[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 20 06:02:31 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25233dfe by Salvatore Bonaccorso at 2024-11-20T07:02:08+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -212,7 +212,7 @@ CVE-2024-52675 (SourceCodester Sentiment Based Movie Rating System 1.0 is vulner
CVE-2024-52600 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
TODO: check
CVE-2024-52582 (Cachi2 is a command-line interface tool that pre-fetches a project's d ...)
- TODO: check
+ NOT-FOR-US: Cachi2
CVE-2024-52421 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Win ...)
NOT-FOR-US: WordPress plugin
CVE-2024-52420 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Dis ...)
@@ -554,73 +554,73 @@ CVE-2024-51617 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-51503 (A security agent manual scan command injection vulnerability in the Tr ...)
NOT-FOR-US: Trend Micro
CVE-2024-50803 (The mediapool feature of the Redaxo Core CMS application v 5.17.1 is v ...)
- TODO: check
+ NOT-FOR-US: Redaxo Core CMS
CVE-2024-50556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50552 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50549 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50547 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50546 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50540 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50535 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50534 (Cross-Site Request Forgery (CSRF) vulnerability in Syed Umair Hussain ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50533 (Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50532 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50522 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50519 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50517 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50516 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50515 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50514 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50513 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50430 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50417 (Missing Authorization vulnerability in BoldThemes Bold Page Builder al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50304 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.11.7-1
NOTE: https://git.kernel.org/linus/90e0569dd3d32f4f4d2ca691d3fa5a8a14a13c12 (6.12-rc6)
@@ -630,55 +630,55 @@ CVE-2024-50303 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b125a0def25a082ae944c9615208bf359abdb61c (6.12-rc6)
CVE-2024-49697 (Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49689 (Missing Authorization vulnerability in Harmonic Design HD Quiz \u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49680 (Missing Authorization vulnerability in Rextheme WP VR allows Exploitin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48694 (File Upload vulnerability in Xi'an Daxi Information technology OfficeW ...)
- TODO: check
+ NOT-FOR-US: Xi'an Daxi Information technology OfficeWeb365
CVE-2024-48072 (Weaver Ecology v9.* was discovered to contain a SQL injection vulnerab ...)
- TODO: check
+ NOT-FOR-US: Weaver Ecology
CVE-2024-48071 (An issue in the component /importmould/deletefolder of Weaver Ecology ...)
- TODO: check
+ NOT-FOR-US: Weaver Ecology
CVE-2024-48070 (Weaver Ecology v9* was discovered to contain a SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Weaver Ecology
CVE-2024-48069 (A remote code execution (RCE) vulnerability in the component /inventor ...)
- TODO: check
+ NOT-FOR-US: Weaver Ecology
CVE-2024-45422 (Improper input validation in some Zoom Apps before version 6.2.0 may a ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-45420 (Uncontrolled resource consumption in some Zoom Apps before version 6.2 ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-45419 (Improper input validation in some Zoom Apps may allow an unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-43338 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-42450 (The Versa Director uses PostgreSQL (Postgres) to store operational and ...)
- TODO: check
+ NOT-FOR-US: Versa Director
CVE-2024-37070 (IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an a ...)
NOT-FOR-US: IBM
CVE-2024-31141 (Files or Directories Accessible to External Parties, Improper Privileg ...)
TODO: check
CVE-2024-21697 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
- TODO: check
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2024-11395 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a ...)
TODO: check
CVE-2024-11224 (The Parallax Image plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11198 (The GD Rating System plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11195 (The Email Subscription Popup plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11194 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11075 (A vulnerability in the Incoming Goods Suite allows a user with unprivi ...)
TODO: check
CVE-2024-11038 (The The WPB Popup for Contact Form 7 \u2013 Showing The Contact Form 7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11036 (The The GamiPress \u2013 The #1 gamification plugin to reward points, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10204 (Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: SOLIDWORKS
CVE-2024-48990 (Qualys discovered that needrestart, before version 3.8, allows local a ...)
{DSA-5815-1 DLA-3957-1}
- needrestart 3.7-3.1
@@ -156271,7 +156271,7 @@ CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2022-47425
RESERVED
CVE-2022-47424 (Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47422 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept St ...)
@@ -164998,7 +164998,7 @@ CVE-2023-21272 (In readFrom of Uri.java, there is a possible bad URI permission
CVE-2023-21271 (In parseInputs of ShimPreparedModel.cpp, there is a possible out of bo ...)
NOT-FOR-US: Android
CVE-2023-21270 (In restorePermissionState of PermissionManagerServiceImpl.java, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21269 (In startActivityInner of ActivityStarter.java, there is a possible way ...)
NOT-FOR-US: Android
CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change direc ...)
@@ -254640,11 +254640,11 @@ CVE-2021-3743 (An out-of-bounds (OOB) memory read flaw was found in the Qualcomm
NOTE: https://lists.openwall.net/netdev/2021/08/17/124
NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117
CVE-2021-3742 (A Server-Side Request Forgery (SSRF) vulnerability was discovered in c ...)
- TODO: check
+ NOT-FOR-US: chatwoot/chatwoot
CVE-2021-3741 (A stored cross-site scripting (XSS) vulnerability was discovered in ch ...)
- TODO: check
+ NOT-FOR-US: chatwoot/chatwoot
CVE-2021-3740 (A Session Fixation vulnerability exists in chatwoot/chatwoot versions ...)
- TODO: check
+ NOT-FOR-US: chatwoot/chatwoot
CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...)
NOT-FOR-US: EmTec ZOC
CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...)
@@ -472722,7 +472722,7 @@ CVE-2018-9410
RESERVED
NOT-FOR-US: Android
CVE-2018-9409 (In HWCSession::SetColorModeById of hwc_session.cpp, there is a possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9408
RESERVED
CVE-2018-9407
@@ -472801,24 +472801,24 @@ CVE-2018-9374
CVE-2018-9373
RESERVED
CVE-2018-9372 (In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9371 (In the Mediatek Preloader, there are out of bounds reads and writes du ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9370 (In download.c there is a special mode allowing user to download data i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9369 (In bootloader there is fastboot command allowing user specified kernel ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9368 (In mtkscoaudio debugfs there is a possible arbitrary kernel memory wri ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9367 (In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9366 (In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTele ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9365
RESERVED
NOT-FOR-US: Android
CVE-2018-9364 (In the LG LAF component, there is a special command that allowed modif ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9363 (In the hidp_process_report in bluetooth, there is an integer overflow. ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.15-1
@@ -511684,7 +511684,7 @@ CVE-2017-13316
RESERVED
NOT-FOR-US: Android
CVE-2017-13315 (In writeToParcel and createFromParcel of DcParamObject.java, there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-13314 (In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a ...)
NOT-FOR-US: Android
CVE-2017-13313 (In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25233dfe5b78a9b10b8ca3f7fe6f73c195adbb73
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25233dfe5b78a9b10b8ca3f7fe6f73c195adbb73
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241120/9e8fa13b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list