[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri, 15 Nov 2024 13:16:16 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
127c60da by Salvatore Bonaccorso at 2024-11-15T21:56:25+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42,15 +42,15 @@ CVE-2024-52513 (Nextcloud Server is a self hosted personal 
cloud system. After r
 CVE-2024-52512 (user_oidc app is an OpenID Connect user backend for Nextcloud. 
A malic ...)
        TODO: check
 CVE-2024-52511 (Nextcloud Tables allows users to to create tables with 
individual colu ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Tables
 CVE-2024-52510 (The Nextcloud Desktop Client is a tool to synchronize files 
from Nextc ...)
        TODO: check
 CVE-2024-52509 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted 
productivi ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Mail
 CVE-2024-52508 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted 
productivi ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Mail
 CVE-2024-52507 (Nextcloud Tables allows users to to create tables with 
individual colu ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Tables
 CVE-2024-51497 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network 
monitoring sy ...)
        NOT-FOR-US: LibreNMS
 CVE-2024-51496 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network 
monitoring sy ...)
@@ -68,7 +68,7 @@ CVE-2024-51142 (Cross Site Scripting vulnerability in Chamilo 
LMS v.1.11.26 allo
 CVE-2024-51141 (An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows 
a local  ...)
        NOT-FOR-US: TOTOLINK
 CVE-2024-51037 (An issue in kodbox v.1.52.04 and before allows a remote 
attacker to ob ...)
-       TODO: check
+       NOT-FOR-US: kodbox
 CVE-2024-50986 (An issue in Clementine v.1.3.1 allows a local attacker to 
execute arbi ...)
        TODO: check
 CVE-2024-50800 (Cross Site Scripting vulnerability in M2000 Smart4Web before 
v.5.02024 ...)
@@ -110,29 +110,29 @@ CVE-2024-49758 (LibreNMS is an open-source, 
PHP/MySQL/SNMP-based network monitor
 CVE-2024-49754 (LibreNMS is an open-source, PHP/MySQL/SNMP-based network 
monitoring sy ...)
        NOT-FOR-US: LibreNMS
 CVE-2024-49536 (Audition versions 23.6.9, 24.4.6 and earlier are affected by 
an out-of ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-48068 (A cross-site scripting (XSS) vulnerability in Shenzhen Landray 
Softwar ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Landray
 CVE-2024-47759 (GLPI is a free Asset and IT management software package. An 
technician ...)
        TODO: check
 CVE-2024-46467 (By default, dedicated folders of ZONEPOINT for Windows up to 
2024.1 ca ...)
-       TODO: check
+       NOT-FOR-US: ZONEPOINT for Windows
 CVE-2024-46466 (By default, dedicated folders of ZONECENTRAL for Windows up to 
2024.3  ...)
-       TODO: check
+       NOT-FOR-US: ZONECENTRAL for Windows
 CVE-2024-46465 (By default, dedicated folders of CRYHOD for Windows up to 
2024.3 can b ...)
-       TODO: check
+       NOT-FOR-US: CRYHOD for Windows
 CVE-2024-46463 (By default, dedicated folders of ORIZON for Windows up to 
2024.3 can b ...)
-       TODO: check
+       NOT-FOR-US: ORIZON for Windows
 CVE-2024-46462 (By default, dedicated folders of ZEDMAIL for Windows up to 
2024.3 can  ...)
-       TODO: check
+       NOT-FOR-US: ZEDMAIL for Windows
 CVE-2024-46383 (Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to 
store s ...)
-       TODO: check
+       NOT-FOR-US: Hathway Skyworth Router CM5100-511
 CVE-2024-45971 (Multiple Buffer overflows in the MMS Client in MZ Automation 
LibIEC618 ...)
-       TODO: check
+       NOT-FOR-US: MZ Automation LibIEC61850
 CVE-2024-45970 (Multiple Buffer overflows in the MMS Client in MZ Automation 
LibIEC618 ...)
-       TODO: check
+       NOT-FOR-US: MZ Automation LibIEC61850
 CVE-2024-45969 (NULL pointer dereference in the MMS Client in MZ Automation 
LibIEC1850 ...)
