[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Nov 29 09:21:16 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f25390e by Moritz Muehlenhoff at 2024-11-29T10:20:57+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,45 +13,45 @@ CVE-2024-54123 (Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS v
 CVE-2024-53701 (Multiple FCNT Android devices provide the original security features s ...)
 	NOT-FOR-US: FCNT Android devices
 CVE-2024-45495 (MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSoc ...)
-	TODO: check
+	NOT-FOR-US: MSA FieldServer Gateway
 CVE-2024-39162 (pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability o ...)
-	TODO: check
+	NOT-FOR-US: pyspider
 CVE-2024-35451 (LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favico ...)
-	TODO: check
+	NOT-FOR-US: LinkStack
 CVE-2024-11983 (Certain models of routers from Billion Electric has an OS Command Inje ...)
-	TODO: check
+	NOT-FOR-US: Billion Electric routers
 CVE-2024-11982 (Certain models of routers from Billion Electric has a Plaintext Storag ...)
-	TODO: check
+	NOT-FOR-US: Billion Electric routers
 CVE-2024-11981 (Certain models of routers from Billion Electric has an Authentication  ...)
-	TODO: check
+	NOT-FOR-US: Billion Electric routers
 CVE-2024-11980 (Certain modes of routers from Billion Electric have a Missing Authenti ...)
-	TODO: check
+	NOT-FOR-US: Billion Electric routers
 CVE-2024-11979 (DreamMaker from Interinfo has a Path Traversal vulnerability and does  ...)
-	TODO: check
+	NOT-FOR-US: DreamMaker
 CVE-2024-11978 (DreamMaker from Interinfo has a Path Traversal vulnerability, allowing ...)
-	TODO: check
+	NOT-FOR-US: DreamMaker
 CVE-2024-11971 (A vulnerability classified as problematic was found in Guizhou Xiaoma  ...)
-	TODO: check
+	NOT-FOR-US: Guizhou Xiaoma Technology
 CVE-2024-11970 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects Concert Ticket Ordering System
 CVE-2024-11482 (A vulnerability in ESM 11.6.10 allows unauthenticated access to the in ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2024-11481 (A vulnerability in ESM 11.6.10 allows unauthenticated access to the in ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2024-11014 (Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNI ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2024-11013 (Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ve ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2024-10980 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10704 (The Photo Gallery by 10Web  WordPress plugin before 1.8.31 does not sa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9669 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8672 (The Widget Options \u2013 The #1 WordPress Widget & Block Control Plug ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8308 (A low privileged remote attacker can insert a SQL injection inthe web  ...)
-	TODO: check
+	NOT-FOR-US: UmweltOffice
 CVE-2024-8066 (The File Manager Pro \u2013 Filester plugin for WordPress is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7747 (The Wallet for WooCommerce plugin for WordPress is vulnerable to incor ...)
@@ -89,75 +89,75 @@ CVE-2024-52475 (Authentication Bypass Using an Alternate Path or Channel vulnera
 CVE-2024-52474 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-52338 (Deserialization of untrusted data in IPC and Parquet readers in the Ap ...)
-	TODO: check
+	NOT-FOR-US: Apache Arrow R package
 CVE-2024-52283 (Missing sanitation of inputs allowed arbitrary users to conduct a stor ...)
-	TODO: check
+	NOT-FOR-US: SuSE hackweek
 CVE-2024-49503 (A Improper Neutralization of Input During Web Page Generation (XSS or  ...)
-	TODO: check
+	NOT-FOR-US: SUSE manager
 CVE-2024-49502 (A Improper Neutralization of Input During Web Page Generation (XSS or  ...)
-	TODO: check
+	NOT-FOR-US: SUSE manager
 CVE-2024-22038 (Various problems in obs-scm-bridge allows attackers that create specia ...)
-	TODO: check
+	NOT-FOR-US: obs-scm-bridge
 CVE-2024-22037 (The uyuni-server-attestation systemd service needs a database_password ...)
-	TODO: check
+	NOT-FOR-US: SUSE manager
 CVE-2024-11969 (The NetCloud Exchange client for Windows, version 1.110.50, contains a ...)
-	TODO: check
+	NOT-FOR-US: NetCloud Exchange
 CVE-2024-11968 (A vulnerability was found in code-projects Farmacia up to 1.0. It has  ...)
-	TODO: check
+	NOT-FOR-US: code-projects Farmacia
 CVE-2024-11967 (A vulnerability was found in PHPGurukul Complaint Management system 1. ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-11966 (A vulnerability was found in PHPGurukul Complaint Management system 1. ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-11965 (A vulnerability has been found in PHPGurukul Complaint Management syst ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-11964 (A vulnerability, which was classified as critical, was found in PHPGur ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-11963 (A vulnerability, which was classified as critical, has been found in c ...)
-	TODO: check
+	NOT-FOR-US: code-projects Responsive Hotel Site
 CVE-2024-11962 (A vulnerability classified as critical was found in code-projects Simp ...)
-	TODO: check
+	NOT-FOR-US: code-projects Simple Car Rental System
 CVE-2024-11961 (A vulnerability was found in Guangzhou Huayi Intelligent Technology Je ...)
-	TODO: check
+	NOT-FOR-US: Guangzhou Huayi Intelligent Technology
 CVE-2024-11960 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been decl ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-11959 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been clas ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-11788 (The StreamWeasels YouTube Integration plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11786 (The Login with Vipps and MobilePay plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11761 (The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11685 (The `Kudos Donations \u2013 Easy donations and payments with Mollie` p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11684 (The Kudos Donations \u2013 Easy donations and payments with Mollie plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11620 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11599 (Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2024-11458 (The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11431 (The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11402 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11366 (The SEO Landing Page Generator plugin for WordPress is vulnerable to R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11333 (The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11203 (The EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Doc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11103 (The Contest Gallery plugin for WordPress is vulnerable to privilege es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11082 (The Tumult Hype Animations plugin for WordPress is vulnerable to arbit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10798 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10780 (The Restaurant & Cafe Addon for Elementor plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10670 (The Primary Addon for Elementor plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52922 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.4.11-1
 	[bookworm] - linux 6.1.52-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f25390ef5e27413f9f8983785a95f1a98b1e084

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f25390ef5e27413f9f8983785a95f1a98b1e084
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241129/cfe23cc3/attachment.htm>

More information about the debian-security-tracker-commits mailing list