[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 27 Nov 2024 01:25:38 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ea9b952d by Salvatore Bonaccorso at 2024-11-27T10:24:52+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,35 +15,35 @@ CVE-2024-52959 (A Improper Control of Generation of Code 
('Code Injection') vuln
 CVE-2024-52958 (A improper verification of cryptographic signature 
vulnerability in pl ...)
        NOT-FOR-US: iota C.ai Conversational Platform
 CVE-2024-50942 (qiwen-file v1.4.0 was discovered to contain a SQL injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: qiwen-file
 CVE-2024-43784 (lakeFS is an open-source tool that transforms object storage 
into a Gi ...)
        TODO: check
 CVE-2024-36467 (An authenticated user with API access (e.g.: user with default 
User ro ...)
        TODO: check
 CVE-2024-11820 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: code-projects Crud Operation System
 CVE-2024-11819 (A vulnerability classified as critical was found in 1000 
Projects Port ...)
-       TODO: check
+       NOT-FOR-US: 1000 Projects Portfolio Management System
 CVE-2024-11818 (A vulnerability classified as critical has been found in 
PHPGurukul Us ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul User Registration & Login and User Management 
System
 CVE-2024-11817 (A vulnerability was found in PHPGurukul User Registration & 
Login and  ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul User Registration & Login and User Management 
System
 CVE-2024-11745 (A vulnerability was found in Tenda AC8 16.03.34.09 and 
classified as c ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2024-11744 (A vulnerability has been found in 1000 Projects Portfolio 
Management S ...)
-       TODO: check
+       NOT-FOR-US: 1000 Projects Portfolio Management System MCA
 CVE-2024-11622 (An XML external entity injection (XXE) vulnerability in HPE 
Insight Re ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2024-11219 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for 
Gutenberg E ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11083 (The ProfilePress plugin for WordPress is vulnerable to 
Sensitive Infor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10895 (The Counter Up \u2013 Animated Number Counter & Milestone 
Showcase plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10580 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, 
Popups plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10175 (The Pricing Tables For WPBakery Page Builder (formerly Visual 
Composer ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated 
user to ...)
        NOT-FOR-US: Hitachi Energy
 CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not 
restrict ex ...)
@@ -156,7 +156,7 @@ CVE-2024-38830 (VMware Aria Operations contains a local 
privilege escalation vul
 CVE-2024-36463 (The implementation of atob in "Zabbix JS" allows to create a 
string wi ...)
        TODO: check
 CVE-2024-32965 (Lobe Chat is an open-source, AI chat framework. Versions of 
lobe-chat  ...)
-       TODO: check
+       NOT-FOR-US: Lobe Chat
 CVE-2024-22117 (When a URL is added to the map element, it is recorded in the 
database ...)
        TODO: check
 CVE-2024-11828 (A denial of service (DoS) condition was discovered in GitLab 
CE/EE aff ...)
@@ -199910,9 +199910,9 @@ CVE-2022-33864
 CVE-2022-33863
        RESERVED
 CVE-2022-33862 (IPP software prior to v1.71 is vulnerable to default 
credential vulner ...)
-       TODO: check
+       NOT-FOR-US: Eaton
 CVE-2022-33861 (IPP software versions prior to v1.71 do not sufficiently 
verify the au ...)
-       TODO: check
+       NOT-FOR-US: Eaton
 CVE-2022-33860
        REJECTED
 CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer 
EPMS sof ...)
@@ -396870,7 +396870,7 @@ CVE-2019-17084
 CVE-2019-17083
        RESERVED
 CVE-2019-17082 (Missing Authentication for Critical Function vulnerability in 
OpenText ...)
-       TODO: check
+       NOT-FOR-US: OpenText
 CVE-2019-17081
        RESERVED
 CVE-2019-17080 (mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows 
code ex ...)
@@ -466509,9 +466509,9 @@ CVE-2017-18309 (A micro-core of QMP transportation 
may cause a macro-core to rea
 CVE-2017-18308 (Modem segments are unlocked after authentication, leaving 
modem segmen ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18307 (Information disclosure possible while audio playback.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2017-18306 (Information disclosure due to uninitialized variable.)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2017-18305 (XBL sec mem dump system call allows complete control of EL3 by 
unlocki ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18304 (Insufficient memory allocation in boot due to incorrect size 
being pas ...)
@@ -468021,7 +468021,7 @@ CVE-2018-11924 (Improper buffer length validation in 
WLAN function can lead to a
 CVE-2018-11923 (Improper buffer length check before copying can lead to 
integer overfl ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11922 (Wrong configuration in Touch Pal application can collect user 
behavior ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2018-11921 (Failure condition is not handled properly and the correct 
error code i ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11920
@@ -485429,7 +485429,7 @@ CVE-2018-5854 (A stack-based buffer overflow can 
occur in fastboot from all Andr
 CVE-2018-5853 (A race condition exists in a driver in all Android releases 
from CAF u ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5852 (An unsigned integer underflow vulnerability in IPA driver 
result into  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2018-5851 (Buffer over flow can occur while processing a 
HTT_T2H_MSG_TYPE_TX_COMP ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5850 (In the function csr_update_fils_params_rso(), insufficient 
validation  ...)
@@ -520978,7 +520978,7 @@ CVE-2017-11078 (In all android releases(Android for 
MSM, Firefox OS for MSM, QRD
 CVE-2017-11077
        RESERVED
 CVE-2017-11076 (On some hardware revisions where VP9 decoding is 
hardware-accelerated, ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm
 CVE-2017-11075 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD 
Android with  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11074 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea9b952d6129a67eadf920e9506712ed22168ed1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea9b952d6129a67eadf920e9506712ed22168ed1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to