[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Oct 12 10:09:37 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
659bd61f by Moritz Muehlenhoff at 2024-10-12T11:09:19+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,215 +1,215 @@
CVE-2024-9860 (The Bridge Core plugin for WordPress is vulnerable to unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9824 (The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9821 (The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9778 (The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9776 (The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9756 (The Order Attachments for WooCommerce plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9704 (The Social Sharing (by Danny) plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9670 (The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9656 (The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9592 (The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9187 (The Read more By Adam plugin for WordPress is vulnerable to unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9047 (The WordPress File Upload plugin for WordPress is vulnerable to Path T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7489 (The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48938 (Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows ...)
TODO: check
CVE-2024-48937 (Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows ...)
TODO: check
CVE-2024-48788 (An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote att ...)
- TODO: check
+ NOT-FOR-US: YESCAM
CVE-2024-48772 (An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote att ...)
- TODO: check
+ NOT-FOR-US: C-CHIP
CVE-2024-46468 (A Server-Side Request Forgery (SSRF) vulnerability exists in the jpres ...)
- TODO: check
+ NOT-FOR-US: jpress
CVE-2024-45754 (An issue was discovered in the centreon-bi-server component in Centreo ...)
- TODO: check
+ NOT-FOR-US: Centreon BI Server
CVE-2024-45184 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-35522 (Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-35517 (Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_rem ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-9869
REJECTED
CVE-2024-9859 (Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 ...)
TODO: check
CVE-2024-9856 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. I ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-9855 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. I ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-9539 (An information disclosure vulnerability was identified in GitHub Enter ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2024-9538 (The ShopLentor plugin for WordPress is vulnerable to Sensitive Informa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9164 (An issue was discovered in GitLab EE affecting all versions starting f ...)
TODO: check
CVE-2024-9046 (A DLL hijack vulnerability was reported in Lenovo stARstudio that coul ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-9002 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8970 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-8913 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8912 (An HTTP Request Smuggling vulnerability in Looker allowed an unauthori ...)
- TODO: check
+ NOT-FOR-US: Looker
CVE-2024-8755 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-8531 (CWE-347: Improper Verification of Cryptographic Signature vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8530 (CWE-306: Missing Authentication for Critical Function vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8376 (In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve me ...)
TODO: check
CVE-2024-7514 (The WordPress Comments Import & Export plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6985 (A path traversal vulnerability exists in the api open_personality_fold ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-6971 (A path traversal vulnerability exists in the parisneo/lollms-webui rep ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-6657 (A denial of service may be caused to a single peripheral device in a B ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2024-5474 (A potential information disclosure vulnerability was reported in Lenov ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-5005 (An issue has been discovered discovered in GitLab EE/CE affecting all ...)
TODO: check
CVE-2024-4132 (A DLL hijack vulnerability was reported in Lenovo Lock Screen that cou ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-4131 (A DLL hijack vulnerability was reported in Lenovo Emulator that could ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-4130 (A DLL hijack vulnerability was reported in Lenovo App Store that could ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-4089 (A DLL hijack vulnerability was reported in Lenovo Super File that coul ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-48827 (An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to exec ...)
- TODO: check
+ NOT-FOR-US: sbondCo Watcharr
CVE-2024-48813 (SQL injection vulnerability in employee-management-system-php-and-mysq ...)
- TODO: check
+ NOT-FOR-US: employee-management-system-php-and-mysql
CVE-2024-48787 (An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a ...)
- TODO: check
+ NOT-FOR-US: Revic Optics Revic Ops
CVE-2024-48786 (An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 ...)
- TODO: check
+ NOT-FOR-US: SwitchBot
CVE-2024-48784 (An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2 ...)
- TODO: check
+ NOT-FOR-US: SAMPMAX
CVE-2024-48778 (An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) ...)
- TODO: check
+ NOT-FOR-US: GIANT MANUFACTURING CO
CVE-2024-48777 (LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: LEDVANCE
CVE-2024-48776 (An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to o ...)
- TODO: check
+ NOT-FOR-US: com.home.shelly
CVE-2024-48775 (An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote ...)
- TODO: check
+ NOT-FOR-US: com.ezset.delaney
CVE-2024-48774 (An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a ...)
- TODO: check
+ NOT-FOR-US: com.fermax.vida
CVE-2024-48773 (An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: WoFit
CVE-2024-48771 (An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 all ...)
- TODO: check
+ NOT-FOR-US: com.almando.play
CVE-2024-48770 (An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a rem ...)
- TODO: check
+ NOT-FOR-US: com.wisdomcity.zwave
CVE-2024-48769 (An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a re ...)
- TODO: check
+ NOT-FOR-US: de.burgwachter.keyapp.app
CVE-2024-48768 (An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 a ...)
