[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 5 20:26:06 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bda53c11 by Salvatore Bonaccorso at 2024-11-05T21:25:37+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,55 +1,55 @@
CVE-2024-9878 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9867 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9667 (The Seriously Simple Podcasting plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9657 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9579 (A potential vulnerability was discovered in certain Poly video confere ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-9443 (The Basticom Framework plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9178 (The XT Floating Cart for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7429 (The Zotpress plugin for WordPress is vulnerable to unauthorized modifi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7059 (A high-severity vulnerability that can lead to arbitrary code executio ...)
- TODO: check
+ NOT-FOR-US: Genetec
CVE-2024-52030 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52029 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52028 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52026 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52025 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52024 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52023 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52022 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52021 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52020 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52019 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52018 (Netgear XR300 v1.0.3.78 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52017 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52016 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52015 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52014 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-52013 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51753 (The AuthKit library for Remix provides convenient helpers for authenti ...)
TODO: check
CVE-2024-51752 (The AuthKit library for Next.js provides convenient helpers for authen ...)
@@ -57,179 +57,179 @@ CVE-2024-51752 (The AuthKit library for Next.js provides convenient helpers for
CVE-2024-51746 (Gitsign is a keyless Sigstore to signing tool for Git commits with you ...)
TODO: check
CVE-2024-51740 (Combodo iTop is a simple, web based IT Service Management tool. This v ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2024-51739 (Combodo iTop is a simple, web based IT Service Management tool. Unauth ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2024-51735 (Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scrip ...)
- TODO: check
+ NOT-FOR-US: Osmedeus
CVE-2024-51530 (LaunchAnywhere vulnerability in the account module Impact: Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51529 (Data verification vulnerability in the battery module Impact: Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51528 (Vulnerability of improper log printing in the Super Home Screen module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51527 (Permission control vulnerability in the Gallery app Impact: Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51526 (Permission control vulnerability in the hidebug module Impact: Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51525 (Permission control vulnerability in the clipboard module Impact: Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51524 (Permission control vulnerability in the Wi-Fi module Impact: Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51523 (Information management vulnerability in the Gallery module Impact: Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51522 (Vulnerability of improper device information processing in the device ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51521 (Input parameter verification vulnerability in the background service m ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51520 (Vulnerability of input parameters not being verified in the HDC module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51519 (Vulnerability of input parameters not being verified in the HDC module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51518 (Vulnerability of message types not being verified in the advanced mess ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51517 (Vulnerability of improper memory access in the phone service module Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51516 (Permission control vulnerability in the ability module Impact: Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51515 (Race condition vulnerability in the kernel network module Impact:Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51514 (Vulnerability of pop-up windows belonging to no app in the VPN module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51513 (Vulnerability of processes not being fully terminated in the VPN modul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51512 (Vulnerability of parameter type not being verified in the WantAgent mo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51511 (Vulnerability of parameter type not being verified in the WantAgent mo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51510 (Out-of-bounds access vulnerability in the logo module Impact: Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-51493 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
TODO: check
CVE-2024-51382 (Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows ...)
- TODO: check
+ NOT-FOR-US: JATOS
CVE-2024-51381 (Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that a ...)
- TODO: check
+ NOT-FOR-US: JATOS
CVE-2024-51380 (Stored Cross-Site Scripting (XSS) vulnerability discovered in the Prop ...)
- TODO: check
+ NOT-FOR-US: JATOS
CVE-2024-51379 (Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3 ...)
- TODO: check
+ NOT-FOR-US: JATOS
CVE-2024-51362 (The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an inf ...)
- TODO: check
+ NOT-FOR-US: LSC Smart Connect Indoor IP Camera
CVE-2024-51240 (An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for pr ...)
TODO: check
CVE-2024-51132 (An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 ...)
