[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Oct 17 23:43:59 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e8119df by Moritz Mühlenhoff at 2024-10-17T22:33:37+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,219 +1,219 @@
CVE-2024-9898 (The Parallax Image plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9414 (In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerabilit ...)
TODO: check
CVE-2024-9184 (The SendPulse Free Web Push plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8920 (The Fonto \u2013 Custom Web Fonts Manager plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7755 (The EWON FLEXY 202 transmits credentials using a weak encoding method ...)
- TODO: check
+ NOT-FOR-US: EWON FLEXY
CVE-2024-6333 (Authenticated Remote Code Execution in Altalink, Versalink & WorkCentr ...)
TODO: check
CVE-2024-49580 (In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin co ...)
- TODO: check
+ NOT-FOR-US: JetBrains Ktor
CVE-2024-49579 (In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allow ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2024-49400 (Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was ...)
- TODO: check
+ NOT-FOR-US: Tacquito
CVE-2024-49399 (The affected product is vulnerable to an attacker being able to use co ...)
- TODO: check
+ NOT-FOR-US: Elvaco
CVE-2024-49398 (The affected product is vulnerable to unrestricted file uploads, which ...)
- TODO: check
+ NOT-FOR-US: Elvaco
CVE-2024-49397 (The affected product is vulnerable to a cross-site scripting attack wh ...)
- TODO: check
+ NOT-FOR-US: Elvaco
CVE-2024-49396 (The affected product is vulnerable due to insufficiently protected cre ...)
- TODO: check
+ NOT-FOR-US: Elvaco
CVE-2024-49392 (Stored cross-site scripting (XSS) vulnerability on enrollment invitati ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2024-49391 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2024-49390 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2024-49389 (Local privilege escalation due to insecure folder permissions. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2024-49386 (Sensitive information disclosure due to spell-jacking. The following p ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2024-49322 (Incorrect Privilege Assignment vulnerability in CodePassenger Job Boar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49320 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49319 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49318 (Deserialization of Untrusted Data vulnerability in Scott Olson My Read ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49317 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49316 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49315 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49314 (Unrestricted Upload of File with Dangerous Type vulnerability in \u917 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49313 (Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49312 (Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49311 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49310 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49309 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49308 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49307 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49305 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49304 (Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49302 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49301 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49299 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49298 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49297 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49296 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49295 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49292 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49291 (Unrestricted Upload of File with Dangerous Type vulnerability in Gora ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49289 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49288 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49287 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49285 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49284 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49283 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49282 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49281 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49280 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49279 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49278 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49277 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49276 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49264 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49263 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49262 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49261 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49259 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49255 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49248 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49246 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49244 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49237 (Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49235 (Insertion of Sensitive Information Into Sent Data vulnerability in Vid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49229 (Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49223 (Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49221 (Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49220 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49219 (Incorrect Privilege Assignment vulnerability in themexpo RS-Members al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49217 (Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48920 (PutongOJ is online judging software. Prior to version 2.1.0-beta.1, un ...)
- TODO: check
+ NOT-FOR-US: PutongOJ
CVE-2024-48638 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48637 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48636 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48635 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48634 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48633 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48632 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48631 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48630 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48629 (D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-48192 (Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-48048 (Cross-Site Request Forgery (CSRF) vulnerability in WSIFY \u2013 Sales ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48047 (Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Lin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48046 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48043 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48038 (Cross-Site Request Forgery (CSRF) vulnerability in Hans Matzen wp-Mona ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48037 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48036 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48032 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48031 (Cross-Site Request Forgery (CSRF) vulnerability in Sumit Surai Feature ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48025 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48024 (: Exposure of Sensitive System Information to an Unauthorized Control ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48023 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48022 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48021 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47459 (Substance3D - Sampler versions 4.5 and earlier are affected by a NULL ...)
- TODO: check
+ NOT-FOR-US: Substance3D
CVE-2024-47312 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47304 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45713 (SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-43997 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10101 (A stored cross-site scripting (XSS) vulnerability exists in binary-hus ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10100 (A path traversal vulnerability exists in binary-husky/gpt_academic ver ...)
- TODO: check
+ NOT-FOR-US: binary-husky/gpt_academic
CVE-2024-10099 (A stored cross-site scripting (XSS) vulnerability exists in comfyanony ...)
- TODO: check
+ NOT-FOR-US: comfyanonymous/comfyui
CVE-2024-10073 (A vulnerability, which was classified as critical, was found in flairN ...)
TODO: check
CVE-2024-10072 (A vulnerability, which was classified as critical, has been found in E ...)
@@ -229,11 +229,11 @@ CVE-2024-10068 (A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3
CVE-2024-10025 (A vulnerability in the .sdd file allows an attacker to read default pa ...)
TODO: check
CVE-2023-6729 (Nokia SR OS routers allow read-write access to the entire file system ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2023-6728 (Nokia SR OS bof.cfg file encryption is vulnerable to a brute force att ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2018-25104 (A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop ...)
- TODO: check
+ NOT-FOR-US: PrestaShop plugin
CVE-2005-10003 (A vulnerability classified as critical has been found in mikexstudios ...)
TODO: check
CVE-2024-9951 (The WP Photo Album Plus plugin for WordPress is vulnerable to Reflecte ...)
@@ -259,7 +259,7 @@ CVE-2024-9240 (The ReDi Restaurant Reservation plugin for WordPress is vulnerabl
CVE-2024-9215 (The Co-Authors, Multiple Authors and Guest Authors in an Author Box wi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9213 (The \u0627\u0641\u0632\u0648\u0646\u0647 \u067e\u06cc\u0627\u0645\u06a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8719 (The Flexmls\xae IDX Plugin plugin for WordPress is vulnerable to Refle ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7994 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
@@ -273,7 +273,7 @@ CVE-2024-5429 (The Logo Slider WordPress plugin before 4.1.0 does not validate
CVE-2024-49593 (In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields ...)
NOT-FOR-US: WordPress plugin
CVE-2024-48918 (RDS Light is a simplified version of the Reflective Dialogue System (R ...)
- TODO: check
+ NOT-FOR-US: RDS Light
CVE-2024-48758 (dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forg ...)
NOT-FOR-US: dingfanzu CMS
CVE-2024-48180 (ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e8119dfd0beb11b317712b39559858472e2b9ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e8119dfd0beb11b317712b39559858472e2b9ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/6fe7fa5e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list