[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 12 21:40:01 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b1d7d8e1 by Salvatore Bonaccorso at 2024-09-12T22:39:17+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all versions fr ...)
TODO: check
CVE-2024-8750 (Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This ...)
- TODO: check
+ NOT-FOR-US: idoit pro
CVE-2024-8749 (SQL injection vulnerability in idoit pro version 28. This vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: idoit pro
CVE-2024-8711 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Food Ordering Management System
CVE-2024-8710 (A vulnerability classified as critical was found in code-projects Inve ...)
- TODO: check
+ NOT-FOR-US: code-projects Inventory Management
CVE-2024-8709 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best House Rental Management System
CVE-2024-8708 (A vulnerability was found in SourceCodester Best House Rental Manageme ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best House Rental Management System
CVE-2024-8707 (A vulnerability was found in \u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u670 ...)
- TODO: check
+ NOT-FOR-US: Yunke Online School System
CVE-2024-8706 (A vulnerability was found in JFinalCMS up to 20240903. It has been cla ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2024-8705 (A vulnerability was found in Shandong Star Measurement and Control Equ ...)
- TODO: check
+ NOT-FOR-US: Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System
CVE-2024-8696 (A remote code execution (RCE) vulnerability via crafted extension publ ...)
TODO: check
CVE-2024-8695 (A remote code execution (RCE) vulnerability via crafted extension desc ...)
TODO: check
CVE-2024-8694 (A vulnerability, which was classified as problematic, was found in JFi ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2024-8641 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
TODO: check
CVE-2024-8640 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -33,73 +33,73 @@ CVE-2024-8635 (A server-side request forgery issue has been discovered in GitLab
CVE-2024-8631 (A privilege escalation issue has been discovered in GitLab EE affectin ...)
TODO: check
CVE-2024-8622 (The amCharts: Charts and Maps plugin for WordPress is vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8533 (A privilege escalation vulnerability exists in the Rockwell Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-8529 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8522 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8311 (An issue was discovered with pipeline execution policies in GitLab EE ...)
TODO: check
CVE-2024-8124 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-8056 (The MM-Breaking News WordPress plugin through 0.7.9 does not escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8054 (The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7890 (Local privilege escalation allows a low-privileged user to gain SYSTEM ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2024-7889 (Local privilege escalation allows a low-privileged user to gain SYSTEM ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2024-7862 (The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7861 (The Misiek Paypal WordPress plugin through 1.1.20090324 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7860 (The Simple Headline Rotator WordPress plugin through 1.0 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7859 (The Visual Sound WordPress plugin through 1.03 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7822 (The Quick Code WordPress plugin through 1.0 does not have CSRF check i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7820 (The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7818 (The Misiek Photo Album WordPress plugin through 1.4.3 does not have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7817 (The Misiek Photo Album WordPress plugin through 1.4.3 does not have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7816 (The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7766 (The Adicon Server WordPress plugin through 1.2 does not sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6887 (The Giveaways and Contests by RafflePress WordPress plugin before 1.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6702 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2024-6701 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS i ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2024-6700 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS i ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2024-6678 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-6658 (Improper Input Validation vulnerability of Authenticated User in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-6510 (Local Privilege Escalation in AVG Internet Security v24 on Windows all ...)
- TODO: check
+ NOT-FOR-US: AVG Internet Security
CVE-2024-6446 (An issue has been discovered in GitLab affecting all versions starting ...)
TODO: check
CVE-2024-6389 (An issue was discovered in GitLab-CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-6077 (A denial-of-service vulnerability exists in the Rockwell Automation af ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-6019 (The Music Request Manager WordPress plugin through 1.3 does not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6018 (The Music Request Manager WordPress plugin through 1.3 does not escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6017 (The Music Request Manager WordPress plugin through 1.3 does not have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5799 (The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5435 (An issue has been discovered discovered in GitLab EE/CE affecting all ...)
TODO: check
CVE-2024-4660 (An issue has been discovered in GitLab EE affecting all versions start ...)
@@ -109,7 +109,7 @@ CVE-2024-4612 (An issue has been discovered in GitLab EE affecting all versions
CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0 or newer ...)
