[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 13 08:37:15 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eff72ad0 by Salvatore Bonaccorso at 2024-11-13T09:36:53+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,99 +1,99 @@
CVE-2024-9614 (The Constant Contact Forms by MailMunch plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9578 (The Hide Links plugin for WordPress is vulnerable to unauthorized shor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9426 (The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9409 (CWE-400: An Uncontrolled Resource Consumption vulnerability exists tha ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8985 (The Social Proof (Testimonial) Slider plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8938 (CWE-119: Improper Restriction of Operations within the Bounds of a Mem ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8937 (CWE-119: Improper Restriction of Operations within the Bounds of a Mem ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8936 (CWE-20: Improper Input Validation vulnerability exists that could lead ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8935 (CWE-290: Authentication Bypass by Spoofing vulnerability exists that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8933 (CWE-924: Improper Enforcement of Message Integrity During Transmission ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8874 (The AJAX Login and Registration modal popup + inline form plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-52268 (Cross-site scripting vulnerability exists in VK All in One Expansion U ...)
- TODO: check
+ NOT-FOR-US: VK All in One Expansion Unit
CVE-2024-51179 (An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denia ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to ...)
TODO: check
CVE-2024-51093 (Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remot ...)
TODO: check
CVE-2024-49512 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49511 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49510 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49509 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49508 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49507 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-48075 (A Heap buffer overflow in the server-site handshake implementation in ...)
- TODO: check
+ NOT-FOR-US: SharkSSL
CVE-2024-39712 (Argument injection in Ivanti Connect Secure before version 22.7R2.1 an ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-39711 (Argument injection in Ivanti Connect Secure before version 22.7R2.1 an ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-39710 (Argument injection in Ivanti Connect Secure before version 22.7R2 and ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-39709 (Incorrect file permissions in Ivanti Connect Secure before version 22. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38656 (Argument injection in Ivanti Connect Secure before version 22.7R2.2 an ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38655 (Argument injection in Ivanti Connect Secure before version 22.7R2.1 an ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38654 (Improper bounds checking in Ivanti Secure Access Client before version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38649 (An out-of-bounds write in IPsec of Ivanti Connect Secure before versio ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37400 (An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37398 (Insufficient validation in Ivanti Secure Access Client before 22.7R4 a ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37376 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34787 (Path traversal in Ivanti Endpoint Manager before 2024 November Securit ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34784 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34782 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34781 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34780 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32847 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32844 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32841 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32839 (SQL injection in Ivanti Endpoint Manager before 2024 November Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29211 (A race condition in Ivanti Secure Access Client before version 22.7R4 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28731 (Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE Wit ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-28730 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-28729 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-28728 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-28726 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to Arbitrary C ...)
TODO: check
CVE-2024-21540 (All versions of the package source-map-support are vulnerable to Direc ...)
@@ -101,9 +101,9 @@ CVE-2024-21540 (All versions of the package source-map-support are vulnerable to
CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions improperly valida ...)
TODO: check
CVE-2024-11150 (The WordPress User Extra Fields plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11143 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11117 (Inappropriate implementation in FileSystem in Google Chrome prior to 1 ...)
TODO: check
CVE-2024-11116 (Inappropriate implementation in Blink in Google Chrome prior to 131.0. ...)
@@ -238,15 +238,15 @@ CVE-2024-51721 (A code injection vulnerability in the SecuSUITE Server Web Admin
CVE-2024-51720 (An insufficient entropy vulnerability in the SecuSUITE Secure Client A ...)
NOT-FOR-US: SecuSUITE
CVE-2024-51566 (The NVMe driver queue processing is vulernable to guest-induced infini ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-51565 (The hda driver is vulnerable to a buffer over-read from a guest-contro ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-51564 (A guest can trigger an infinite loop in the hda audio driver.)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-51563 (The virtio_vq_recordon function is subject to a time-of-check to time- ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-51562 (The NVMe driver function nvme_opc_get_log_page is vulnerable to a buff ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-50572 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
CVE-2024-50561 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6G ...)
