[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Oct 17 14:12:12 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
638b34db by Moritz Mühlenhoff at 2024-10-16T22:23:39+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,87 +1,87 @@
CVE-2024-9893 (The Nextend Social Login Pro plugin for WordPress is vulnerable to aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9858 (There exists an insecure default user permission in Google Cloud Migra ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Migrate
CVE-2024-9444 (The ElementsReady Addons for Elementor plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with u ...)
TODO: check
CVE-2024-8921 (The Zita Elementor Site Library plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8040 (An authorization bypass through user-controlled key vulnerability affe ...)
- TODO: check
+ NOT-FOR-US: 3DSwym
CVE-2024-6380 (A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA ...)
- TODO: check
+ NOT-FOR-US: ENOVIA
CVE-2024-4692 (Improper Validation of Specified Quantity in Input vulnerability in Op ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2024-49271 (: Improper Neutralization of Special Elements Used in a Template Engin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49270 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49268 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49267 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49266 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49265 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49260 (Unrestricted Upload of File with Dangerous Type vulnerability in Limb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49258 (Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49257 (Unrestricted Upload of File with Dangerous Type vulnerability in Denis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49254 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49253 (Relative Path Traversal vulnerability in James Park Analyse Uploads al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49252 (: Exposure of Sensitive System Information to an Unauthorized Control ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49251 (: Improper Control of Filename for Include/Require Statement in PHP Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49247 (: Authentication Bypass Using an Alternate Path or Channel vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49245 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49242 (Unrestricted Upload of File with Dangerous Type vulnerability in Shafi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49227 (Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49226 (Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49218 (Deserialization of Untrusted Data vulnerability in Al Imran Akash Rece ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49216 (Unrestricted Upload of File with Dangerous Type vulnerability in Joshu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48744 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /trm ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Teachers Record Management System
CVE-2024-48042 (Improper Neutralization of Special Elements Used in a Template Engine ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48035 (Unrestricted Upload of File with Dangerous Type vulnerability in Takay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48034 (Unrestricted Upload of File with Dangerous Type vulnerability in Flipe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48030 (Deserialization of Untrusted Data vulnerability in Gabriele Valenti Te ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48029 (: Improper Control of Filename for Include/Require Statement in PHP Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48028 (Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48027 (Unrestricted Upload of File with Dangerous Type vulnerability in xaraa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48026 (Deserialization of Untrusted Data vulnerability in Grayson Robbins Dis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47836 (Admidio is an open-source user management solution. Prior to version 4 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2024-47649 (Unrestricted Upload of File with Dangerous Type vulnerability in THATp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47645 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47637 (: Relative Path Traversal vulnerability in LiteSpeed Technologies Lite ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47522 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
TODO: check
CVE-2024-47351 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -93,11 +93,11 @@ CVE-2024-47187 (Suricata is a network Intrusion Detection System, Intrusion Prev
CVE-2024-47139 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...)
TODO: check
CVE-2024-46606 (A cross-site scripting (XSS) vulnerability in the component /admin.php ...)
- TODO: check
+ - piwigo <removed>
CVE-2024-46605 (A cross-site scripting (XSS) vulnerability in the component /admin.php ...)
- TODO: check
+ - piwigo <removed>
CVE-2024-45844 (BIG-IP monitor functionality may allow an attacker to bypass access co ...)
- TODO: check
+ NOT-FOR-US: BIG-IP
CVE-2024-45797 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...)
TODO: check
CVE-2024-45796 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
@@ -105,41 +105,41 @@ CVE-2024-45796 (Suricata is a network Intrusion Detection System, Intrusion Prev
CVE-2024-45795 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
TODO: check
CVE-2024-45072 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML E ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-45071 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored c ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-41128 (Action Pack is a framework for handling and responding to web requests ...)
TODO: check
CVE-2024-38814 (An authenticated SQL injection vulnerability in VMware HCX was private ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-29155 (On Microchip RN4870 devices, when more than one consecutive PairReqNoI ...)
- TODO: check
+ NOT-FOR-US: Microchip RN4870
CVE-2024-22033 (The OBS service obs-service-download_url was vulnerable to a command i ...)
TODO: check
CVE-2024-22032 (A vulnerability has been identified in which an RKE1 cluster keeps co ...)
TODO: check
CVE-2024-22030 (A vulnerability has been identified within Rancher that can be exploit ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2024-20512 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20463 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20462 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20461 (A vulnerability in the CLI of Cisco ATA 190 Series Analog Telepho ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20460 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20459 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20458 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20421 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20420 (A vulnerability in the web-based management interface of Cisco ATA 190 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20280 (A vulnerability in the backup feature of Cisco UCS Central Software co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-10033 (A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) ...)
TODO: check
CVE-2024-10024 (A vulnerability, which was classified as critical, has been found in c ...)
@@ -169,7 +169,7 @@ CVE-2023-32189 (Insecure handling of ssh keys used to bootstrap clients allows l
CVE-2023-32188 (A user can reverse engineer the JWT token (JSON Web Token) used in aut ...)
TODO: check
CVE-2020-36841 (The WooCommerce Smart Coupons plugin for WordPress is vulnerable to au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9966 (Inappropriate implementation in Navigations in Google Chrome prior to ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638b34db9bbc17401e182ca7fbdeb6890a82b398
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638b34db9bbc17401e182ca7fbdeb6890a82b398
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/4b7fbe19/attachment.htm>
More information about the debian-security-tracker-commits
mailing list