[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Oct 12 10:09:37 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
659bd61f by Moritz Muehlenhoff at 2024-10-12T11:09:19+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,215 +1,215 @@
 CVE-2024-9860 (The Bridge Core plugin for WordPress is vulnerable to unauthorized mod ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9824 (The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9821 (The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9778 (The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9776 (The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9756 (The Order Attachments for WooCommerce plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9704 (The Social Sharing (by Danny) plugin for WordPress is vulnerable to St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9670 (The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9656 (The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9592 (The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9187 (The Read more By Adam plugin for WordPress is vulnerable to unauthoriz ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9047 (The WordPress File Upload plugin for WordPress is vulnerable to Path T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7489 (The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-48938 (Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows  ...)
 	TODO: check
 CVE-2024-48937 (Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows  ...)
 	TODO: check
 CVE-2024-48788 (An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote att ...)
-	TODO: check
+	NOT-FOR-US: YESCAM
 CVE-2024-48772 (An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote att ...)
-	TODO: check
+	NOT-FOR-US: C-CHIP
 CVE-2024-46468 (A Server-Side Request Forgery (SSRF) vulnerability exists in the jpres ...)
-	TODO: check
+	NOT-FOR-US: jpress
 CVE-2024-45754 (An issue was discovered in the centreon-bi-server component in Centreo ...)
-	TODO: check
+	NOT-FOR-US: Centreon BI Server
 CVE-2024-45184 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-35522 (Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-35517 (Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_rem ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-9869
 	REJECTED
 CVE-2024-9859 (Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 ...)
 	TODO: check
 CVE-2024-9856 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. I ...)
-	TODO: check
+	NOT-FOR-US: 07FLYCMS
 CVE-2024-9855 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. I ...)
-	TODO: check
+	NOT-FOR-US: 07FLYCMS
 CVE-2024-9539 (An information disclosure vulnerability was identified in GitHub Enter ...)
-	TODO: check
+	NOT-FOR-US: Github Enterprise Server
 CVE-2024-9538 (The ShopLentor plugin for WordPress is vulnerable to Sensitive Informa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9164 (An issue was discovered in GitLab EE affecting all versions starting f ...)
 	TODO: check
 CVE-2024-9046 (A DLL hijack vulnerability was reported in Lenovo stARstudio that coul ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-9002 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2024-8970 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
 	TODO: check
 CVE-2024-8913 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8912 (An HTTP Request Smuggling vulnerability in Looker allowed an unauthori ...)
-	TODO: check
+	NOT-FOR-US: Looker
 CVE-2024-8755 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
-	TODO: check
+	NOT-FOR-US: Progress LoadMaster
 CVE-2024-8531 (CWE-347: Improper Verification of Cryptographic Signature vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2024-8530 (CWE-306: Missing Authentication for Critical Function vulnerability ex ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2024-8376 (In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve me ...)
 	TODO: check
 CVE-2024-7514 (The WordPress Comments Import & Export plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6985 (A path traversal vulnerability exists in the api open_personality_fold ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-6971 (A path traversal vulnerability exists in the parisneo/lollms-webui rep ...)
-	TODO: check
+	NOT-FOR-US: lollms-webui
 CVE-2024-6657 (A denial of service may be caused to a single peripheral device in a B ...)
-	TODO: check
+	NOT-FOR-US: Silabs
 CVE-2024-5474 (A potential information disclosure vulnerability was reported in Lenov ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-5005 (An issue has been discovered discovered in GitLab EE/CE affecting all  ...)
 	TODO: check
 CVE-2024-4132 (A DLL hijack vulnerability was reported in Lenovo Lock Screen that cou ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-4131 (A DLL hijack vulnerability was reported in Lenovo Emulator that could  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-4130 (A DLL hijack vulnerability was reported in Lenovo App Store that could ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-4089 (A DLL hijack vulnerability was reported in Lenovo Super File that coul ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-48827 (An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to exec ...)
-	TODO: check
+	NOT-FOR-US: sbondCo Watcharr
 CVE-2024-48813 (SQL injection vulnerability in employee-management-system-php-and-mysq ...)
-	TODO: check
+	NOT-FOR-US: employee-management-system-php-and-mysql
 CVE-2024-48787 (An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a ...)
-	TODO: check
+	NOT-FOR-US: Revic Optics Revic Ops
 CVE-2024-48786 (An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 ...)
-	TODO: check
+	NOT-FOR-US: SwitchBot
 CVE-2024-48784 (An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2 ...)
-	TODO: check
+	NOT-FOR-US: SAMPMAX
 CVE-2024-48778 (An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink)  ...)
-	TODO: check
+	NOT-FOR-US: GIANT MANUFACTURING CO
 CVE-2024-48777 (LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to  ...)
-	TODO: check
+	NOT-FOR-US: LEDVANCE
 CVE-2024-48776 (An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to o ...)
-	TODO: check
+	NOT-FOR-US: com.home.shelly
 CVE-2024-48775 (An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote ...)
-	TODO: check
+	NOT-FOR-US: com.ezset.delaney
 CVE-2024-48774 (An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a ...)
-	TODO: check
+	NOT-FOR-US: com.fermax.vida
 CVE-2024-48773 (An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: WoFit
 CVE-2024-48771 (An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 all ...)
-	TODO: check
+	NOT-FOR-US: com.almando.play
 CVE-2024-48770 (An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a rem ...)
-	TODO: check
+	NOT-FOR-US: com.wisdomcity.zwave
 CVE-2024-48769 (An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a re ...)
