[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 9 08:37:27 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b546f8a by Salvatore Bonaccorso at 2024-11-09T09:35:51+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2024-9874 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9775 (The Anih - Creative Agency WordPress Theme theme for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9270 (The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9262 (The User Meta \u2013 User Profile Builder and User management plugin p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9226 (The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squee ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8960 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8756 (The Quform - WordPress Form Builder plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-52314 (A data.all admin team member who has access to the customer-owned AWS ...)
TODO: check
CVE-2024-52313 (An authenticated data.all user is able to manipulate a getDataset quer ...)
@@ -21,47 +21,47 @@ CVE-2024-52312 (Due to inconsistent authorization permissions, data.all may allo
CVE-2024-52311 (Authentication tokens issued via Cognito in data.all are not invalidat ...)
TODO: check
CVE-2024-52009 (Atlantis is a self-hosted golang application that listens for Terrafor ...)
- TODO: check
+ NOT-FOR-US: Atlantis
CVE-2024-52007 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...)
- TODO: check
+ NOT-FOR-US: HAPI FHIR
CVE-2024-52004 (MediaCMS is an open source video and media CMS, written in Python/Djan ...)
- TODO: check
+ NOT-FOR-US: MediaCMS
CVE-2024-52002 (Combodo iTop is a simple, web based IT Service Management tool. Severa ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2024-52001 (Combodo iTop is a simple, web based IT Service Management tool. In aff ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2024-52000 (Combodo iTop is a simple, web based IT Service Management tool. Affect ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2024-51157 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-50809 (The theme.php file in SDCMS 2.8 has a command execution vulnerability ...)
- TODO: check
+ NOT-FOR-US: SDCMS
CVE-2024-50808 (SeaCms 13.1 is vulnerable to code injection in the notification module ...)
- TODO: check
+ NOT-FOR-US: SeaCms
CVE-2024-48073 (sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permiss ...)
- TODO: check
+ NOT-FOR-US: sunniwell HT3300
CVE-2024-35427 (vmir e8117 was discovered to contain a segmentation violation via the ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35426 (vmir e8117 was discovered to contain a stack overflow via the init_loc ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35425 (vmir e8117 was discovered to contain a segmentation violation via the ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35424 (vmir e8117 was discovered to contain a segmentation violation via the ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35423 (vmir e8117 was discovered to contain a heap buffer overflow via the wa ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35422 (vmir e8117 was discovered to contain a heap buffer overflow via the wa ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35421 (vmir e8117 was discovered to contain a segmentation violation via the ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35420 (wac commit 385e1 was discovered to contain a heap overflow.)
- TODO: check
+ NOT-FOR-US: wac
CVE-2024-35419 (wac commit 385e1 was discovered to contain a heap overflow via the loa ...)
- TODO: check
+ NOT-FOR-US: wac
CVE-2024-35418 (wac commit 385e1 was discovered to contain a heap overflow via the set ...)
- TODO: check
+ NOT-FOR-US: wac
CVE-2024-35410 (wac commit 385e1 was discovered to contain a heap overflow via the int ...)
- TODO: check
+ NOT-FOR-US: wac
CVE-2024-27532 (wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is ...)
TODO: check
CVE-2024-27530 (wasm3 139076a contains a Use-After-Free in ForEachModule.)
@@ -73,61 +73,61 @@ CVE-2024-27528 (wasm3 139076a suffers from Invalid Memory Read, leading to DoS a
CVE-2024-27527 (wasm3 139076a is vulnerable to Denial of Service (DoS).)
TODO: check
CVE-2024-21994 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are ...)
- TODO: check
+ NOT-FOR-US: NetAPP
CVE-2024-11026 (A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on A ...)
- TODO: check
+ NOT-FOR-US: Intelligent Apps Freenow App
CVE-2024-10953 (An authenticated data.all user is able to perform mutating UPDATE oper ...)