@@ -511,7 +511,7 @@ CVE-2024-46889 (A vulnerability has been identified in SINEC INS (All versions <
CVE-2024-46888 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...)
NOT-FOR-US: Siemens
CVE-2024-45289 (The fetch(3) library uses environment variables for passing certain in ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-45147 (Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-b ...)
NOT-FOR-US: Adobe
CVE-2024-45114 (Illustrator versions 28.7.1 and earlier are affected by an out-of-boun ...)
@@ -603,7 +603,7 @@ CVE-2024-42442 (APTIOV contains a vulnerability in the BIOS where a user or atta
CVE-2024-40592 (An improper verification of cryptographic signature vulnerability [CWE ...)
NOT-FOR-US: FortiGuard
CVE-2024-39281 (The command ctl_persistent_reserve_out allows the caller to specify an ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-38264 (Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-38255 (SQL Server Native Client Remote Code Execution Vulnerability)
@@ -641,17 +641,17 @@ CVE-2024-31496 (A stack-based buffer overflow vulnerability [CWE-121] in Fortine
CVE-2024-30133 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control ...)
NOT-FOR-US: HCL
CVE-2024-2315 (APTIOV contains a vulnerability in BIOS where may cause Improper Acces ...)
- TODO: check
+ NOT-FOR-US: APTIOV
CVE-2024-2208 (Potential vulnerabilities have been identified in the audio package fo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-2207 (Potential vulnerabilities have been identified in the audio package fo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-29119 (A vulnerability has been identified in Spectrum Power 7 (All versions ...)
NOT-FOR-US: Siemens
CVE-2024-26011 (A missing authentication for critical function in Fortinet FortiManage ...)
NOT-FOR-US: FortiGuard
CVE-2024-23666 (A client-side enforcement of server-side security in Fortinet FortiAna ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-21976 (Improper input validation in the NPU driver could allow an attacker to ...)
TODO: check
CVE-2024-21975 (Improper input validation in the NPU driver could allow an attacker to ...)
@@ -675,23 +675,23 @@ CVE-2024-21938 (Incorrect default permissions in the AMD Management Plugin for t
CVE-2024-21937 (Incorrect default permissions in the AMD HIP SDK installation director ...)
TODO: check
CVE-2024-11138 (A vulnerability classified as problematic has been found in DedeCMS 5. ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-11130 (A vulnerability was found in ZZCMS up to 2023. It has been rated as pr ...)
- TODO: check
+ NOT-FOR-US: ZZCMS
CVE-2024-11127 (A vulnerability was found in code-projects Job Recruitment up to 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2024-11126 (A vulnerability was found in Digistar AG-30 Plus 2.6b. It has been cla ...)
- TODO: check
+ NOT-FOR-US: Digistar AG-30 Plus
CVE-2024-11125 (A vulnerability was found in GetSimpleCMS 3.3.16 and classified as pro ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2024-11124 (A vulnerability has been found in TimGeyssens UIOMatic 5 and classifie ...)
- TODO: check
+ NOT-FOR-US: TimGeyssens
CVE-2024-11123 (A vulnerability, which was classified as problematic, was found in \u4 ...)
- TODO: check
+ NOT-FOR-US: Lingdang CRM
CVE-2024-11122 (A vulnerability, which was classified as critical, has been found in \ ...)
- TODO: check
+ NOT-FOR-US: Lingdang CRM
CVE-2024-11121 (A vulnerability classified as critical was found in \u4e0a\u6d77\u7075 ...)
- TODO: check
+ NOT-FOR-US: Lingdang CRM
CVE-2024-11007 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...)
TODO: check
CVE-2024-11006 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eff72ad0a65960f5b92f638e3bbe5d80b97298cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eff72ad0a65960f5b92f638e3bbe5d80b97298cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241113/9102e53a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list