-	TODO: check
+	NOT-FOR-US: de.burgwachter.keyapp.app
 CVE-2024-48768 (An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 a ...)
-	TODO: check
+	NOT-FOR-US: appinventor.ai_google.almando_control
 CVE-2024-48041 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-48040 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-48033 (Deserialization of Untrusted Data vulnerability in Elie Burstein, Bapt ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-48020 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-47884 (foxmarks is a CLI read-only interface for Firefox's bookmarks and hist ...)
-	TODO: check
+	NOT-FOR-US: foxmarks
 CVE-2024-47877 (Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 ...)
-	TODO: check
+	NOT-FOR-US: codeclysm/extract Go library
 CVE-2024-47875 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
 	TODO: check
 CVE-2024-47830 (Plane is an open-source project management tool. Plane uses the ** wil ...)
-	TODO: check
+	NOT-FOR-US: Plane
 CVE-2024-47509 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2024-47508 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2024-47505 (An Allocation of Resources Without Limits or Throttlingvulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2024-47353 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Q ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-47331 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-47074 (DataEase is an open source data visualization analysis tool. In Dataea ...)
-	TODO: check
+	NOT-FOR-US: DataEase
 CVE-2024-46532 (SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to exe ...)
-	TODO: check
+	NOT-FOR-US: OpenHIS
 CVE-2024-46215 (A vulnerability was discovered in KM08-708H-v1.1, There is a buffer ov ...)
-	TODO: check
+	NOT-FOR-US: KM08-708H-v1.1
 CVE-2024-46088 (An arbitrary file upload vulnerability in the ProductAction.entphone i ...)
-	TODO: check
+	NOT-FOR-US: Zhejiang University Entersoft Customer Resource Management System
 CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
 	TODO: check
 CVE-2024-45402 (Picotls is a TLS protocol library that allows users select different c ...)
-	TODO: check
+	- picotls <itp> (bug #925405)
 CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
 	TODO: check
 CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d ...)
-	TODO: check
+	NOT-FOR-US: Quicly
 CVE-2024-45317 (A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 applianc ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2024-45316 (The Improper link resolution before file access ('Link Following') vul ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2024-45315 (The Improper link resolution before file access ('Link Following') vul ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2024-44807 (A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. B ...)
-	TODO: check
+	NOT-FOR-US: baserCMS plugin
 CVE-2024-44734 (Incorrect access control in Mirotalk before commit 9de226 allows attac ...)
-	TODO: check
+	NOT-FOR-US: Mirotalk
 CVE-2024-44731 (Mirotalk before commit 9de226 was discovered to contain a DOM-based cr ...)
-	TODO: check
+	NOT-FOR-US: Mirotalk
 CVE-2024-44730 (Incorrect access control in the function handleDataChannelChat(dataMes ...)
-	TODO: check
+	NOT-FOR-US: Mirotalk
 CVE-2024-44729 (Incorrect access control in the component app/src/server.js of Mirotal ...)
-	TODO: check
+	NOT-FOR-US: Mirotalk
 CVE-2024-44415 (A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffe ...)
-	TODO: check
+	NOT-FOR-US: DI_8200-16.07.26A1
 CVE-2024-44414 (A vulnerability was discovered in FBM_292W-21.03.10V, which has been c ...)
-	TODO: check
+	NOT-FOR-US: FBM_292W-21.03.10V
 CVE-2024-44413 (A vulnerability was discovered in DI_8200-16.07.26A1, which has been c ...)
-	TODO: check
+	NOT-FOR-US: DI_8200-16.07.26A1
 CVE-2024-44157 (A stack buffer overflow was addressed through improved input validatio ...)
-	TODO: check
+	NOT-FOR-US: APple
 CVE-2024-42640 (angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: angular-base64-upload
 CVE-2024-42018 (An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During ...)
-	TODO: check
+	NOT-FOR-US: Atos
 CVE-2024-38365 (btcd is an alternative full node bitcoin implementation written in Go  ...)
-	TODO: check
+	NOT-FOR-US: btcd
 CVE-2024-33582 (A DLL hijack vulnerability was reported in Lenovo Service Framework th ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-33581 (A DLL hijack vulnerability was reported in Lenovo PC Manager AI intell ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-33580 (A DLL hijack vulnerability was reported in Lenovo Personal Cloud that  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-33579 (A DLL hijack vulnerability was reported in Lenovo Baiying that could a ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-33578 (A DLL hijack vulnerability was reported in Lenovo Leyun that could all ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...)
 	TODO: check
 CVE-2023-42133 (PAX Android based POS devices allow for escalation of privilege via im ...)
-	TODO: check
+	NOT-FOR-US: PAX Android based POS devices
 CVE-2024-9779
 	NOT-FOR-US: Open Cluster Management (OCM)
 CVE-2024-47499 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
@@ -845,6 +845,7 @@ CVE-2024-46304 (A NULL pointer dereference in libcoap v4.3.5-rc2 and below allow
 	NOTE: https://github.com/obgm/libcoap/issues/1509
 CVE-2024-46292 (A buffer overflow in modsecurity v3.0.12 allows attackers to cause a D ...)
 	TODO: check
+	NOTE: Being sorted out by upstream whether it's an actual issue
 CVE-2024-46237 (PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site  ...)
 	NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2024-45918 (Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.439 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659bd61f95cb2bf1ee8c55c9b24d434867e3c123

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659bd61f95cb2bf1ee8c55c9b24d434867e3c123
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241012/4686319a/attachment.htm>


More information about the debian-security-tracker-commits mailing list