[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 16 20:32:46 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8dd4aae by Salvatore Bonaccorso at 2024-11-16T21:31:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,69 +25,69 @@ CVE-2024-8856 (The Backup and Staging by WP Time Capsule plugin for WordPress is
CVE-2024-6628 (The EleForms \u2013 All In One Form Integration including DB for Eleme ...)
NOT-FOR-US: WordPress plugin
CVE-2024-51765 (A security vulnerability has been identified in HPE Cray Data Virtuali ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51764 (A security vulnerability has been identified in HPE Data Management Fr ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-50983 (FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, wh ...)
- TODO: check
+ NOT-FOR-US: FlightPath
CVE-2024-49592 (McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2024-49060 (Azure Stack HCI Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-45611 (GLPI is an open-source asset and IT management software package that p ...)
TODO: check
CVE-2024-45610 (GLPI is an open-source asset and IT management software package that p ...)
TODO: check
CVE-2024-44758 (An arbitrary file upload vulnerability in the component /Production/Up ...)
- TODO: check
+ NOT-FOR-US: NUS-M9 ERP Management Software
CVE-2024-38370 (GLPI is a free asset and IT management software package. Starting in 9 ...)
TODO: check
CVE-2024-11263 (When the Global Pointer (GP) relative addressing is enabled (CONFIG_RI ...)
TODO: check
CVE-2024-11262 (A vulnerability has been found in SourceCodester Student Record Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Student Record Management System
CVE-2024-11261 (A vulnerability, which was classified as critical, was found in Source ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Student Record Management System
CVE-2024-11217 (A vulnerability was found in the OAuth-server. OAuth-server logs the O ...)
TODO: check
CVE-2024-11118 (The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11094 (The 404 Solution plugin for WordPress is vulnerable to Sensitive Infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11092 (The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11085 (The WP Log Viewer plugin for WordPress is vulnerable to unauthorized u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10884 (The SimpleForm Contact Form Submissions plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10883 (The SimpleForm \u2013 Contact form made simple plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10875 (The Gallery Manager plugin for WordPress is vulnerable to Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10861 (The Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Pop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10795 (The Popularis Extra plugin for WordPress is vulnerable to Information ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10786 (The Simple Local Avatars plugin for WordPress is vulnerable to unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10728 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10645 (The Blogger 301 Redirect plugin for WordPress is vulnerable to blind t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10614 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10592 (The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10533 (The WP Chat App plugin for WordPress is vulnerable to unauthorized plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10262 (The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10147 (The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10017 (The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10015 (The ConvertCalculator for WordPress plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-41151
NOT-FOR-US: Apache HertzBeat
CVE-2024-45791
@@ -322,65 +322,65 @@ CVE-2024-24453 (An invalid memory access when handling the ProtocolIE_ID field o
CVE-2024-24452 (An invalid memory access when handling the ProtocolIE_ID field of E-RA ...)
TODO: check
CVE-2024-24450 (Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_reso ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24449 (An uninitialized pointer dereference in the NasPdu::NasPdu component o ...)
TODO: check
CVE-2024-24447 (A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_re ...)
TODO: check
CVE-2024-24446 (An uninitialized pointer dereference in OpenAirInterface CN5G AMF up t ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface CN5G AMF
CVE-2024-24431 (A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2 ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24426 (Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of Ope ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface Magma
CVE-2024-24425 (Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface Magma
CVE-2024-23169 (The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripti ...)
- TODO: check
+ NOT-FOR-US: RSA NetWitness
CVE-2024-20373 (A vulnerability in the implementation of the Simple Network Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-1240 (An open redirection vulnerability exists in pyload/pyload version 0.5. ...)
TODO: check
CVE-2024-1097 (A stored cross-site scripting (XSS) vulnerability exists in craigk5n/w ...)
