[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 6 08:29:39 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ee7579e by Salvatore Bonaccorso at 2024-11-06T09:29:19+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2024-9946 (The Social Share, Social Login and Social Comments Plugin \u2013 Super ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9934 (The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9681 (When curl is asked to use HSTS, the expiry time for a subdomain might  ...)
 	- curl <unfixed>
 	[bookworm] - curl <no-dsa> (Minor issue)
@@ -10,15 +10,15 @@ CVE-2024-9681 (When curl is asked to use HSTS, the expiry time for a subdomain m
 	NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/a94973805df96269bf3f3bf0a20ccb9887313316 (curl-8_11_0)
 CVE-2024-9307 (The mFolio Lite plugin for WordPress is vulnerable to file uploads due ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7995 (A maliciously crafted binary file when downloaded could lead to escala ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-7879 (The WP ULike  WordPress plugin before 4.7.5 does not sanitise and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6626 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-52043 (Observable Response Discrepancy vulnerability in HumHub GmbH & Co. KG  ...)
-	TODO: check
+	NOT-FOR-US: HumHub
 CVE-2024-51756 (The cap-std project is organized around the eponymous `cap-std` crate, ...)
 	TODO: check
 CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's file ...)
@@ -26,75 +26,75 @@ CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime'
 CVE-2024-51358 (An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to  ...)
 	TODO: check
 CVE-2024-51116 (Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflo ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-51115 (DCME-320 v7.4.12.90 was discovered to contain a command injection vuln ...)
-	TODO: check
+	NOT-FOR-US: DCME-320
 CVE-2024-49409 (Out-of-bounds write in Battery Full Capacity node prior to Firmware up ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-49408 (Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-49407 (Improper access control in Samsung Flow prior to version 4.9.15.7 allo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-49406 (Improper validation of integrity check value in Blockchain Keystore pr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-49405 (Improper authentication in Private Info in Samsung Pass in prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-49404 (Improper Access Control in Samsung Video Player prior to versions 7.3. ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-49403 (Improper access control in Samsung Voice Recorder prior to version 21. ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-49402 (Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-49401 (Improper input validation in Settings Suggestions prior to SMR Nov-202 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-48746 (An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a r ...)
-	TODO: check
+	NOT-FOR-US: Lens Visual integration with Power BI
 CVE-2024-48176 (Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is ...)
-	TODO: check
+	NOT-FOR-US: Lylme Spage
 CVE-2024-47464 (An authenticated Path Traversal vulnerability exists in Instant AOS-8  ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-47463 (An arbitrary file creation vulnerability exists in the Instant AOS-8 a ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-47462 (An arbitrary file creation vulnerability exists in the Instant AOS-8 a ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-47461 (An authenticated command injection vulnerability exists in the Instant ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-47460 (Command injection vulnerability in the underlying CLI service could le ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-42509 (Command injection vulnerability in the underlying CLI service could le ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-34682 (Improper authorization in Settings prior to SMR Nov-2024 Release 1 all ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34681 (Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Re ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34680 (Use of implicit intent for sensitive communication in WlanTest prior t ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34679 (Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34678 (Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Relea ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34677 (Exposure of sensitive information in System UI prior to SMR Nov-2024 R ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34676 (Out-of-bounds write in parsing subtitle file in libsubextractor.so pri ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34675 (Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 al ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34674 (Improper access control in Contacts prior to SMR Nov-2024 Release 1 al ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-34673 (Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-202 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-10647 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10543 (The Tumult Hype Animations plugin for WordPress is vulnerable to unaut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10535 (The Video Gallery for WooCommerce plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10084 (The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10028 (The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10020 (The Heateor Social Login WordPress plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10826
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -592,7 +592,7 @@ CVE-2024-48059 (gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulner
 CVE-2024-48057 (localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When cal ...)
 	NOT-FOR-US: localai
 CVE-2024-48052 (In gradio <=4.42.0, the gr.DownloadButton function has a hidden server ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2024-48050 (In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_u ...)
 	TODO: check
 CVE-2024-47797 (in OpenHarmony v4.1.0 and prior versions allow a local attacker cause  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ee7579eee38b7ad6c747e78144a1376f54e4cdd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ee7579eee38b7ad6c747e78144a1376f54e4cdd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241106/f13709c9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list