[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 15 May 2024 13:31:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
851f485b by Salvatore Bonaccorso at 2024-05-15T22:30:17+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,19 +17,19 @@ CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. 
It has been declared
 CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 
(10.0.24.305) or ea ...)
        NOT-FOR-US: Telerik Report Server
 CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable 
to Loc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices 
can expo ...)
-       TODO: check
+       NOT-FOR-US: alpitronic Hypercharger EV charging devices
 CVE-2024-4357 (An information disclosure vulnerability exists in Progress 
Telerik Rep ...)
-       TODO: check
+       NOT-FOR-US: Progress Telerik Report Server
 CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 
(18.1. ...)
-       TODO: check
+       NOT-FOR-US: Telerik
 CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 
(18.1. ...)
-       TODO: check
+       NOT-FOR-US: Telerik
 CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in 
OpenTe ...)
        TODO: check
 CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 
iManager 3 ...)
@@ -37,7 +37,7 @@ CVE-2024-3968 (Remote Code Execution has been discovered in 
OpenText\u2122 iMana
 CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 
iManager 3 ...)
        TODO: check
 CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI 
for Win ...)
-       TODO: check
+       NOT-FOR-US: Telerik
 CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in 
OpenText ...)
        TODO: check
 CVE-2024-3487 (Broken Authentication vulnerability discovered in 
OpenText\u2122 iMana ...)
@@ -51,105 +51,105 @@ CVE-2024-3484 (Path Traversal foundin OpenText\u2122 
iManager 3.2.6.0200. This c
 CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 
iManager 3 ...)
        TODO: check
 CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) 
Transform ...)
-       TODO: check
+       NOT-FOR-US: Identity Security Cloud (ISC) Transform preview and 
IdentityProfile preview API endpoints
 CVE-2024-3318 (A file path traversal vulnerability was identified in the 
DelimitedFil ...)
-       TODO: check
+       NOT-FOR-US: DelimitedFileConnector Cloud Connector
 CVE-2024-3317 (An improper access control was identified in the Identity 
Security Clo ...)
-       TODO: check
+       NOT-FOR-US: Identity Security Cloud (ISC) message server API
 CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal 
Installer i ...)
        TODO: check
 CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to 
version 0 ...)
-       TODO: check
+       NOT-FOR-US: Stalwart Mail Server
 CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer 
(Model avsrv- ...)
-       TODO: check
+       NOT-FOR-US: VITEC AvediaServer
 CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL 
Injection via ...)
-       TODO: check
+       NOT-FOR-US: Code-projects Budget Management
 CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross 
Site Script ...)
-       TODO: check
+       NOT-FOR-US: Code-projects Budget Management
 CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding 
v5.0 and b ...)
        TODO: check
 CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and 
below allow ...)
-       TODO: check
+       NOT-FOR-US: KYKMS
 CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 
allows atta ...)
-       TODO: check
+       NOT-FOR-US: dootask
 CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
Answer: ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-34097 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-34096 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-34095 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-34094 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-34082 (Grav is a file-based Web platform. Prior to version 1.7.46, a 
low priv ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2024-34025 (CyberPower PowerPanel business application code contains a 
hard-coded  ...)
-       TODO: check
+       NOT-FOR-US: CyberPower PowerPanel business application code
 CVE-2024-33625 (CyberPower PowerPanel business  application code contains a 
hard-coded ...)
-       TODO: check
+       NOT-FOR-US: CyberPower PowerPanel business application code
 CVE-2024-33615 (A specially crafted Zip file containing path traversal 
characters can  ...)
-       TODO: check
+       NOT-FOR-US: CyberPower PowerPanel server
 CVE-2024-32053 (Hard-coded credentials are used by the CyberPower PowerPanel   
 platfo ...)
-       TODO: check
+       NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32047 (Hard-coded credentials for the  CyberPower PowerPanel test 
server can  ...)
