT-FOR-US: Wear Sync
CVE-2024-48545 (Incorrect access control in the firmware update and download
processes ...)
- TODO: check
+ NOT-FOR-US: IVY Smart
CVE-2024-48544 (Incorrect access control in the firmware update and download
processes ...)
- TODO: check
+ NOT-FOR-US: Sylvania Smart Home
CVE-2024-48542 (Incorrect access control in the firmware update and download
processes ...)
- TODO: check
+ NOT-FOR-US: Yamaha Headphones Controller
CVE-2024-48541 (Incorrect access control in the firmware update and download
processes ...)
- TODO: check
+ NOT-FOR-US: Ruochan Smart
CVE-2024-48540 (Incorrect access control in XIAO HE Smart 4.3.1 allows
attackers to ac ...)
- TODO: check
+ NOT-FOR-US: XIAO HE Smart
CVE-2024-48539 (Neye3C v4.5.2.0 was discovered to contain a hardcoded
encryption key i ...)
- TODO: check
+ NOT-FOR-US: Neye3C
CVE-2024-48538 (Incorrect access control in the firmware update and download
processes ...)
- TODO: check
+ NOT-FOR-US: Neye3C
CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to remote code
execution. An at ...)
TODO: check
CVE-2024-48454 (An issue in SourceCodester Purchase Order Management System
v1.0 allow ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Purchase Order Management System
CVE-2024-48442 (Incorrect access control in Shenzhen Tuoshi Network
Communications Co. ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Tuoshi Network Communications 5G CPE Router
NR500-EA
CVE-2024-48441 (Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router
CommonCPE ...)
- TODO: check
+ NOT-FOR-US: Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router
CVE-2024-48440 (Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router
NR500-EA ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router
CVE-2024-48427 (A SQL injection vulnerability in Sourcecodester Packers and
Movers Man ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Packers and Movers Management System
CVE-2024-48145 (A prompt injection vulnerability in the chatbox of Netangular
Technolo ...)
- TODO: check
+ NOT-FOR-US: Netangular Technologies ChatNet AI
CVE-2024-48144 (A prompt injection vulnerability in the chatbox of Fusion Chat
Chat AI ...)
- TODO: check
+ NOT-FOR-US: Fusion Chat Chat AI Assistant Ask Me Anything
CVE-2024-48143 (A lack of rate limiting in the OTP validation component of
Digitory Mu ...)
- TODO: check
+ NOT-FOR-US: Digitory Multi Channel Integrated POS
CVE-2024-48142 (A prompt injection vulnerability in the chatbox of Butterfly
Effect Li ...)
- TODO: check
+ NOT-FOR-US: Butterfly Effect Limited Monica ChatGPT AI Assistant
CVE-2024-48141 (A prompt injection vulnerability in the chatbox of Zhipu AI
CodeGeeX v ...)
- TODO: check
+ NOT-FOR-US: Zhipu AI CodeGeeX
CVE-2024-48140 (A prompt injection vulnerability in the chatbox of Butterfly
Effect Li ...)
- TODO: check
+ NOT-FOR-US: Butterfly Effect Limited Monica ChatGPT AI Assistant
CVE-2024-48139 (A prompt injection vulnerability in the chatbox of Blackbox AI
v1.3.95 ...)
- TODO: check
+ NOT-FOR-US: Blackbox
CVE-2024-47173 (Aimeos is an e-commerce framework. All SaaS and marketplace
setups usi ...)
- TODO: check
+ NOT-FOR-US: Aimeos
CVE-2024-46998 (baserCMS is a website development framework. Versions prior to
5.1.2 h ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2024-46996 (baserCMS is a website development framework. Versions prior to
5.1.2 h ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2024-46995 (baserCMS is a website development framework. Versions prior to
5.1.2 h ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2024-46994 (baserCMS is a website development framework. Versions prior to
5.1.2 h ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2024-46478 (HTMLDOC v1.9.18 contains a buffer overflow in parse_pre
function,ps-pd ...)
TODO: check
CVE-2024-45259 (An issue was discovered on certain GL-iNet devices, including
MT6000, ...)
- TODO: check
+ NOT-FOR-US: GL-iNet devices
CVE-2024-45242 (EnGenius ENH1350EXT A8J-ENH1350EXT devices through
3.9.3.2_c1.9.51 all ...)
- TODO: check
+ NOT-FOR-US: EnGenius ENH1350EXT A8J-ENH1350EXT devices
CVE-2024-45031 (When editing objects in the Syncope Console, incomplete HTML
tags coul ...)
TODO: check
CVE-2024-44206 (An issue in the handling of URL protocols was addressed with
improved ...)
@@ -109,25 +109,25 @@ CVE-2024-40810 (An out-of-bounds write issue was
addressed with improved input v
CVE-2024-38314 (IBM Maximo Application Suite - Monitor Component 8.10, 8.11,
and 9.0 c ...)
NOT-FOR-US: IBM
CVE-2024-10338 (A vulnerability classified as critical was found in
SourceCodeHero Clo ...)
- TODO: check
+ NOT-FOR-US: SourceCodeHero Clothes Recommendation System
CVE-2024-10337 (A vulnerability classified as critical has been found in
SourceCodeHer ...)
- TODO: check
+ NOT-FOR-US: SourceCodeHero Clothes Recommendation System
CVE-2024-10336 (A vulnerability was found in SourceCodeHero Clothes
Recommendation Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodeHero Clothes Recommendation System
CVE-2024-10335 (A vulnerability was found in SourceCodester Garbage Collection
Managem ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Garbage Collection Management System
CVE-2024-10332 (A Cross-Site Scripting vulnerability has been found in Janto
v4.3r11 f ...)
TODO: check
CVE-2024-10331 (A vulnerability, which was classified as critical, has been
found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Vehicle Record System
CVE-2024-10313 (iniNet Solutions SpiderControl SCADA PC HMI Editor has a path
traversa ...)
- TODO: check
+ NOT-FOR-US: iniNet Solutions SpiderControl SCADA PC HMI Editor
CVE-2024-10180 (The Contact Form 7 \u2013 Repeatable Fields plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10176 (The Compact WP Audio Player plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10050 (The Elementor Header & Footer Builder plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10295 (A flaw was found in Gateway. Sending a non-base64 'basic' auth
with sp ...)
NOT-FOR-US: 3scale API Gateway
CVE-2024-9943 (The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor
Marketpla ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2d17d50bddce40d846807dc81505124e8c93fdb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2d17d50bddce40d846807dc81505124e8c93fdb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