TODO: check
CVE-2024-11259 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: code-projects Farmacia
CVE-2024-11258 (A vulnerability classified as critical was found in 1000 Projects Beau ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Beauty Parlour Management System
CVE-2024-11257 (A vulnerability classified as critical has been found in 1000 Projects ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Beauty Parlour Management System
CVE-2024-11256 (A vulnerability was found in 1000 Projects Portfolio Management System ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Portfolio Management System MCA
CVE-2024-11251 (A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has ...)
- TODO: check
+ NOT-FOR-US: erzhongxmu Jeewms
CVE-2024-11250 (A vulnerability was found in code-projects Inventory Management up to ...)
- TODO: check
+ NOT-FOR-US: code-projects Inventory Management
CVE-2024-11248 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-11247 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Eyewear Shop
CVE-2024-11246 (A vulnerability, which was classified as problematic, was found in cod ...)
- TODO: check
+ NOT-FOR-US: code-projects Farmacia
CVE-2024-11245 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Farmacia
CVE-2024-11244 (A vulnerability classified as critical was found in code-projects Farm ...)
- TODO: check
+ NOT-FOR-US: code-projects Farmacia
CVE-2024-11243 (A vulnerability classified as problematic has been found in code-proje ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Shop Store
CVE-2024-11242 (A vulnerability was found in ZZCMS 2023. It has been rated as critical ...)
- TODO: check
+ NOT-FOR-US: ZZCMS
CVE-2024-11241 (A vulnerability was found in code-projects Job Recruitment 1.0. It has ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2024-11240 (A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and clas ...)
- TODO: check
+ NOT-FOR-US: IBPhoenix ibWebAdmin
CVE-2024-11239 (A vulnerability has been found in Landray EKP up to 16.0 and classifie ...)
- TODO: check
+ NOT-FOR-US: Landray EKP
CVE-2024-11238 (A vulnerability, which was classified as critical, was found in Landra ...)
- TODO: check
+ NOT-FOR-US: Landray EKP
CVE-2024-11237 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-11182 (An XSS issue was discovered in MDaemon Email Server before version24 ...)
- TODO: check
+ NOT-FOR-US: MDaemon
CVE-2024-10934 (In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, a ...)
TODO: check
CVE-2024-10691
@@ -388,11 +388,11 @@ CVE-2024-10691
CVE-2024-10534 (Origin Validation Error vulnerability in Dataprom Informatics Personne ...)
TODO: check
CVE-2024-10443 (Improper neutralization of special elements used in a command ('Comman ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-10311 (The External Database Based Actions plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0875 (A stored cross-site scripting (XSS) vulnerability exists in openemr/op ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2024-0787 (phpIPAM version 1.5.1 contains a vulnerability where an attacker can b ...)
TODO: check
CVE-2023-4679 (A use after free vulnerability exists in GPAC version 2.3-DEV-revrelea ...)
@@ -450,7 +450,7 @@ CVE-2024-48967 (The ventilator and the Service PC lack sufficient audit logging
CVE-2024-48966 (The software tools used by service personnel to test & calibrate the v ...)
NOT-FOR-US: Life2000 Ventilation System
CVE-2024-42499 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: FitNesse
CVE-2024-41217 (A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02- ...)
- tsmuxer <itp> (bug #761820)
CVE-2024-41209 (A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01- ...)
@@ -468,21 +468,21 @@ CVE-2024-31695 (A misconfiguration in the fingerprint authentication mechanism o
CVE-2024-11120 (Certain EOL GeoVision devices have an OS Command Injection vulnerabili ...)
TODO: check
CVE-2024-10924 (The Really Simple Security (Free, Pro, and Pro Multisite) plugins for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10897 (The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10825 (The Hide My WP Ghost \u2013 Security & Firewall plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10793 (The WP Activity Log plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10582 (The Music Player for Elementor \u2013 Audio Player & Podcast Player pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10260 (The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10113 (The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10104 (The Jobs for WordPress plugin before 2.7.8 does not sanitise and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9693 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
- gitlab <unfixed>
CVE-2024-9633 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8dd4aaec91891e1940ce5b27bbd82c1e76c1816
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8dd4aaec91891e1940ce5b27bbd82c1e76c1816
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241116/8ee85a9e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list