[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 20 09:14:18 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b9f283e1 by Salvatore Bonaccorso at 2024-12-20T10:13:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,107 +1,107 @@
CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8968 (The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5955 (Cross-site scripting vulnerability in Trellix ePolicy Orchestrator pri ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-56327 (pyrage is a set of Python bindings for the rage file encryption librar ...)
TODO: check
CVE-2024-54984 (An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass au ...)
- TODO: check
+ NOT-FOR-US: Quectel BG96 BG96MAR02A08M1G
CVE-2024-54983 (An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to byp ...)
- TODO: check
+ NOT-FOR-US: Quectel BC95-CNV V100R001C00SPC051
CVE-2024-54982 (An issue in Quectel BC25 with firmware version BC25PAR01A06 allows att ...)
- TODO: check
+ NOT-FOR-US: Quectel BC25 BC25PAR01A06
CVE-2024-54663 (An issue was discovered in the Webmail Classic UI in Zimbra Collaborat ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2024-54538 (A denial-of-service issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-54009 (Remote authentication bypass vulnerability in HPE Alletra Storage MP B ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-44298 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44293 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44292 (A privacy issue was addressed with improved private data redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44231 (This issue was addressed through improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44223 (This issue was addressed through improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44211 (This issue was addressed with improved validation of symlinks. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44195 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-21549 (Versions of the package spatie/browsershot before 5.0.3 are vulnerable ...)
TODO: check
CVE-2024-12832 (Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and W ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-12831 (Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalat ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-12830 (Arista NG Firewall custom_handler Directory Traversal Remote Code Exec ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-12829 (Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-12729 (A post-auth code injection vulnerability in the User Portal allows aut ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2024-12728 (A weak credentials vulnerability potentially allows privileged system ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2024-12727 (A pre-auth SQL injection vulnerability in the email protection feature ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2024-12700 (There is an unrestricted file upload vulnerability where it is possibl ...)
TODO: check
CVE-2024-12678 (Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnera ...)
TODO: check
CVE-2024-12672 (A third-party vulnerability exists in the Rockwell AutomationArena\xae ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12571 (The Store Locator for WordPress with Google Maps \u2013 LotsOfLocales ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12509 (The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12506 (The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12175 (Another \u201cuse after free\u201dcode execution vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12111 (In a specific scenario a LDAP user can abuse the authentication proces ...)
TODO: check
CVE-2024-11893 (The Spoki \u2013 Chat Buttons and WooCommerce Notifications plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11878 (The Category Post Slider plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11812 (The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11806 (The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11784 (The Sell Tickets Online \u2013 TicketSource Ticket Shop for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11783 (The Financial Calculator plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11776 (The PCRecruiter Extensions plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11775 (The Particle Background plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11774 (The Outdooractive Embed plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11411 (The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11364 (Another \u201cuninitialized variable\u201d code execution vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11331 (The \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0645\u062d\u0635\u064 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11297 (The Page Restriction WordPress (WP) \u2013 Protect WP Pages/Post plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11157 (A third-party vulnerability exists in the Rockwell Automation Arena\xa ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11108 (The Serious Slider WordPress plugin before 1.2.7 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10706 (The Download Manager WordPress plugin before 3.3.03 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10555 (The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-42867 (This issue was addressed with improved validation of the process entit ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205 allows e ...)
NOT-FOR-US: HMS Networks Ewon Flexy 205
CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP packet ca ...)
@@ -205134,7 +205134,7 @@ CVE-2022-34161 (IBM CICS TX 11.1 is vulnerable to cross-site request forgery whi
CVE-2022-34160 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection ...)
NOT-FOR-US: IBM
CVE-2022-34159 (Huawei printers have an input verification vulnerability. Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34158 (A carefully crafted invocation on the Image plugin could trigger an CS ...)
- jspwiki <removed>
CVE-2022-2143 (The affected product is vulnerable to two instances of command injecti ...)
@@ -210209,9 +210209,9 @@ CVE-2022-1973 (A use-after-free flaw was found in the Linux kernel in log_replay
CVE-2022-1972
REJECTED
CVE-2022-32204 (There is an improper input verification vulnerability in Huawei printe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-32203 (There is a command injection vulnerability in Huawei terminal printer ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1970
@@ -210402,7 +210402,7 @@ CVE-2022-32146
CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active Workspace V5. ...)
NOT-FOR-US: Siemens
CVE-2022-32144 (There is an insufficient input verification vulnerability in Huawei pr ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-32143 (In multiple CODESYS products, file download and upload function allows ...)
NOT-FOR-US: CODESYS
CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or write a ...)
@@ -372858,7 +372858,7 @@ CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUA
CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E1 ...)
NOT-FOR-US: Huawei
CVE-2020-9250 (There is an insufficient authentication vulnerability in some Huawei s ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...)
NOT-FOR-US: Huawei
CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f283e16aa7d01864ead862d80cb7420797a85f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f283e16aa7d01864ead862d80cb7420797a85f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241220/f32e55c7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list