[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 12 09:33:49 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d27be7a by Salvatore Bonaccorso at 2024-12-12T10:33:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2024-9881 (The LearnPress  WordPress plugin before 4.2.7.2 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9641 (The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9428 (The Popup Builder  WordPress plugin before 4.3.5 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-55884 (In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-b ...)
-	TODO: check
+	NOT-FOR-US: Mullvad VPN client
 CVE-2024-55660 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2024-55659 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2024-55658 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2024-55657 (SiYuan is a personal knowledge management system. Prior to version 3.1 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2024-55652 (PenDoc is a penetration testing reporting application. Prior to commit ...)
-	TODO: check
+	NOT-FOR-US: PenDoc
 CVE-2024-54534 (The issue was addressed with improved memory handling. This issue is f ...)
 	TODO: check
 CVE-2024-54531 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -99,7 +99,7 @@ CVE-2024-53273 (Habitica is an open-source habit-building program. Versions prio
 CVE-2024-53272 (Habitica is an open-source habit-building program. Versions prior to 5 ...)
 	TODO: check
 CVE-2024-45404 (OpenCTI is an open-source cyber threat intelligence platform. In versi ...)
-	TODO: check
+	NOT-FOR-US: OpenCTI
 CVE-2024-44300 (A logic issue was addressed with improved file handling. This issue is ...)
 	TODO: check
 CVE-2024-44299 (The issue was addressed with improved bounds checks. This issue is fix ...)
@@ -133,77 +133,77 @@ CVE-2024-44201 (The issue was addressed with improved memory handling. This issu
 CVE-2024-44200 (This issue was addressed with improved redaction of sensitive informat ...)
 	TODO: check
 CVE-2024-42407 (Insertion of Sensitive Information into Log File (CWE-532) in the Gall ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2024-41146 (Use of Multiple Resources with Duplicate Identifier (CWE-694) in the C ...)
-	TODO: check
+	NOT-FOR-US: Gallagher
 CVE-2024-12564 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	TODO: check
 CVE-2024-12536 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System
 CVE-2024-12526 (The Arena.IM \u2013 Live Blogging for real-time events plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12503 (A vulnerability classified as problematic was found in ClassCMS 4.8. A ...)
-	TODO: check
+	NOT-FOR-US: ClassCMS
 CVE-2024-12497 (A vulnerability classified as critical has been found in 1000 Projects ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Attendance Tracking Management System
 CVE-2024-12492 (A vulnerability was found in code-projects Farmacia 1.0. It has been r ...)
-	TODO: check
+	NOT-FOR-US: code-projects Farmacia
 CVE-2024-12490 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Class and Exam Scheduling System
 CVE-2024-12489 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Class and Exam Scheduling System
 CVE-2024-12488 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Class and Exam Scheduling System
 CVE-2024-12487 (A vulnerability has been found in code-projects Online Class and Exam  ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Class and Exam Scheduling System
 CVE-2024-12486 (A vulnerability, which was classified as critical, was found in code-p ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Class and Exam Scheduling System
 CVE-2024-12485 (A vulnerability, which was classified as critical, has been found in c ...)
-	TODO: check
+	NOT-FOR-US: code-projects Online Class and Exam Scheduling System
 CVE-2024-12463 (The Arena.IM \u2013 Live Blogging for real-time events plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12461 (The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12441 (The BP Email Assign Templates plugin for WordPress is vulnerable to Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12406 (The Library Management System \u2013 Manage e-Digital Books Library pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12341 (The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12338 (The Website Toolbox Community plugin for WordPress is vulnerable to Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12329 (The Essential Real Estate plugin for WordPress is vulnerable to unauth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12312 (The Print Science Designer plugin for WordPress is vulnerable to PHP O ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12265 (The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12263 (The Child Theme Creator by Orbisius plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12260 (The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12258 (The WP Service Payment Form With Authorize.net plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12255 (The Accept Stripe Payments Using Contact Form 7 plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12201 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12172 (The WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12162 (The Video & Photo Gallery for Ultimate Member plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12156 (The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12072 (The Analytics Cat \u2013 Google Analytics Made Easy plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12059 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12040 (The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12018 (The Snippet Shortcodes plugin for WordPress is vulnerable to unauthori ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11950 (XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code E ...)
-	TODO: check
+	NOT-FOR-US: XnSoft XnView
 CVE-2024-11949 (GFI Archiver Store Service Deserialization of Untrusted Data Remote Co ...)
 	TODO: check
 CVE-2024-11948 (GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This  ...)
@@ -211,103 +211,103 @@ CVE-2024-11948 (GFI Archiver Telerik Web UI Remote Code Execution Vulnerability.
 CVE-2024-11947 (GFI Archiver Core Service Deserialization of Untrusted Data Remote Cod ...)
 	TODO: check
 CVE-2024-11914 (The Gutenberg Blocks and Page Layouts \u2013 Attire Blocks plugin for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11901 (The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11891 (The Perfect Font Awesome Integration plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11882 (The FAQ And Answers \u2013 Create Frequently Asked Questions Area on W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11875 (The Add infos to the events calendar plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11872 (Epic Games Launcher Incorrect Default Permissions Local Privilege Esca ...)
