[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 4 09:33:04 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42eb1036 by Salvatore Bonaccorso at 2024-12-04T10:32:39+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,95 +1,95 @@
CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity vulnerability ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This only ap ...)
- TODO: check
+ NOT-FOR-US: Veritas
CVE-2024-54661 (readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 ...)
TODO: check
CVE-2024-54131 (The Kolide Agent (aka: Launcher) is the lightweight agent designed to ...)
- TODO: check
+ NOT-FOR-US: Kolide Agent
CVE-2024-53672 (A vulnerability in the ClearPass Policy Manager web-based management i ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-53502 (Seecms v4.8 was discovered to contain a SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Seecms
CVE-2024-51773 (A vulnerability in the HPE Aruba Networking ClearPass Policy Manager w ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51772 (An authenticated RCE vulnerability in the ClearPass Policy Manager web ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51363 (Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers t ...)
- TODO: check
+ NOT-FOR-US: Hodoku
CVE-2024-46625 (An authenticated arbitrary file upload vulnerability in the /documentC ...)
- TODO: check
+ NOT-FOR-US: InfoDom Performa 365
CVE-2024-46624 (An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers ...)
- TODO: check
+ NOT-FOR-US: InfoDom Performa 365
CVE-2024-45757 (An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, ...)
TODO: check
CVE-2024-45717 (The SolarWinds Platform was susceptible to a XSS vulnerability that af ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45207 (DLL injection in Veeam Agent for Windows can occur if the system's PAT ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-45206 (A vulnerability in Veeam Service Provider Console has been identified, ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-45205 (An Improper Certificate Validation on the UniFi iOS App managing a sta ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2024-45204 (A vulnerability exists where a low-privileged user can exploit insuffi ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42457 (A vulnerability in Veeam Backup & Replication allows users with certai ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42456 (A vulnerability in Veeam Backup & Replication platform allows a low-pr ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42455 (A vulnerability in Veeam Backup & Replication allows a low-privileged ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42453 (A vulnerability Veeam Backup & Replication allows low-privileged users ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42452 (A vulnerability in Veeam Backup & Replication allows a low-privileged ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42451 (A vulnerability in Veeam Backup & Replication allows low-privileged us ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42449 (From the VSPC management agent machine, under condition that the manag ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-40717 (A vulnerability in Veeam Backup & Replication allows a low-privileged ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-40391
REJECTED
CVE-2024-12123 (A hidden field manipulation vulnerability was identified in Issuetrak ...)
- TODO: check
+ NOT-FOR-US: Issuetrak
CVE-2024-12099 (The Dollie Hub \u2013 Build Your Own WordPress Cloud Platform plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11985 (An improper input validation vulnerability leads to device crashes in ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2024-11903 (The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11897 (The Contact Form, Survey & Form Builder \u2013 MightyForms plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11813 (The Pulsating Chat Button plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11807 (The NPS computy plugin for WordPress is vulnerable to Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11769 (The Flower Delivery by Florist One plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11747 (The Responsive Videos plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11479 (A HTML Injection vulnerability was identified in Issuetrak version 17. ...)
- TODO: check
+ NOT-FOR-US: Issuetrak
CVE-2024-11466 (The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11398 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-11293 (The Registration Forms \u2013 User Registration Forms, Invitation-Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11093 (The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10952 (The The Authors List plugin for WordPress is vulnerable to arbitrary s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10885 (The SearchIQ \u2013 The Search Solution plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10832 (The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10664 (The Knowledge Base documentation & wiki plugin \u2013 BasePress Docs p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10663 (The Eleblog \u2013 Elementor Blog And Magazine Addons plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10587 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6978 (The WP Job Manager \u2013 Company Profiles plugin for WordPress is vul ...)
TODO: check
CVE-2023-52944 (Incorrect authorization vulnerability in ActionRule webapi component i ...)
@@ -122,29 +122,29 @@ CVE-2024-52805 (Synapse is an open-source Matrix homeserver. In Synapse before 1
NOTE: https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
NOTE: https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
CVE-2024-52548 (An attacker who can execute arbitrary Operating Systems commands, can ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-52547 (An authenticated attacker can trigger a stack based buffer overflow in ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-52546 (An unauthenticated attacker can perform a null pointer dereference in ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-52545 (An unauthenticated attacker can perform an out of bounds heap read in ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-52544 (An unauthenticated attacker can trigger a stack based buffer overflow ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-51771 (A vulnerability in the HPE Aruba Networking ClearPass Policy Manager w ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51114 (An issue in Beijing Digital China Yunke Information Technology Co.Ltd ...)
