[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Oct 17 04:41:08 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cdfdc5ae by Moritz Mühlenhoff at 2024-10-16T15:40:45+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,83 +38,83 @@ CVE-2024-9954 (Use after free in AI in Google Chrome prior to 130.0.6723.58 allo
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9937 (The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Refl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9891 (The Multiline files upload for contact form 7 plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9888 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9873 (The Community by PeepSo \u2013 Social Network, Membership, Registratio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9652 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Ref ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9649 (The WP ULike \u2013 The Ultimate Engagement Toolkit for Websites plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9647 (The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9634 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9594 (A security issue was discovered in the Kubernetes Image Builder versio ...)
- TODO: check
+ NOT-FOR-US: Kubernetes Image Builder
CVE-2024-9582 (The Accordion Slider plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9540 (The Sina Extension for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9521 (The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9486 (A security issue was discovered in the Kubernetes Image Builder versio ...)
- TODO: check
+ NOT-FOR-US: Kubernetes Image Builder
CVE-2024-9305 (The AppPresser \u2013 Mobile App Framework plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9105 (The UltimateAI plugin for WordPress is vulnerable to authentication by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9104 (The UltimateAI plugin for WordPress is vulnerable to authentication by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9061 (The The WP Popup Builder \u2013 Popup Forms and Marketing Lead Generat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8918 (The File Manager Pro plugin for WordPress is vulnerable to Limited Jav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8787 (The Smart Online Order for Clover plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8746 (The File Manager Pro plugin for WordPress is vulnerable to arbitrary b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8541 (The Discount Rules for WooCommerce \u2013 Create Smart WooCommerce Cou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8507 (The File Manager Pro plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49340 (IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forg ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-48783 (An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obta ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-48782 (File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allow ...)
- TODO: check
+ NOT-FOR-US: DYCMS
CVE-2024-48781 (An issue in Wanxing Technology Yitu Project Management Kirin Edition 2 ...)
- TODO: check
+ NOT-FOR-US: Wanxing Technology
CVE-2024-48779 (An issue in Wanxing Technology's Yitu project Management Software 3.2. ...)
- TODO: check
+ NOT-FOR-US: Wanxing Technology
CVE-2024-48714 (In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles th ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48713 (In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48712 (In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the pa ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48710 (In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48411 (itsourcecode Online Tours and Travels Management System v1.0 is vulner ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Tours and Travels Management System
CVE-2024-45715 (The SolarWinds Platform was susceptible to a Cross-Site Scripting vuln ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45714 (Application is vulnerable to Cross Site Scripting (XSS) an authenticat ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45711 (SolarWinds Serv-U is vulnerable to a directory traversal vulnerabili ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45710 (SolarWinds Platform is susceptible to an Uncontrolled Search Path Elem ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45217 (Insecure Default Initialization of Resource vulnerability in Apache So ...)
TODO: check
CVE-2024-45216 (Improper Authentication vulnerability in Apache Solr. Solr instances ...)
TODO: check
CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial of serv ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service ...)
TODO: check
CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decodi ...)
@@ -124,111 +124,111 @@ CVE-2024-38204 (Improper Access Control in Imagine Cup allows an authorized atta
CVE-2024-38190 (Missing authorization in Power Platform allows an unauthenticated atta ...)
TODO: check
CVE-2024-38139 (Improper authentication in Microsoft Dataverse allows an authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-31955 (An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB ...)
- TODO: check
+ NOT-FOR-US: MicrosoftSamsung
CVE-2024-10018 (Improper permission control in the mobile application (com.transsion.a ...)
TODO: check
CVE-2024-10004 (Opening an external link to an HTTP website when Firefox iOS was previ ...)
TODO: check
CVE-2023-7296 (The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7295 (The Video Grid plugin for WordPress is vulnerable to Reflected Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7294 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7293 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7292 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7291 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7290 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7289 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7288 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7287 (The Paytium: Mollie payment forms & donations plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7286 (The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4974 (The Freemius SDK, as used by hundreds of WordPress plugin and theme de ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin SDK
CVE-2022-4973 (WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticate ...)
TODO: check
CVE-2022-4972 (The Download Monitor plugin for WordPress is vulnerable to authorizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4971 (The Sassy Social Share plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4452 (The Google Language Translator plugin for WordPress is vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4451 (The NinjaFirewall plugin for WordPress is vulnerable to Authenticated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4450 (The Post Grid plugin for WordPress is vulnerable to blind SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4449 (The ZoomSounds plugin for WordPress is vulnerable to arbitrary file up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4448 (The Kaswara Modern VC Addons plugin for WordPress is vulnerable to aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4447 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4446 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4445 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4444 (The Product Filter by WooBeWoo plugin for WordPress is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4443 (The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36842 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36840 (The Timetable and Event Schedule by MotoPress plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36839 (The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36838 (The Facebook Chat Plugin for WordPress is vulnerable to authorization ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36837 (The ThemeGrill Demo Importer plugin for WordPress is vulnerable to aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36836 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36835 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36834 (The Discount Rules for WooCommerce plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36833 (The Indeed Membership Pro plugin for WordPress is vulnerable to author ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36832 (The Ultimate Membership Pro plugin for WordPress is vulnerable to Auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36831 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25217 (The SiteGround Optimizer plugin for WordPress is vulnerable to authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25216 (The Rich Review plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25215 (The ARI-Adminer plugin for WordPress is vulnerable to authorization by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25214 (The ShopWP plugin for WordPress is vulnerable to authorization bypass ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25213 (The Advanced Access Manager plugin for WordPress is vulnerable to Unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2018-25105 (The File Manager plugin for WordPress is vulnerable to authorization ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20194 (The Formidable Form Builder plugin for WordPress is vulnerable to Sens ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20193 (The Product Vendors is vulnerable to Reflected Cross-Site Scripting vi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20192 (The Formidable Form Builder plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15042 (The Frontend File Manager (versions < 4.0), N-Media Post Front-end For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15041 (The MainWP Dashboard \u2013 The Private WordPress Manager for Multiple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15040 (The Kento Post View Counter plugin for WordPress is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2012-10018 (The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45693 (Users logged into the Apache CloudStack's web interface can be tricked ...)
NOT-FOR-US: Apache CloudStack
CVE-2024-45462 (The logout operation in the CloudStack web interface does not expire t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdfdc5ae9d438afa52b980eef73215a761bf132a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdfdc5ae9d438afa52b980eef73215a761bf132a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/3177bc78/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list