- TODO: check
+ NOT-FOR-US: HAPI FHIR
CVE-2024-51024 (D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-51023 (D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-51022 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51021 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51020 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51019 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51018 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51017 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51016 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51015 (Netgear R7000P v1.3.3.154 was discovered to contain a command injectio ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51014 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51013 (Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow v ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51012 (Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow vi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51011 (Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51010 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51009 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51008 (Netgear XR300 v1.0.3.78 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51007 (Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51006 (Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow vi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51005 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51004 (Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to mult ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51003 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51002 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51001 (Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow vi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-51000 (Netgear R8500 v1.0.2.160 was discovered to contain multiple stack over ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-50999 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-50998 (Netgear R8500 v1.0.2.160 was discovered to contain multiple stack over ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-50997 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-50996 (Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R640 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-50995 (Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow vi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-50994 (Netgear R8500 v1.0.2.160 was discovered to contain multiple stack over ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-50993 (Netgear R8500 v1.0.2.160 was discovered to contain a command injection ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-50335 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-50333 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-50332 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-49774 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-49773 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-49772 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2024-49522 (Substance3D - Painter versions 10.0.1 and earlier are affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49377 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
TODO: check
CVE-2024-48312 (WebLaudos v20.8 (118) was discovered to contain a cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: WebLaudos
CVE-2024-47255 (In 2N Access Commander versions 3.1.1.2 and prior, a local attacker ca ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-47254 (In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Ve ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-47253 (In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vu ...)
- TODO: check
+ NOT-FOR-US: 2N Access Commander
CVE-2024-10845 (A vulnerability has been found in 1000 Projects Bookstore Management S ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Bookstore Management System
CVE-2024-10844 (A vulnerability, which was classified as critical, was found in 1000 P ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Bookstore Management System
CVE-2024-10842 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: romadebrian WEB-Sekolah
CVE-2024-10841 (A vulnerability classified as critical was found in romadebrian WEB-Se ...)
- TODO: check
+ NOT-FOR-US: romadebrian WEB-Sekolah
CVE-2024-10840 (A vulnerability classified as problematic has been found in romadebria ...)
- TODO: check
+ NOT-FOR-US: romadebrian WEB-Sekolah
CVE-2024-10711 (The WooCommerce Report plugin for WordPress is vulnerable to Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10687 (The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Cont ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10329 (The Ultimate Bootstrap Elements for Elementor plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10319 (The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10263 (The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10114 (The WooCommerce - Social Login plugin for WordPress is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0134 (NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a U ...)
TODO: check
CVE-2024-50138 (In the Linux kernel, the following vulnerability has been resolved: b ...)
@@ -125822,31 +125822,31 @@ CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 C
CVE-2023-29127
RESERVED
CVE-2023-29126 (The Waybox Enel X web management application contains a PHP-type juggl ...)
- TODO: check
+ NOT-FOR-US: Waybox Enel X
CVE-2023-29125 (A heap buffer overflow could be triggered by sending a specific packet ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29124
RESERVED
CVE-2023-29123
RESERVED
CVE-2023-29122 (Under certain conditions, access to service libraries is granted to ac ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29121 (Waybox Enel TCF Agent service could be used to get administrator\u2019 ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29120 (Waybox Enel X web management application could be used to execute arbi ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29119 (Waybox Enel X web management application could execute arbitrary reque ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29118 (Waybox Enel X web management application could execute arbitrary reque ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29117 (Waybox Enel X web management API authentication could be bypassed and ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29116 (Under certain conditions, through a request directed to the Waybox Ene ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29115 (In certain conditions a request directed to the Waybox Enel X Web mana ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29114 (System logs could be accessed through web management application due t ...)
- TODO: check
+ NOT-FOR-US: Enel X
CVE-2023-29113
RESERVED
CVE-2023-29112 (The SAP Application Interface (Message Monitoring) - versions 600, 700 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bda53c11b2c57473ab1c254c066f58aff18639af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bda53c11b2c57473ab1c254c066f58aff18639af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241105/8abca9b9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list