[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 25 21:33:50 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f2f049b0 by Salvatore Bonaccorso at 2024-10-25T22:33:27+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,115 +1,115 @@
CVE-2024-9991 (This vulnerability exists in Philips lighting devices due to storage o ...)
- TODO: check
+ NOT-FOR-US: Philips lighting devices
CVE-2024-9585 (The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9584 (The Image Map Pro plugin for WordPress is vulnerable to unauthorized m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8666 (The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8036 (ABB is aware of privately reported vulnerabilities in the product vers ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-49767 (Werkzeug is a Web Server Gateway Interface web application library. Ap ...)
TODO: check
CVE-2024-49766 (Werkzeug is a Web Server Gateway Interface web application library. On ...)
TODO: check
CVE-2024-49757 (The open-source identity infrastructure software Zitadel allows admini ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-49753 (Zitadel is open-source identity infrastructure software. Versions prio ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-49381 (Plenti, a static site generator, has an arbitrary file deletion vulner ...)
- TODO: check
+ NOT-FOR-US: Plenti
CVE-2024-49380 (Plenti, a static site generator, has an arbitrary file write vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Plenti
CVE-2024-49378 (smartUp, a web browser mouse gestures extension, has a universal cross ...)
- TODO: check
+ NOT-FOR-US: smartUp
CVE-2024-49376 (Autolab, a course management service that enables auto-graded programm ...)
- TODO: check
+ NOT-FOR-US: Autolab
CVE-2024-48743 (Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2024-48700 (Kliqqi-CMS has a background arbitrary code execution vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Kliqqi-CMS
CVE-2024-48655 (An issue in Total.js CMS v.1.0 allows a remote attacker to execute arb ...)
- TODO: check
+ NOT-FOR-US: Total.js CMS
CVE-2024-48654 (Cross Site Scripting vulnerability in Blood Bank v.1 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: Blood Bank
CVE-2024-48581 (File Upload vulnerability in Best courier management system in php v.1 ...)
- TODO: check
+ NOT-FOR-US: Best courier management system in php
CVE-2024-48580 (SQL Injection vulnerability in Best courier management system in php v ...)
- TODO: check
+ NOT-FOR-US: Best courier management system in php
CVE-2024-48579 (SQL Injection vulnerability in Best House rental management system pro ...)
- TODO: check
+ NOT-FOR-US: Best House rental management system project in php
CVE-2024-48459 (A command execution vulnerability exists in the AX2 Pro home router pr ...)
- TODO: check
+ NOT-FOR-US: AX2 Pro home router Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda)
CVE-2024-48450 (An arbitrary file upload vulnerability in Huly Platform v0.6.295 allow ...)
- TODO: check
+ NOT-FOR-US: Huly Platform
CVE-2024-48448 (An arbitrary file upload vulnerability in Huly Platform v0.6.295 allow ...)
- TODO: check
+ NOT-FOR-US: Huly Platform
CVE-2024-48428 (An issue in Olive VLE allows an attacker to obtain sensitive informati ...)
- TODO: check
+ NOT-FOR-US: Olive VLE
CVE-2024-48343 (A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-48204 (SQL injection vulnerability in Hanzhou Haobo network management system ...)
- TODO: check
+ NOT-FOR-US: Hanzhou Haobo network management system
CVE-2024-47483 (Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-47481 (Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Imprope ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-47041 (In valid_address of syscall.c, there is a possible out of bounds read ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47035 (In vring_init of external/headers/include/virtio/virtio_ring.h, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47034 (there is a possible out of bounds read due to a missing bounds check. ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47033 (In lwis_allocator_free of lwis_allocator.c, there is a possible memory ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47031 (Android before 2024-10-05 on Google Pixel devices allows privilege esc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47030 (Android before 2024-10-05 on Google Pixel devices allows information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47029 (In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trust ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47028 (In ffu_flash_pack of ffu.c, there is a possible out of bounds read due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47027 (In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47026 (In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47025 (In ppmp_protect_buf of drm_fw.c, there is a possible information discl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47024 (In vring_size of external/headers/include/virtio/virtio_ring.h, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47023 (there is a possible man-in-the-middle attack due to a logic error in t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47022 (Android before 2024-10-05 on Google Pixel devices allows information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47021 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47020 (Android before 2024-10-05 on Google Pixel devices allows information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47019 (In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47018 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47017 (In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use aft ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47016 (there is a possible privilege escalation due to an insecure default va ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47015 (In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47014 (Android before 2024-10-05 on Google Pixel devices allows privilege esc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47013 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47012 (In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44101 (there is a possible Null Pointer Dereference (modem crash) due to impr ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44100 (Android before 2024-10-05 on Google Pixel devices allows information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44099 (There is a possible Local bypass of user interaction due to an insecur ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44098 (In lwis_device_event_states_clear_locked of lwis_event.c, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-37847 (An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Man ...)
TODO: check
CVE-2024-37846 (MangoOS before 5.2.0 was discovered to contain a Client-Side Template ...)
@@ -119,29 +119,29 @@ CVE-2024-37845 (MangoOS before 5.2.0 was discovered to contain an authenticated
CVE-2024-37844 (A stored cross-site scripting (XSS) vulnerability in MangoOS before 5. ...)
TODO: check
CVE-2024-10387 (CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in t ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-10386 (CVE-2024-10386 IMPACT An authentication vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-10381 (This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ du ...)
TODO: check
CVE-2024-10380 (A vulnerability, which was classified as critical, has been found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Petrol Pump Management Software
CVE-2024-10379 (A vulnerability classified as problematic was found in ESAFENET CDG 5. ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-10378 (A vulnerability classified as critical has been found in ESAFENET CDG ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-10377 (A vulnerability was found in ESAFENET CDG 5. It has been rated as crit ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-10376 (A vulnerability was found in ESAFENET CDG 5. It has been declared as c ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-10374 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10343 (The Beek Widget Extention plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10112 (The Simple News plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10016 (The File Upload Types by WPForms plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9686 (The Order Notification for Telegram plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9630 (The WPS Telegram Chat plugin for WordPress is vulnerable to authorizat ...)
@@ -755,13 +755,13 @@ CVE-2024-42643 (Integer Overflow in fast_ping.c in SmartDNS Release46 allows rem
CVE-2024-41717 (Kieback & Peter's DDC4000 seriesis vulnerable to a path traversal vuln ...)
NOT-FOR-US: Kieback & Peter's DDC4000 series
CVE-2024-40494 (Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to e ...)
- TODO: check
+ NOT-FOR-US: FreeCoAP
CVE-2024-40493 (Null Pointer Dereference in `coap_client_exchange_blockwise2` function ...)
- TODO: check
+ NOT-FOR-US: FreeCoAP
CVE-2024-31880 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
NOT-FOR-US: IBM
CVE-2024-31029 (An issue in the server_handle_regular function of the test_coap_server ...)
- TODO: check
+ NOT-FOR-US: FreeCoAP
CVE-2024-26519 (An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a ...)
NOT-FOR-US: Casa Systems NTC-221
CVE-2024-10231 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a ...)
@@ -199316,21 +199316,21 @@ CVE-2022-30363
CVE-2022-30362
RESERVED
CVE-2022-30361 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30360 (OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA P ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30359 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30358 (OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulner ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30357 (OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulner ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30356 (OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vul ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30355 (OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulner ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30354 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30353
RESERVED
CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f049b019624b5a0e6106e7f2c5a1aa955048cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f049b019624b5a0e6106e7f2c5a1aa955048cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241025/4e72d22d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list