[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 13 10:33:40 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
baee9563 by Salvatore Bonaccorso at 2024-11-13T11:33:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -135,59 +135,59 @@ CVE-2024-11110 (Inappropriate implementation in Extensions in Google Chrome prio
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-10887 (The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10882 (The Product Delivery Date for WooCommerce \u2013 Lite plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10877 (The AFI \u2013 The Easiest Integration Plugin plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10854 (The Buy one click WooCommerce plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10853 (The Buy one click WooCommerce plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10852 (The Buy one click WooCommerce plugin for WordPress is vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10851 (The Razorpay Payment Button Plugin plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10850 (The Razorpay Payment Button Elementor Plugin plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10828 (The Advanced Order Export For WooCommerce plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10820 (The WooCommerce Upload Files plugin for WordPress is vulnerable to arb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10816 (The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10802 (The Hash Elements plugin for WordPress is vulnerable to unauthorized a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10800 (The WordPress User Extra Fields plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10794 (The Boostify Header Footer Builder for Elementor plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10778 (The BuddyPress Builder for Elementor \u2013 BuddyBuilder plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10717 (The Styler for Ninja Forms plugin for WordPress is vulnerable to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10686 (The Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10684 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10629 (The GPX Viewer plugin for WordPress is vulnerable to arbitrary file cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10593 (The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Form ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10577 (The \u80d6\u9f20\u91c7\u96c6(Fat Rat Collect) \u5fae\u4fe1\u77e5\u4e4e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10575 (CWE-862: Missing Authorization vulnerability exists that could cause u ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-10531 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10530 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10529 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10174 (The WP Project Manager \u2013 Task, team, and project management plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10038 (The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4458 [ksmbd: fix wrong DataOffset validation of create context]
- linux 6.5.3-1
[bookworm] - linux 6.1.52-1
@@ -240,7 +240,7 @@ CVE-2024-52297 (Tolgee is an open-source localization platform. Tolgee 3.81.1 in
CVE-2024-52296 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised D ...)
TODO: check
CVE-2024-52010 (Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A ...)
- TODO: check
+ NOT-FOR-US: Zoraxy
CVE-2024-51750 (Element is a Matrix web client built using the Matrix React SDK. A mal ...)
TODO: check
CVE-2024-51749 (Element is a Matrix web client built using the Matrix React SDK. Versi ...)
@@ -707,25 +707,25 @@ CVE-2024-11122 (A vulnerability, which was classified as critical, has been foun
CVE-2024-11121 (A vulnerability classified as critical was found in \u4e0a\u6d77\u7075 ...)
NOT-FOR-US: Lingdang CRM
CVE-2024-11007 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11006 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11005 (Command injection in Ivanti Connect Secure before version 22.7R2.1 and ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11004 (Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Iva ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-10971 (Improper access control in the Password History feature in Devolutions ...)
- TODO: check
+ NOT-FOR-US: Devolutions DVLS
CVE-2024-10945 (A Local Privilege Escalation vulnerability exists in the affected prod ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-10944 (A Remote Code Execution vulnerability exists in the affected product. ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-10943 (An authentication bypass vulnerability exists in the affected product. ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-10923 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-10245 (The Relais 2FA plugin for WordPress is vulnerable to authentication by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10218 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),monito ...)
TODO: check
CVE-2024-10217 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),monito ...)
@@ -733,13 +733,13 @@ CVE-2024-10217 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),
CVE-2023-52268 (The End-User Portal module before 1.0.65 for FreeScout sometimes allow ...)
TODO: check
CVE-2023-50176 (A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-47543 (An authorization bypass through user-controlled key vulnerability [CWE ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-44255 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-32736 (A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All vers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-49369 (Icinga is a monitoring system which checks the availability of network ...)
- icinga2 2.14.3-1 (bug #1087384)
NOTE: https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3/
@@ -863,7 +863,7 @@ CVE-2024-48837 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 1
CVE-2024-48322 (UsersController.php in Run.codes 1.5.2 and older has a reset password ...)
TODO: check
CVE-2024-47799 (Exposure of sensitive system information to an unauthorized control sp ...)