-       TODO: check
+       NOT-FOR-US: MZ Automation
 CVE-2024-45784 (Apache Airflow versions before 2.10.3 contain a vulnerability 
that cou ...)
        TODO: check
 CVE-2024-45609 (GLPI is a Free Asset and IT Management Software package, Data 
center m ...)
@@ -140,9 +140,9 @@ CVE-2024-45609 (GLPI is a Free Asset and IT Management 
Software package, Data ce
 CVE-2024-45608 (GLPI is a free asset and IT management software package. An 
authentica ...)
        TODO: check
 CVE-2024-44759 (An arbitrary file download vulnerability in the component 
/Doc/Downloa ...)
-       TODO: check
+       NOT-FOR-US: NUS-M9 ERP Management Software
 CVE-2024-44625 (Gogs <=0.13.0 is vulnerable to Directory Traversal via the 
editFilePos ...)
-       TODO: check
+       NOT-FOR-US: Go Git Service
 CVE-2024-43418 (GLPI is a free asset and IT management software package. An 
unauthenti ...)
        TODO: check
 CVE-2024-43417 (GLPI is a free asset and IT management software package. An 
unauthenti ...)
@@ -294,7 +294,7 @@ CVE-2024-49777 (A heap-based buffer overflow in tsMuxer 
version nightly-2024-03-
 CVE-2024-49776 (A negative-size-param in tsMuxer version 
nightly-2024-04-05-01-53-02 a ...)
        TODO: check
 CVE-2024-48974 (The ventilator does not perform proper file integrity checks 
when adop ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2024-48973 (The debug port on the ventilator's serial interface is enabled 
by defa ...)
        NOT-FOR-US: Life2000 Ventilation System
 CVE-2024-48971 (The Clinician Password and Serial Number Clinician Password 
are hard-c ...)
@@ -314,11 +314,11 @@ CVE-2024-41209 (A heap-based buffer overflow in tsMuxer 
version nightly-2024-03-
 CVE-2024-41206 (A stack-based buffer over-read in tsMuxer version 
nightly-2024-03-14-0 ...)
        TODO: check
 CVE-2024-40579 (Cross Site Scripting vulnerability in Virtuozzo Hybrid Server 
for WHMC ...)
-       TODO: check
+       NOT-FOR-US: Virtuozzo Hybrid Server for WHMCS Open Source
 CVE-2024-39707 (Insyde IHISI function 0x49 can restore factory defaults for 
certain UE ...)
-       TODO: check
+       NOT-FOR-US: Insyde
 CVE-2024-39610 (Cross-site scripting vulnerability exists in FitNesse releases 
prior t ...)
-       TODO: check
+       NOT-FOR-US: FitNesse
 CVE-2024-31695 (A misconfiguration in the fingerprint authentication mechanism 
of Bina ...)
        TODO: check
 CVE-2024-11120 (Certain EOL GeoVision devices have an OS Command Injection 
vulnerabili ...)
@@ -474,9 +474,9 @@ CVE-2024-45670 (IBM Security SOAR 51.0.1.0 and earlier 
contains a mechanism for
 CVE-2024-45642 (IBM Security ReaQta 3.12 is vulnerable to cross-site 
scripting. This v ...)
        NOT-FOR-US: IBM
 CVE-2024-45254 (VaeMendis - CWE-79: Improper Neutralization of Input During 
Web Page G ...)
-       TODO: check
+       NOT-FOR-US: VaeMendis
 CVE-2024-45253 (Avigilon \u2013 CWE-22: Improper Limitation of a Pathname to a 
Restric ...)
-       TODO: check
+       NOT-FOR-US: Avigilon
 CVE-2024-45099 (IBM Security ReaQta 3.12 is vulnerable to cross-site 
scripting. This v ...)
        NOT-FOR-US: IBM
 CVE-2024-42188 (HCL Connections is vulnerable to a broken access control 
vulnerability ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127c60dafd0c629c27fd8d0b499ca3a667b75027

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127c60dafd0c629c27fd8d0b499ca3a667b75027
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to