TODO: check
CVE-2024-10876 (The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10871 (The Category Ajax Filter plugin for WordPress is vulnerable to Local F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10814 (The Code Embed plugin for WordPress is vulnerable to Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10801 (The WordPress User Extra Fields plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10779 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10770 (The Envo Extra plugin for WordPress is vulnerable to Information Expos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10693 (The SKT Addons for Elementor plugin for WordPress is vulnerable to Inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10688 (The Attesa Extra plugin for WordPress is vulnerable to Information Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10683 (The Contact Form 7 \u2013 PayPal & Stripe Add-on plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10674 (The Th Shop Mania theme for WordPress is vulnerable to unauthorized ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10673 (The Top Store theme for WordPress is vulnerable to unauthorized arbitr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10669 (The Countdown Timer block \u2013 Display the event's date into a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10667 (The Content Slider Block plugin for WordPress is vulnerable to Informa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10627 (The WooCommerce Support Ticket System plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10626 (The WooCommerce Support Ticket System plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10625 (The WooCommerce Support Ticket System plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10589 (The Leopard - WordPress Offload Media plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10588 (The Debug Tool plugin for WordPress is vulnerable to unauthorized acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10586 (The Debug Tool plugin for WordPress is vulnerable to arbitrary file cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10547 (The WP Membership plugin for WordPress is vulnerable to arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10508 (The RegistrationMagic \u2013 User Registration Plugin with Custom Regi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10470 (The WPLMS Learning Management System for WordPress, WordPress LMS them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10294 (The CE21 Suite plugin for WordPress is vulnerable to unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10285 (The CE21 Suite plugin for WordPress is vulnerable to sensitive informa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10284 (The CE21 Suite plugin for WordPress is vulnerable to authentication by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10973
NOT-FOR-US: Keycloak
CVE-2024-9841 (A Reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
@@ -149,51 +149,51 @@ CVE-2024-51030 (A SQL injection vulnerability in manage_client.php and view_cab.
CVE-2024-50966 (dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forg ...)
NOT-FOR-US: dingfanzu CMS
CVE-2024-50811 (hopetree izone lts c011b48 contains a server-side request forgery (SSR ...)
- TODO: check
+ NOT-FOR-US: hopetree izone
CVE-2024-50810 (hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulne ...)
- TODO: check
+ NOT-FOR-US: hopetree izone
CVE-2024-50634 (A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allo ...)
TODO: check
CVE-2024-50593 (An attacker with local access to the medical office computer can acce ...)
- TODO: check
+ NOT-FOR-US: Elefant Service tool
CVE-2024-50592 (An attacker with local access the to medical office computer can esca ...)
- TODO: check
+ NOT-FOR-US: Elefant Update Service
CVE-2024-50591 (An attacker with local access the to medical office computer can esca ...)
- TODO: check
+ NOT-FOR-US: Elefant Update Service
CVE-2024-50590 (Attackers with local access to the medical office computer can escala ...)
- TODO: check
+ NOT-FOR-US: Elefant Update Service
CVE-2024-50589 (An unauthenticated attacker with access to the local network of the m ...)
- TODO: check
+ NOT-FOR-US: Fast Healthcare Interoperability Resources (FHIR) API
CVE-2024-50588 (An unauthenticated attacker with access to the local network of the m ...)
- TODO: check
+ NOT-FOR-US: Elefant Firebird database
CVE-2024-50378 (Airflow versions before 2.10.3 have a vulnerability that allows authen ...)
TODO: check
CVE-2024-47190 (Northern.tech Hosted Mender before 2024.07.11 allows SSRF.)
- TODO: check
+ NOT-FOR-US: Northern.tech Hosted Mender
CVE-2024-46948 (Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2024-46947 (Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2024-45765 (Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-45764 (Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missin ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-45763 (Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-44765 (An Improper Authorization (Access Control Misconfiguration) vulnerabil ...)
- TODO: check
+ NOT-FOR-US: MGT-COMMERCE
CVE-2024-40240 (An incorrect access control issue in HomeServe Home Repair' android ap ...)
- TODO: check
+ NOT-FOR-US: HomeServe Home Repair Android app
CVE-2024-40239 (An incorrect access control issue in Life: Personal Diary, Journal and ...)
- TODO: check
+ NOT-FOR-US: Life: Personal Diary, Journal android app
CVE-2024-25431 (An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and f ...)
TODO: check
CVE-2024-10839 (Zohocorp ManageEngine SharePoint Manager Plus versions4503 and prior a ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2024-10325 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10187 (The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8810 (A GitHub App installed in organizations could upgrade some permissions ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2024-8424 (Improper Privilege Management vulnerability in WatchGuard EPDR, Panda ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b546f8a6f2f72dce3d45528c11bef89a415e24b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b546f8a6f2f72dce3d45528c11bef89a415e24b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241109/d79385fd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list