[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Dec 13 08:31:45 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a542f1e7 by Moritz Muehlenhoff at 2024-12-13T09:31:23+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-9508 (Horner Automation Cscape contains a memory corruption vulnerability, w ...)
- TODO: check
+ NOT-FOR-US: Horner Automation Cscape
CVE-2024-55918 (An issue was discovered in the Graphics::ColorNames package before 3.2 ...)
TODO: check
CVE-2024-21544 (Versions of the package spatie/browsershot before 5.0.1 are vulnerable ...)
@@ -9,43 +9,43 @@ CVE-2024-21543 (Versions of the package djoser before 2.3.0 are vulnerable to Au
CVE-2024-12603 (A logic vulnerability in the the mobile application (com.transsion.app ...)
TODO: check
CVE-2024-12581 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12579 (The Minify HTML plugin for WordPress is vulnerable to Regular Expressi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12574 (The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12572 (The Hello In All Languages plugin for WordPress is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12300 (The AR for WordPress plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12289 (Boundary Community Edition and Boundary Enterprise (\u201cBoundary\u20 ...)
TODO: check
CVE-2024-12212 (The vulnerability occurs in the parsing of CSP files. The issues resul ...)
- TODO: check
+ NOT-FOR-US: Horner Automation Cscape
CVE-2024-11839 (Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11838 (External Control of File Name or Path vulnerability in PlexTrac allows ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11837 (Improper Neutralization of Special Elements used in an N1QL Command (' ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11836 (Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11835 (Uncontrolled Resource Consumption vulnerability in PlexTrac allows Web ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11833 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11809 (The Primer MyData for Woocommerce plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11767 (The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10939 (The Image Widget WordPress plugin before 4.4.11 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10678 (The Ultimate Blocks WordPress plugin before 3.2.4 does not validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25221 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12455 [powerpc: getrandom() returns EINVAL as retcode instead of errno]
- glibc <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32440
@@ -143,7 +143,7 @@ CVE-2024-54096 (Vulnerability of improper access control in the MTP module Impac
CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
NOT-FOR-US: IBM
CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can perform a ...)
- TODO: check
+ NOT-FOR-US: Scan2Net
CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from a prev ...)
TODO: check
CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog allows a ...)
@@ -151,13 +151,13 @@ CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog al
CVE-2024-49071 (Improper authorization of an index that contains sensitive information ...)
NOT-FOR-US: Microsoft
CVE-2024-47947 (Due to missing input sanitization, an attacker can perform cross-site- ...)
- TODO: check
+ NOT-FOR-US: Scan2Net
CVE-2024-47238 (Dell Client Platform BIOS contains an Improper Input Validation vulner ...)
NOT-FOR-US: Dell
CVE-2024-36498 (Due to missing input sanitization, an attacker can perform cross-site- ...)
- TODO: check
+ NOT-FOR-US: Scan2Net
CVE-2024-36494 (Due to missing input sanitization, an attacker can perform cross-site- ...)
- TODO: check
+ NOT-FOR-US: Scan2Net
CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_ ...)
TODO: check
CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt config f ...)
@@ -177,7 +177,7 @@ CVE-2024-21574 (The issue stems from a missing validation of the pip field in a
CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
TODO: check
CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows an atta ...)
- TODO: check
+ NOT-FOR-US: Open Shift
CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary shortcode ...)
NOT-FOR-US: WordPress theme
CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a542f1e7c74ac7e391e74da3b8b415cbfdd358c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a542f1e7c74ac7e391e74da3b8b415cbfdd358c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241213/5cfcbf14/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list