[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 30 08:30:16 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d39eb6a0 by Salvatore Bonaccorso at 2024-10-30T09:29:30+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,113 +1,113 @@
 CVE-2024-9997 (A maliciously crafted DWG file when parsed in acdb25.dll through Autod ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-9996 (A maliciously crafted DWG file when parsed in acdb25.dll through Autod ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-9886 (The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9885 (The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9884 (The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9846 (The The Enable Shortcodes inside Widgets,Comments and Experts plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9827 (A maliciously crafted CATPART file when parsed in CC5Dll.dll through A ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-9826 (A maliciously crafted 3DM file when parsed in atf_api.dll through Auto ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-9489 (A maliciously crafted DWG file when parsed in ACAD.exe through Autodes ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8896 (A maliciously crafted DXF file when parsed in acdb25.dllthrough Autode ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8871 (The Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8792 (The Subscribe to Comments plugin for WordPress is vulnerable to Reflec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8627 (The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8600 (A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8599 (A maliciously crafted STP file when parsed in ACTranslators.exe throug ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8598 (A maliciously crafted STP file when parsed in ACTranslators.exe throug ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8597 (A maliciously crafted STP file when parsed in ASMDATAX230A.dll through ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8596 (A maliciously crafted MODEL file when parsed in libodxdll.dll through  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8595 (A maliciously crafted MODEL file when parsed in libodxdll.dll through  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8594 (A maliciously crafted MODEL file when parsed in libodxdll.dll through  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8593 (A maliciously crafted CATPART file when parsed in ASMKERN230A.dll thro ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8592 (A maliciously crafted CATPART file when parsed in AcTranslators.exe th ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8591 (A maliciously crafted 3DM file when parsed in AcTranslators.exe throug ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8590 (A maliciously crafted 3DM file when parsed in atf_api.dll through Auto ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8589 (A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8588 (A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8587 (A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-8444 (The Download Manager WordPress plugin before 3.3.00 doesn't sanitize s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7992 (A maliciously crafted DWG file, when parsed through Autodesk AutoCAD a ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-7991 (A maliciously crafted DWG file, when parsed through Autodesk AutoCAD a ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2024-51568 (CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via ...)
-	TODO: check
+	NOT-FOR-US: CyberPanel (aka Cyber Panel)
 CVE-2024-51567 (upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Pane ...)
-	TODO: check
+	NOT-FOR-US: CyberPanel (aka Cyber Panel)
 CVE-2024-51378 (getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyb ...)
-	TODO: check
+	NOT-FOR-US: CyberPanel (aka Cyber Panel)
 CVE-2024-50512 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50511 (Unrestricted Upload of File with Dangerous Type vulnerability in David ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50510 (Unrestricted Upload of File with Dangerous Type vulnerability in Web a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50509 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50508 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50507 (Deserialization of Untrusted Data vulnerability in Daniel Schmitzer DS ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50506 (Incorrect Privilege Assignment vulnerability in Azexo Marketing Automa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50504 (Incorrect Privilege Assignment vulnerability in Matt Whiteman Bulk Cha ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50503 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50456 (Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50455 (Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50454 (Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50428 (Missing Authorization vulnerability in Mondula GmbH Multi Step Form al ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50425 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50424 (Missing Authorization vulnerability in Templately allows Exploiting In ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50423 (Missing Authorization vulnerability in Templately allows Exploiting In ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50422 (Missing Authorization vulnerability in Cloudways Breeze allows Exploit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50421 (Missing Authorization vulnerability in WP Overnight WooCommerce PDF In ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-50348 (InstantCMS is a free and open source content management system. In pho ...)
-	TODO: check
+	NOT-FOR-US: InstantCMS
 CVE-2024-48573 (A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows ...)
-	TODO: check
+	NOT-FOR-US: AquilaCMS
 CVE-2024-48572 (A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allow ...)
-	TODO: check
+	NOT-FOR-US: AquilaCMS
 CVE-2024-48461 (Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v ...)
-	TODO: check
+	NOT-FOR-US: TeslaLogger Admin Panel
 CVE-2024-48206 (A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.po ...)
 	TODO: check
 CVE-2024-48138 (A remote code execution (RCE) vulnerability in the component /PluXml/c ...)
@@ -119,31 +119,31 @@ CVE-2024-44081 (In Jitsi Meet before 2.0.9779, the functionality to share a vide
 CVE-2024-44080 (In Jitsi Meet before 2.0.9779, the functionality to share an image usi ...)
 	TODO: check
 CVE-2024-10509 (A vulnerability, which was classified as critical, has been found in C ...)
-	TODO: check
+	NOT-FOR-US: Codezips Online Institute Management System
 CVE-2024-10507 (A vulnerability classified as critical was found in Codezips Free Exam ...)
-	TODO: check
+	NOT-FOR-US: Codezips Free Exam Hall Seating Management System
 CVE-2024-10506 (A vulnerability classified as critical has been found in code-projects ...)
-	TODO: check
+	NOT-FOR-US: code-projects Blood Bank System
 CVE-2024-10505 (A vulnerability was found in wuzhicms 4.1.0. It has been classified as ...)
-	TODO: check
+	NOT-FOR-US: wuzhicms
 CVE-2024-10503 (A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and c ...)
 	TODO: check
 CVE-2024-10502 (A vulnerability has been found in ESAFENET CDG 5 and classified as cri ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET CDG 5
 CVE-2024-10501 (A vulnerability, which was classified as critical, was found in ESAFEN ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET CDG 5
 CVE-2024-10500 (A vulnerability, which was classified as critical, has been found in E ...)
-	TODO: check
+	NOT-FOR-US: ESAFENET CDG 5
 CVE-2024-10399 (The Download Monitor plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10228 (The Vagrant VMWare Utility Windows installer targeted a custom locatio ...)
 	TODO: check
 CVE-2024-10223 (The WP Team \u2013 WordPress Team Member Plugin plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10108 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-5816 (The Code Explorer plugin for WordPress is vulnerable to arbitrary exte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-46956 [PostScript interpreter - fix buffer length check]
 	- ghostscript 10.04.0~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d39eb6a09f050904daeecfb5b6334a15db7019ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d39eb6a09f050904daeecfb5b6334a15db7019ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241030/5069cc39/attachment.htm>

More information about the debian-security-tracker-commits mailing list