-	TODO: check
+	NOT-FOR-US: Epic Games Launcher
 CVE-2024-11871 (The Social Media Shortcodes plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11804 (The Planaday API plugin for WordPress is vulnerable to Reflected Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11785 (The Integrate Firebase plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11781 (The Smart Agenda \u2013 Prise de rendez-vous en ligne plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11766 (The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider,  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11765 (The WordPress Portfolio Plugin \u2013 A Plugin for Making Filterable P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11757 (The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11750 (The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11727 (The NotificationX \u2013 Live Sales Notification, WooCommerce Sales Po ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11724 (The Cookie Consent for WP \u2013 Cookie Consent, Consent Log, Cookie S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11723 (The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11709 (The AI Post Generator | AutoWriter plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11689 (The HQ Rental Software plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11683 (The Newsletter Subscriptions plugin for WordPress is vulnerable to Ref ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11459 (The Country Blocker plugin for WordPress is vulnerable to Reflected Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11443 (The de:branding plugin for WordPress is vulnerable to unauthorized mod ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11442 (The Horizontal scroll image slideshow plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11433 (The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11430 (The SQL Chart Builder plugin for WordPress is vulnerable to SQL Inject ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11427 (The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11419 (The Password for WP plugin for WordPress is vulnerable to Cross-Site R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11417 (The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11413 (The HostFact bestelformulier integratie plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11410 (The Top and footer bars for announcements, notifications, advertisemen ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11384 (The Arena.IM \u2013 Live Blogging for real-time events plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11359 (The Library Bookshelves plugin for WordPress is vulnerable to Reflecte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11279 (The Schema App Structured Data plugin for WordPress is vulnerable to R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11181 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11052 (The Ninja Forms \u2013 The Contact Form Builder That Grows With You pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11015 (The Sign In With Google plugin for WordPress is vulnerable to authenti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10910 (The The Grid Plus \u2013 Unlimited grid layout plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10784 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10637 (The Gutenberg Blocks with AI by Kadence WP  WordPress plugin before 3. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10590 (The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10583 (The Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers w ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10568 (The Ajax Search Lite  WordPress plugin before 4.12.4 does not sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10518 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10517 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10499 (The AI Engine WordPress plugin before 2.6.5 does not sanitize and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10182 (The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10124 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10111 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10010 (The LearnPress  WordPress plugin before 4.2.7.2 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti Automatio ...)
 	NOT-FOR-US: Ivanti
 CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti Workspace ...)
@@ -548,11 +548,11 @@ CVE-2024-47537 (GStreamer is a library for constructing graphs of media-handling
 CVE-2024-45337 (Applications and libraries which misuse the ServerConfig.PublicKeyCall ...)
 	TODO: check
 CVE-2024-42448 (From the VSPC management agent machine, under condition that the manag ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2024-37401 (An out-of-bounds read in IPsec of Ivanti Connect Secure before version ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-37377 (A heap-based buffer overflow in IPsec of Ivanti Connect Secure before  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-28141 (The web application is not protected against cross-site request forger ...)
 	TODO: check
 CVE-2024-28140 (The scanner device boots into a kiosk mode by default and opens the Sc ...)
@@ -560,45 +560,45 @@ CVE-2024-28140 (The scanner device boots into a kiosk mode by default and opens
 CVE-2024-28139 (The www-data user can elevate its privileges because sudo is configure ...)
 	TODO: check
 CVE-2024-12484 (A vulnerability classified as critical was found in Codezips Technical ...)
-	TODO: check
+	NOT-FOR-US: Codezips Technical Discussion Forum
 CVE-2024-12483 (A vulnerability classified as problematic has been found in Dromara UJ ...)
-	TODO: check
+	NOT-FOR-US: Dromara UJCMS
 CVE-2024-12482 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been  ...)
-	TODO: check
+	NOT-FOR-US: cjbi wetech-cms
 CVE-2024-12481 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been  ...)
-	TODO: check
+	NOT-FOR-US: cjbi wetech-cms
 CVE-2024-12480 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been  ...)
-	TODO: check
+	NOT-FOR-US: cjbi wetech-cms
 CVE-2024-12479 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classifie ...)
-	TODO: check
+	NOT-FOR-US: cjbi wetech-cms
 CVE-2024-12363 (Insufficient permissions in the TeamViewer Patch & Asset Management co ...)
 	TODO: check
 CVE-2024-12325 (The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12294 (The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12283 (The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12004 (The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11840 (The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11737 (CWE-20: Improper Input Validation vulnerability exists that could lead ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2024-11598 (Under specific circumstances, insecure permissions in Ivanti Applicati ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-11597 (Under specific circumstances, insecure permissions in Ivanti Performan ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-11401 (Rapid7 Insight Platform versions prior to November 13th 2024, suffer f ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 Insight Platform
 CVE-2024-11351 (The Restrict \u2013 membership, site, content and user access restrict ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11008 (The Members \u2013 Membership & User Role Editor Plugin plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10511 (CWE-287: Improper Authentication vulnerability exists that could cause ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2024-10251 (Under specific circumstances, insecure permissions in Ivanti Security  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-12382 (Use after free in Translate in Google Chrome prior to 131.0.6778.139 a ...)
 	- chromium 131.0.6778.139-1
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d27be7a39304d7c9843c805d0ef9312b9d8b6cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d27be7a39304d7c9843c805d0ef9312b9d8b6cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241212/f032b5e8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list