-       TODO: check
+       NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32042 (The key used to encrypt passwords stored in the database can 
be found  ...)
-       TODO: check
+       NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31856 (An attacker with certain MQTT permissions can create malicious 
message ...)
        TODO: check
 CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical 
certific ...)
-       TODO: check
+       NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31409 (Certain MQTT wildcards are not blocked on the  CyberPower 
PowerPanel   ...)
-       TODO: check
+       NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31216 (The source-controller is a Kubernetes operator, specialised in 
artifac ...)
        TODO: check
 CVE-2024-30312 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
Answer: ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-30311 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
Answer: ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-30310 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-30284 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
are aff ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2024-2248 (A Header Injection vulnerability in the JFrog platform in 
versions bel ...)
        TODO: check
 CVE-2024-28087 (In Bonitasoft runtime Community edition, the lack of dynamic 
permissio ...)
-       TODO: check
+       NOT-FOR-US: Bonitasoft
 CVE-2024-28042 (SUBNET Solutions Inc. has identified vulnerabilities in 
third-party co ...)
        TODO: check
 CVE-2024-27593 (A stored cross-site scripting (XSS) vulnerability in the 
Filter functi ...)
        TODO: check
 CVE-2024-27353 (A memory corruption vulnerability in SdHost and SdMmcDevice in 
Insyde  ...)
-       TODO: check
+       NOT-FOR-US: Insyde
 CVE-2024-25079 (A memory corruption vulnerability in HddPassword in Insyde 
InsydeH2O k ...)
-       TODO: check
+       NOT-FOR-US: Insyde
 CVE-2024-25078 (A memory corruption vulnerability in StorageSecurityCommandDxe 
in Insy ...)
-       TODO: check
+       NOT-FOR-US: Insyde
 CVE-2024-20394 (A vulnerability in Cisco AppDynamics Network Visibility Agent 
could al ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20392 (A vulnerability in the web-based management API of Cisco 
AsyncOS Softw ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20391 (A vulnerability in the Network Access Manager (NAM) module of 
Cisco Se ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20383 (A vulnerability in the Cisco Crosswork NSO CLI and the ConfD 
CLI could ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20369 (A vulnerability in the web-based management interface of Cisco 
Crosswo ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20366 (A vulnerability in the Tail-f High Availability Cluster 
Communications ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20258 (A vulnerability in the web-based management interface of Cisco 
AsyncOS ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20257 (A vulnerability in the web-based management interface of Cisco 
AsyncOS ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20256 (A vulnerability in the web-based management interface of Cisco 
AsyncOS ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2023-7258 (A denial of service exists in Gvisor Sandbox where a bug in 
reference  ...)
        TODO: check
 CVE-2023-6324 (ThroughTek Kalay SDK uses a predictable PSK value in the DTLS 
session  ...)
@@ -651,15 +651,15 @@ CVE-2024-26238 (Microsoft PLUGScheduler Scheduled Task 
Elevation of Privilege Vu
 CVE-2024-26007 (An improper check or handling of exceptional conditions 
vulnerability  ...)
        NOT-FOR-US: FortiGuard
 CVE-2024-23105 (A Use Of Less Trusted Source [CWE-348] vulnerability in 
Fortinet Forti ...)
-       TODO: check
+       NOT-FOR-US: FortiGuard
 CVE-2024-22270 (VMware Workstation and Fusion contain an information 
disclosure vulner ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2024-22269 (VMware Workstation and Fusion contain an information 
disclosure vulner ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2024-22268 (VMware Workstation and Fusion contain a heap buffer-overflow 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2024-22267 (VMware Workstation and Fusion contain a use-after-free 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2024-1914 (An attacker who successfully exploited these vulnerabilities 
could cau ...)
        TODO: check
 CVE-2024-1913 (An attacker who successfully exploited these vulnerabilities 
could cau ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/851f485b8b37a7c6f0140234b9049514ba3805f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/851f485b8b37a7c6f0140234b9049514ba3805f9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to