[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 25 Oct 2024 06:41:14 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b468066b by Moritz Muehlenhoff at 2024-10-25T15:32:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2024-49760 (OpenRefine is a free, open source tool for 
working with messy da
        NOTE: 
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qfwq-6jh6-8xx4
        NOTE: 
https://github.com/OpenRefine/OpenRefine/commit/24d084052dc55426fe460f2a17524fd18d28b20c
 CVE-2024-49750 (The Snowflake Connector for Python provides an interface for 
developin ...)
-       TODO: check
+       NOT-FOR-US: Snowflake Connector for Python
 CVE-2024-49359 (ZimaOS is a fork of CasaOS, an operating system for Zima 
devices and x ...)
        NOT-FOR-US: ZimaOS
 CVE-2024-49358 (ZimaOS is a fork of CasaOS, an operating system for Zima 
devices and x ...)
@@ -41,7 +41,7 @@ CVE-2024-48931 (ZimaOS is a fork of CasaOS, an operating 
system for Zima devices
 CVE-2024-48870 (Sharp and Toshiba Tec MFPs improperly validate input data in 
URI data  ...)
        NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-48208 (pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. 
There is an  ...)
-       TODO: check
+       TODO: seems bogus
 CVE-2024-47883 (The OpenRefine fork of the MIT Simile Butterfly server is a 
modular we ...)
        - openrefine-butterfly <unfixed>
        NOTE: 
https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8
@@ -73,7 +73,7 @@ CVE-2024-47549 (Sharp and Toshiba Tec MFPs improperly process 
query parameters i
 CVE-2024-47406 (Sharp and Toshiba Tec MFPs improperly process HTTP 
authentication requ ...)
        NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-47158 (N-LINE 2.0.6 and prior versions contain a code injection 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: N-LINE
 CVE-2024-47005 (Sharp and Toshiba Tec MFPs provide configuration related APIs. 
They ar ...)
        NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-45842 (Sharp and Toshiba Tec MFPs improperly process URI data in HTTP 
PUT req ...)
@@ -81,7 +81,7 @@ CVE-2024-45842 (Sharp and Toshiba Tec MFPs improperly process 
URI data in HTTP P
 CVE-2024-45829 (Sharp and Toshiba Tec MFPs provide the web page to download 
data, wher ...)
        NOT-FOR-US: Sharp and Toshiba Tec MFPs
 CVE-2024-45785 (MUSASI version 3 contains an issue with use of client-side 
authenticat ...)
-       TODO: check
+       NOT-FOR-US: MUSASI
 CVE-2024-45263 (An issue was discovered on certain GL-iNet devices, including 
MT6000,  ...)
        NOT-FOR-US: GL-iNet
 CVE-2024-45262 (An issue was discovered on certain GL-iNet devices, including 
MT6000,  ...)
@@ -99,7 +99,7 @@ CVE-2024-41618 (Money Manager EX WebApp 
(web-money-manager-ex) 1.2.2 is vulnerab
 CVE-2024-41617 (Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is 
vulnerable to  ...)
        NOT-FOR-US: web-money-manager-ex
 CVE-2024-10372 (A vulnerability classified as problematic was found in 
chidiwilliams b ...)
-       TODO: check
+       NOT-FOR-US: chidiwilliams buzz
 CVE-2024-10371 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
        NOT-FOR-US: SourceCodester
 CVE-2024-10370 (A vulnerability was found in Codezips Sales Management System 
1.0. It  ...)
@@ -183,7 +183,7 @@ CVE-2024-49682 (URL Redirection to Untrusted Site ('Open 
Redirect') vulnerabilit
 CVE-2024-49681 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-48548 (The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL 
that can ca ...)
-       TODO: check
+       NOT-FOR-US: Cloud Smart Lock
 CVE-2024-48547 (Incorrect access control in the firmware update and download 
processes ...)
        NOT-FOR-US: DreamCatcher Life
 CVE-2024-48546 (Incorrect access control in the firmware update and download 
processes ...)
@@ -203,7 +203,7 @@ CVE-2024-48539 (Neye3C v4.5.2.0 was discovered to contain a 
hardcoded encryption
 CVE-2024-48538 (Incorrect access control in the firmware update and download 
processes ...)
        NOT-FOR-US: Neye3C
 CVE-2024-48514 (php-heic-to-jpg <= 1.0.5 is vulnerable to remote code 
execution. An at ...)
-       TODO: check
+       NOT-FOR-US: php-heic-to-jpg
 CVE-2024-48454 (An issue in SourceCodester Purchase Order Management System 
v1.0 allow ...)
        NOT-FOR-US: SourceCodester Purchase Order Management System
 CVE-2024-48442 (Incorrect access control in Shenzhen Tuoshi Network 
Communications Co. ...)
@@ -245,17 +245,17 @@ CVE-2024-45259 (An issue was discovered on certain 
GL-iNet devices, including MT
 CVE-2024-45242 (EnGenius ENH1350EXT A8J-ENH1350EXT devices through 
3.9.3.2_c1.9.51 all ...)
        NOT-FOR-US: EnGenius ENH1350EXT A8J-ENH1350EXT devices
 CVE-2024-45031 (When editing objects in the Syncope Console, incomplete HTML 
tags coul ...)
-       TODO: check
+       NOT-FOR-US: Apache Syncope
 CVE-2024-44206 (An issue in the handling of URL protocols was addressed with 
improved  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-44205 (A privacy issue was addressed with improved private data 
redaction for ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-44185 (The issue was addressed with improved checks. This issue is 
fixed in t ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-44141 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-40810 (An out-of-bounds write issue was addressed with improved input 
validat ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-38314 (IBM Maximo Application Suite - Monitor Component 8.10, 8.11, 
and 9.0 c ...)
        NOT-FOR-US: IBM
 CVE-2024-10338 (A vulnerability classified as critical was found in 
SourceCodeHero Clo ...)
@@ -267,7 +267,7 @@ CVE-2024-10336 (A vulnerability was found in SourceCodeHero 
Clothes Recommendati
 CVE-2024-10335 (A vulnerability was found in SourceCodester Garbage Collection 
Managem ...)
        NOT-FOR-US: SourceCodester Garbage Collection Management System
 CVE-2024-10332 (A Cross-Site Scripting vulnerability has been found in Janto 
v4.3r11 f ...)
-       TODO: check
+       NOT-FOR-US: Janto
 CVE-2024-10331 (A vulnerability, which was classified as critical, has been 
found in P ...)
        NOT-FOR-US: PHPGurukul Vehicle Record System
 CVE-2024-10313 (iniNet Solutions SpiderControl SCADA PC HMI Editor has a path 
traversa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b468066bf87b4ab25e82b67781a0b7de18fe111f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b468066bf87b4ab25e82b67781a0b7de18fe111f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to