[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 12 21:15:43 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7fd92def by Salvatore Bonaccorso at 2024-12-12T22:15:21+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,63 +29,63 @@ CVE-2024-55663 (XWiki Platform is a generic wiki platform. Starting in version 1
CVE-2024-55662 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...)
NOT-FOR-US: XWiki
CVE-2024-55099 (A SQL Injection vulnerability was found in /admin/index.php in phpguru ...)
- TODO: check
+ NOT-FOR-US: phpgurukul Online Nurse Hiring System
CVE-2024-54842 (A SQL injection vulnerability was found in phpgurukul Online Nurse Hir ...)
- TODO: check
+ NOT-FOR-US: phpgurukul Online Nurse Hiring System
CVE-2024-54811 (A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketi ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Park Ticketing Management System
CVE-2024-54810 (A SQL Injection vulnerability was found in /preschool/admin/password-r ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Pre-School Enrollment System Project
CVE-2024-54122 (Concurrent variable access vulnerability in the ability module Impact: ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54116 (Out-of-bounds read vulnerability in the M3U8 module Impact: Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54115 (Out-of-bounds read vulnerability in the DASH module Impact: Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54114 (Out-of-bounds access vulnerability in playback in the DASH module Impa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54113 (Process residence vulnerability in abnormal scenarios in the print mod ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54112 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54111 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54110 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54109 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54108 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54107 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54106 (Null pointer dereference vulnerability in the image decoding module Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54105 (Read/Write vulnerability in the image decoding module Impact: Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54104 (Cross-process screen stack vulnerability in the UIExtension module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54103 (Vulnerability of improper access control in the album module Impact: S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54102 (Race condition vulnerability in the DDR module Impact: Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54101 (Denial of service (DoS) vulnerability in the installation module Impac ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54100 (Vulnerability of improper access control in the secure input module Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54099 (File replacement vulnerability on some devices Impact: Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54098 (Service logic error vulnerability in the system service module Impact: ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54097 (Security vulnerability in the HiView module Impact: Successful exploit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54096 (Vulnerability of improper access control in the MTP module Impact: Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
NOT-FOR-US: IBM
CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can perform a ...)
@@ -93,13 +93,13 @@ CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can per
CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from a prev ...)
TODO: check
CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-49071 (Improper authorization of an index that contains sensitive information ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-47947 (Due to missing input sanitization, an attacker can perform cross-site- ...)
TODO: check
CVE-2024-47238 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-36498 (Due to missing input sanitization, an attacker can perform cross-site- ...)
TODO: check
CVE-2024-36494 (Due to missing input sanitization, an attacker can perform cross-site- ...)
@@ -107,7 +107,7 @@ CVE-2024-36494 (Due to missing input sanitization, an attacker can perform cross
CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_ ...)
TODO: check
CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt config f ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2024-28145 (An unauthenticated attacker can perform an SQL injection by accessing ...)
TODO: check
CVE-2024-28144 (An attacker who can spoof the IP address and the User-Agent of a logge ...)
@@ -117,23 +117,23 @@ CVE-2024-28143 (The password change function at /cgi/admin.cgi does not require
CVE-2024-28142 (Due to missing input sanitization, an attacker can perform cross-site- ...)
TODO: check
CVE-2024-21575 (ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems f ...)
- TODO: check
+ NOT-FOR-US: ComfyUI-Impact-Pack
CVE-2024-21574 (The issue stems from a missing validation of the pip field in a POST r ...)
- TODO: check
+ NOT-FOR-US: ComfyUI-Impact-Pack
CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
TODO: check
CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows an atta ...)
TODO: check
CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary shortcode ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-12271 (The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12160 (The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11760 (The Currency Converter Widget \u26a1 PRO plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11274 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-10043 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -243,43 +243,43 @@ CVE-2024-53272 (Habitica is an open-source habit-building program. Versions prio
CVE-2024-45404 (OpenCTI is an open-source cyber threat intelligence platform. In versi ...)
NOT-FOR-US: OpenCTI
CVE-2024-44300 (A logic issue was addressed with improved file handling. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44299 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44291 (A logic issue was addressed with improved file handling. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44290 (This issue was addressed with improved redaction of sensitive informat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44248 (This issue was addressed through improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44246 (The issue was addressed with improved routing of Safari-originated req ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44245 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44243 (A configuration issue was addressed with additional restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44242 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44241 (The issue was addressed with improved bounds checks. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44225 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44224 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44220 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44212 (A cookie management issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44201 (The issue was addressed with improved memory handling. This issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44200 (This issue was addressed with improved redaction of sensitive informat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-42407 (Insertion of Sensitive Information into Log File (CWE-532) in the Gall ...)
NOT-FOR-US: Gallagher
CVE-2024-41146 (Use of Multiple Resources with Duplicate Identifier (CWE-694) in the C ...)
NOT-FOR-US: Gallagher
CVE-2024-12564 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance CDE inWEB SDK
CVE-2024-12536 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System
CVE-2024-12526 (The Arena.IM \u2013 Live Blogging for real-time events plugin for Word ...)
@@ -3356,7 +3356,7 @@ CVE-2024-33037 (Information disclosure as NPU firmware can send invalid IPC mess
CVE-2024-33036 (Memory corruption while parsing sensor packets in camera driver, user- ...)
NOT-FOR-US: Qualcomm
CVE-2024-31669 (rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Con ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2024-29645 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an at ...)
- radare2 5.9.0+dfsg-1
NOTE: https://github.com/radareorg/radare2/pull/22561
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd92def62da0fa8ec3ac4284438db428f54de46
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd92def62da0fa8ec3ac4284438db428f54de46
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241212/f4a463f1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list