- TODO: check
+ NOT-FOR-US: Mesh Wi-Fi router RP562B firmware
CVE-2024-47595 (An attacker who gains local membership to sapsys group could replace l ...)
NOT-FOR-US: SAP
CVE-2024-47593 (SAP NetWeaver Application Server ABAP allows an unauthenticated attack ...)
@@ -891,7 +891,7 @@ CVE-2024-46963 (The com.superfast.video.downloader (aka Super Unlimited Video Do
CVE-2024-46962 (The SYQ com.downloader.video.fast (aka Master Video Downloader) applic ...)
NOT-FOR-US: SYQ com.downloader.video.fast (aka Master Video Downloader) application
CVE-2024-45827 (Improper neutralization of special elements used in an OS command ('OS ...)
- TODO: check
+ NOT-FOR-US: Mesh Wi-Fi router RP562B firmware
CVE-2024-45088 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site ...)
NOT-FOR-US: IBM
CVE-2024-45087 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
@@ -933,63 +933,63 @@ CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection vul
CVE-2024-25254 (SuperScan v4.1 was discovered to contain a buffer overflow via the Hos ...)
TODO: check
CVE-2024-25253 (Driver Booster v10.6 was discovered to contain a buffer overflow via t ...)
- TODO: check
+ NOT-FOR-US: Driver Booster
CVE-2024-23983 (Improper handling of canonical URL-encoding may lead to bypass not pro ...)
- TODO: check
+ NOT-FOR-US: PingIdentity
CVE-2024-11102 (A vulnerability was found in SourceCodester Hospital Management System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Hospital Management System
CVE-2024-11101 (A vulnerability was found in 1000 Projects Beauty Parlour Management S ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Beauty Parlour Management System
CVE-2024-11100 (A vulnerability was found in 1000 Projects Beauty Parlour Management S ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Beauty Parlour Management System
CVE-2024-11099 (A vulnerability was found in code-projects Job Recruitment 1.0 and cla ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2024-11097 (A vulnerability has been found in SourceCodester Student Record Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Student Record Management System
CVE-2024-11096 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Task Manager
CVE-2024-11078 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2024-11077 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2024-11076 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2024-11074 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2024-11073 (A vulnerability classified as problematic has been found in SourceCode ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Hospital Management System
CVE-2024-11070 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Sanluan PublicCMS
CVE-2024-11068 (The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vuln ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-11067 (The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-10917 (In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLe ...)
TODO: check
CVE-2024-10790 (The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10695 (The Futurio Extra plugin for WordPress is vulnerable to Information Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10694
REJECTED
CVE-2024-10685 (The Contact Form 7 Redirect & Thank You Page plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10672 (The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10538 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10345 (In Helix Core versions prior to 2024.2, an unauthenticated remote Deni ...)
- TODO: check
+ NOT-FOR-US: Helix Core
CVE-2024-10344 (In Helix Core versions prior to 2024.2, an unauthenticated remote Deni ...)
- TODO: check
+ NOT-FOR-US: Helix Core
CVE-2024-10323 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10315 (In Gliffy Online an insecure configuration was discovered in versions ...)
- TODO: check
+ NOT-FOR-US: Gliffy Online
CVE-2024-10314 (In Helix Core versions prior to 2024.2, an unauthenticated remote Deni ...)
- TODO: check
+ NOT-FOR-US: Helix Core
CVE-2024-10179 (The Slickstream: Engagement and Conversions plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49395 (In mutt and neomutt, PGP encryption does not use the --hidden-recipien ...)
- mutt <unfixed>
[bookworm] - mutt <no-dsa> (Minor issue)
@@ -284228,7 +284228,7 @@ CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version
CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
NOT-FOR-US: Tenda routers
CVE-2021-27704 (Appspace 6.2.4 is affected by Incorrect Access Control via the Appspac ...)
- TODO: check
+ NOT-FOR-US: Appspace
CVE-2021-27703 (Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scri ...)
TODO: check
CVE-2021-27702 (Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Acce ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baee95636e86c0649d2ca887a2178df706095165
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baee95636e86c0649d2ca887a2178df706095165
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241113/fd20670e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list