- TODO: check
+ NOT-FOR-US: Beijing Digital China Yunke Information Technology Co.Ltd
CVE-2024-50948 (An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Ser ...)
- TODO: check
+ NOT-FOR-US: mochiMQTT
CVE-2024-48080 (An issue in aedes v0.51.2 allows attackers to cause a Denial of Servic ...)
- TODO: check
+ NOT-FOR-US: aedes
CVE-2024-47476 (Dell NetWorker Management Console, version(s) 19.11, contain(s) an Imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-45676 (IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authent ...)
NOT-FOR-US: IBM
CVE-2024-42422 (Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass T ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-41777 (IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded ...)
NOT-FOR-US: IBM
CVE-2024-41776 (IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to c ...)
@@ -170,25 +170,25 @@ CVE-2024-25019 (IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to
CVE-2024-12101
REJECTED
CVE-2024-12082 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-12062 (The Charity Addon for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12053 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed ...)
TODO: check
CVE-2024-11866 (The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11844 (The IdeaPush plugin for WordPress is vulnerable to unauthorized modifi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11782 (The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11391 (The Advanced File Manager plugin for WordPress is vulnerable to arbitr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11326 (The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11325 (The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11200 (The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10074 (in OpenHarmony v4.1.1 and prior versions allow a local attacker cause ...)
TODO: check
CVE-2023-7255
@@ -263,9 +263,9 @@ CVE-2024-49416 (Use of implicit intent for sensitive communication in SmartThing
CVE-2024-49415 (Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allo ...)
NOT-FOR-US: Samsung
CVE-2024-49414 (Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49413 (Improper Verification of Cryptographic Signature in SmartSwitch prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49412 (Improper input validation in Settings prior to SMR Dec-2024 Release 1 ...)
NOT-FOR-US: Samsung
CVE-2024-49411 (Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows p ...)
@@ -538,27 +538,27 @@ CVE-2024-39343 (An issue was discovered in Samsung Mobile Processor and Wearable
CVE-2024-38827 (The usage of String.toLowerCase()and String.toUpperCase()has some Loca ...)
- libspring-security-2.0-java <removed>
CVE-2024-33063 (Transient DOS while parsing the ML IE when a beacon with common info l ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33056 (Memory corruption when allocating and accessing an entry in an SMEM pa ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33053 (Memory corruption when multiple threads try to unregister the CVP buff ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33044 (Memory corruption while Configuring the SMR/S2CR register in Bypass mo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33040 (Memory corruption while invoking redundant release command to release ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33039 (Memory corruption when PAL client calls PAL service APIs by passing a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33037 (Information disclosure as NPU firmware can send invalid IPC message to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33036 (Memory corruption while parsing sensor packets in camera driver, user- ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-31669 (rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Con ...)
TODO: check
CVE-2024-29645 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an at ...)
TODO: check
CVE-2024-12015 (The 'Project Manager' WordPress Plugin is affected by an authenticated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10905 (IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 ...)
TODO: check
CVE-2024-10490 (An \u201cAuthentication Bypass Using an Alternate Path or Channel\u201 ...)
@@ -685,39 +685,39 @@ CVE-2024-53103 (In the Linux kernel, the following vulnerability has been resolv
CVE-2024-45520 (WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a remote ...)
NOT-FOR-US: WithSecure
CVE-2024-20139 (In Bluetooth firmware, there is a possible firmware asssert due to imp ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20138 (In wlan driver, there is a possible out of bound read due to improper ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20137 (In wlan driver, there is a possible client disconnection due to improp ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20136 (In da, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20135 (In soundtrigger, there is a possible out of bounds write due to a miss ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20134 (In ril, there is a possible out of bounds write due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20133 (In Modem, there is a possible escalation of privilege due to an incorr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20132 (In Modem, there is a possible out of bonds write due to a mission boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20131 (In Modem, there is a possible escalation of privilege due to an incorr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20130 (In power, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20129 (In Telephony, there is a possible out of bounds read due to a missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20128 (In Telephony, there is a possible out of bounds read due to a missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20127 (In Telephony, there is a possible out of bounds read due to a missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20125 (In vdec, there is a possible out of bounds write due to a missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20116 (In cmdq, there is a possible out of bounds read due to a missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-12007 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Farmacia
CVE-2024-11856 (A security vulnerability in HPE IceWall products could be exploited re ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-52596 (SimpleSAMLphp xml-common is a common classes for handling XML-structur ...)
{DSA-5822-1 DLA-3981-1}
- simplesamlphp <unfixed> (bug #1088904)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42eb10369d6610e328ded537eeac01ce14019228
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42eb10369d6610e328ded537eeac01ce14019228
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241204/c6677efa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list