- TODO: check
+ NOT-FOR-US: appinventor.ai_google.almando_control
CVE-2024-48041 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48040 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48033 (Deserialization of Untrusted Data vulnerability in Elie Burstein, Bapt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48020 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47884 (foxmarks is a CLI read-only interface for Firefox's bookmarks and hist ...)
- TODO: check
+ NOT-FOR-US: foxmarks
CVE-2024-47877 (Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 ...)
- TODO: check
+ NOT-FOR-US: codeclysm/extract Go library
CVE-2024-47875 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
TODO: check
CVE-2024-47830 (Plane is an open-source project management tool. Plane uses the ** wil ...)
- TODO: check
+ NOT-FOR-US: Plane
CVE-2024-47509 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2024-47508 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2024-47505 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2024-47353 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Q ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47331 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47074 (DataEase is an open source data visualization analysis tool. In Dataea ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-46532 (SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to exe ...)
- TODO: check
+ NOT-FOR-US: OpenHIS
CVE-2024-46215 (A vulnerability was discovered in KM08-708H-v1.1, There is a buffer ov ...)
- TODO: check
+ NOT-FOR-US: KM08-708H-v1.1
CVE-2024-46088 (An arbitrary file upload vulnerability in the ProductAction.entphone i ...)
- TODO: check
+ NOT-FOR-US: Zhejiang University Entersoft Customer Resource Management System
CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
TODO: check
CVE-2024-45402 (Picotls is a TLS protocol library that allows users select different c ...)
- TODO: check
+ - picotls <itp> (bug #925405)
CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
TODO: check
CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d ...)
- TODO: check
+ NOT-FOR-US: Quicly
CVE-2024-45317 (A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 applianc ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-45316 (The Improper link resolution before file access ('Link Following') vul ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-45315 (The Improper link resolution before file access ('Link Following') vul ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-44807 (A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. B ...)
- TODO: check
+ NOT-FOR-US: baserCMS plugin
CVE-2024-44734 (Incorrect access control in Mirotalk before commit 9de226 allows attac ...)
- TODO: check
+ NOT-FOR-US: Mirotalk
CVE-2024-44731 (Mirotalk before commit 9de226 was discovered to contain a DOM-based cr ...)
- TODO: check
+ NOT-FOR-US: Mirotalk
CVE-2024-44730 (Incorrect access control in the function handleDataChannelChat(dataMes ...)
- TODO: check
+ NOT-FOR-US: Mirotalk
CVE-2024-44729 (Incorrect access control in the component app/src/server.js of Mirotal ...)
- TODO: check
+ NOT-FOR-US: Mirotalk
CVE-2024-44415 (A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffe ...)
- TODO: check
+ NOT-FOR-US: DI_8200-16.07.26A1
CVE-2024-44414 (A vulnerability was discovered in FBM_292W-21.03.10V, which has been c ...)
- TODO: check
+ NOT-FOR-US: FBM_292W-21.03.10V
CVE-2024-44413 (A vulnerability was discovered in DI_8200-16.07.26A1, which has been c ...)
- TODO: check
+ NOT-FOR-US: DI_8200-16.07.26A1
CVE-2024-44157 (A stack buffer overflow was addressed through improved input validatio ...)
- TODO: check
+ NOT-FOR-US: APple
CVE-2024-42640 (angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticate ...)
- TODO: check
+ NOT-FOR-US: angular-base64-upload
CVE-2024-42018 (An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During ...)
- TODO: check
+ NOT-FOR-US: Atos
CVE-2024-38365 (btcd is an alternative full node bitcoin implementation written in Go ...)
- TODO: check
+ NOT-FOR-US: btcd
CVE-2024-33582 (A DLL hijack vulnerability was reported in Lenovo Service Framework th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-33581 (A DLL hijack vulnerability was reported in Lenovo PC Manager AI intell ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-33580 (A DLL hijack vulnerability was reported in Lenovo Personal Cloud that ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-33579 (A DLL hijack vulnerability was reported in Lenovo Baiying that could a ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-33578 (A DLL hijack vulnerability was reported in Lenovo Leyun that could all ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...)
TODO: check
CVE-2023-42133 (PAX Android based POS devices allow for escalation of privilege via im ...)
- TODO: check
+ NOT-FOR-US: PAX Android based POS devices
CVE-2024-9779
NOT-FOR-US: Open Cluster Management (OCM)
CVE-2024-47499 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
@@ -845,6 +845,7 @@ CVE-2024-46304 (A NULL pointer dereference in libcoap v4.3.5-rc2 and below allow
NOTE: https://github.com/obgm/libcoap/issues/1509
CVE-2024-46292 (A buffer overflow in modsecurity v3.0.12 allows attackers to cause a D ...)
TODO: check
+ NOTE: Being sorted out by upstream whether it's an actual issue
CVE-2024-46237 (PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site ...)
NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2024-45918 (Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.439 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659bd61f95cb2bf1ee8c55c9b24d434867e3c123
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659bd61f95cb2bf1ee8c55c9b24d434867e3c123
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241012/4686319a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list