[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 6 20:38:07 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b810e7f by Salvatore Bonaccorso at 2024-12-06T21:37:45+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,193 +47,193 @@ CVE-2024-54137 (liboqs is a C-language cryptographic library that provides imple
NOTE: https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7
NOTE: Fixed by: https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24 (0.12.0-rc1)
CVE-2024-54136 (ClipBucket V5 provides open source video hosting with PHP. ClipBucket- ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2024-54135 (ClipBucket V5 provides open source video hosting with PHP. ClipBucket- ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2024-53826 (Missing Authorization vulnerability in WPSight WPCasa allows Accessing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53825 (Missing Authorization vulnerability in Ninja Team Filebird allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53824 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53817 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53815 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53813 (Missing Authorization vulnerability in WP Travel WP Travel allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53811 (Unrestricted Upload of File with Dangerous Type vulnerability in POSIM ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53810 (Missing Authorization vulnerability in Najeeb Ahmad Simple User Regist ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53809 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53807 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53806 (Missing Authorization vulnerability in WpMaspik Maspik \u2013 Spam bla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53805 (Missing Authorization vulnerability in brandtoss WP Mailster allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53804 (Insertion of Sensitive Information Into Sent Data vulnerability in bra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53803 (Missing Authorization vulnerability in brandtoss WP Mailster allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53802 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53799 (Missing Authorization vulnerability in BAKKBONE Australia FloristPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53797 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53796 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53795 (Missing Authorization vulnerability in Andy Moyle Church Admin allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53794 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53691 (A link following vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-52558 (The affected product is vulnerable to an integer underflow. An unauthe ...)
- TODO: check
+ NOT-FOR-US: Planet Technology
CVE-2024-52335 (A vulnerability has been identified in syngo.plaza VB30E (All versions ...)
- TODO: check
+ NOT-FOR-US: syngo.plaza VB30E
CVE-2024-52324 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-52320 (The affected product is vulnerable to a command injection. An unauthen ...)
- TODO: check
+ NOT-FOR-US: Planet Technology
CVE-2024-51815 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51727 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x conta ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-51615 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50677 (A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 all ...)
- TODO: check
+ NOT-FOR-US: OroPlatform CMS
CVE-2024-50404 (A link following vulnerability has been reported to affect Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50403 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50402 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50393 (A command injection vulnerability has been reported to affect several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50389 (A SQL injection vulnerability has been reported to affect QuRouter. If ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50388 (An OS command injection vulnerability has been reported to affect HBS ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50387 (A SQL injection vulnerability has been reported to affect several QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-4633 (The Slider and Carousel slider by Depicter plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48874 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-48871 (The affected product is vulnerable to a stack-based buffer overflow. A ...)
- TODO: check
+ NOT-FOR-US: Planet Technology
CVE-2024-48868 (An improper neutralization of CRLF sequences ('CRLF Injection') vulner ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48867 (An improper neutralization of CRLF sequences ('CRLF Injection') vulner ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48866 (An improper handling of URL encoding (Hex Encoding) vulnerability has ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48865 (An improper certificate validation vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48863 (A command injection vulnerability has been reported to affect License ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48859 (An improper authentication vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48703 (PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: PhpGurukul Medical Card Generation System
CVE-2024-47791 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-47547 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x conta ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-47146 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-47043 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-46874 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-45722 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-42494 (Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x conta ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-42196 (HCL Launch stores potentially sensitive information in log files that ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30129 (The HTTP host header can be manipulated and cause the application to b ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-21571 (Snyk has identified a remote code execution (RCE) vulnerability in all ...)
TODO: check
CVE-2024-12254 (Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writel ...)
TODO: check
CVE-2024-12155 (The SV100 Companion plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12110 (The Gold Addons for Elementor plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12060 (The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12028 (The Friends plugin for WordPress is vulnerable to unauthorized access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12027 (The Message Filter for Contact Form 7 plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12003 (The WP System plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11823 (The Folder Gallery plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11730 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11729 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11728 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11687 (The Next-Cart Store to WooCommerce Migration plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11460 (The Verowa Connect plugin for WordPress is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11450 (The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11444 (The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11368 (The Splash Sync plugin for WordPress is vulnerable to Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11352 (The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11339 (The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11336 (The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11323 (The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11321 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Hi e-learning Learning Management System (LMS)
CVE-2024-11292 (The WP Private Content Plus plugin for WordPress is vulnerable to Sens ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11289 (The Soledad theme for WordPress is vulnerable to Local File Inclusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11276 (The PDF Builder for WooCommerce. Create invoices,packing slips and mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11220 (A local low-level user on the server machine with credentials to the r ...)
TODO: check
CVE-2024-11204 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11022 (The authentication process to the web server uses a challenge response ...)
TODO: check
CVE-2024-10909 (The The Pojo Forms plugin for WordPress is vulnerable to arbitrary sho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10879 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10849 (The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10776 (Lua apps can be deployed, removed, started, reloaded or stopped withou ...)
TODO: check
CVE-2024-10774 (Unauthenticated CROWN APIs allow access to critical functions. This le ...)
@@ -245,19 +245,19 @@ CVE-2024-10772 (Since the firmware update is not validated, an attacker can inst
CVE-2024-10771 (Due to missing input validation during one step of the firmware update ...)
TODO: check
CVE-2024-10692 (The PowerPack Elementor Addons (Free Widgets, Extensions and Templates ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10689 (The XLTab \u2013 Accordions and Tabs for Elementor Page Builder plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10681 (The The ARMember \u2013 Membership Plugin, Content Restriction, Member ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10516 (The Swift Performance Lite plugin for WordPress is vulnerable to Local ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10320 (The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0139 (NVIDIA Base Command Manager and Bright Cluster Manager for Linux conta ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2024-0130 (NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulner ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2024-XXXX [RUSTSEC-2024-0409]
- rust-pyo3 <not-affected> (Only affects 0.23.x)
NOTE: https://github.com/PyO3/pyo3/issues/4757
@@ -476839,7 +476839,7 @@ CVE-2018-9465 (In task_get_unused_fd_flags of binder.c, there is a possible memo
CVE-2018-9464
RESERVED
CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds write du ...)
NOT-FOR-US: Android
CVE-2018-9461
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b810e7f72d3816623857441317c7211bb1cd0bc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b810e7f72d3816623857441317c7211bb1cd0bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/fd5018d1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list