- TODO: check
+ NOT-FOR-US: Cleanlab project
CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all versions of t ...)
TODO: check
CVE-2024-45855 (Deserialization of untrusted data can occur in versions 23.10.2.0 and ...)
@@ -133,25 +133,25 @@ CVE-2024-45847 (An arbitrary code execution vulnerability exists in versions 23.
CVE-2024-45846 (An arbitrary code execution vulnerability exists in versions 23.10.3.0 ...)
TODO: check
CVE-2024-45826 (CVE-2024-45826 IMPACT Due to improper input validation, a path travers ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-45825 (CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-45824 (CVE-2024-45824 IMPACT A remote code vulnerability exists in the aff ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-45823 (CVE-2024-45823 IMPACT An authentication bypass vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-45624 (Exposure of sensitive information due to incompatible policies issue e ...)
TODO: check
CVE-2024-45607 (whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official AP ...)
TODO: check
CVE-2024-45383 (A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA ...)
- TODO: check
+ NOT-FOR-US: Microsoft High Definition Audio Bus Driver
CVE-2024-45303 (Discourse Calendar plugin adds the ability to create a dynamic calenda ...)
- TODO: check
+ NOT-FOR-US: Discourse Calendar plugin
CVE-2024-45182 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey befor ...)
- TODO: check
+ NOT-FOR-US: WIBU-SYSTEMS WibuKey
CVE-2024-45181 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey befor ...)
- TODO: check
+ NOT-FOR-US: WIBU-SYSTEMS WibuKey
CVE-2024-44460 (An invalid read size in Nanomq v0.21.9 allows attackers to cause a Den ...)
TODO: check
CVE-2024-44459 (A memory allocation issue in vernemq v2.0.1 allows attackers to cause ...)
@@ -161,65 +161,65 @@ CVE-2024-42484 (ESP-NOW Component provides a connectionless Wi-Fi communication
CVE-2024-42483 (ESP-NOW Component provides a connectionless Wi-Fi communication protoc ...)
TODO: check
CVE-2024-41629 (An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 a ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments Fusion Digital Power Designer
CVE-2024-40457 (No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that ...)
TODO: check
CVE-2024-3306 (Authorization Bypass Through User-Controlled Key vulnerability in Utar ...)
- TODO: check
+ NOT-FOR-US: Utarit Information SoliClub
CVE-2024-3305 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Utarit Information SoliClub
CVE-2024-3163 (The Easy Property Listings WordPress plugin before 3.5.4 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38222 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37397 (An External XML Entity (XXE) vulnerability in the provisioning web ser ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-36066 (The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets o ...)
TODO: check
CVE-2024-34785 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34783 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34779 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34336 (User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 al ...)
- TODO: check
+ NOT-FOR-US: ORDAT FOSS-Online
CVE-2024-34335 (ORDAT FOSS-Online before version 2.24.01 was discovered to contain a r ...)
- TODO: check
+ NOT-FOR-US: ORDAT FOSS-Online
CVE-2024-34334 (ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL inje ...)
- TODO: check
+ NOT-FOR-US: ORDAT FOSS-Online
CVE-2024-32848 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32846 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32845 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32843 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32842 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32840 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-2743 (An issue was discovered in GitLab-EE starting with version 13.3 before ...)
TODO: check
CVE-2024-2010 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
TODO: check
CVE-2024-29847 (Deserialization of untrusted data in the agent portal of Ivanti EPM be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28991 (SolarWinds Access Rights Manager (ARM) was found to be susceptible to ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Access Rights Manager (ARM)
CVE-2024-28990 (SolarWinds Access Rights Manager (ARM) was found to contain a hard-cod ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Access Rights Manager (ARM)
CVE-2024-28981 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-27321 (An arbitrary code execution vulnerability exists in versions 0.0.8 and ...)
TODO: check
CVE-2024-27320 (An arbitrary code execution vulnerability exists in versions 0.0.8 and ...)
TODO: check
CVE-2024-25270 (An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit ...)
- TODO: check
+ NOT-FOR-US: Mirapolis LMS
CVE-2024-20430 (A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-8693 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Kaon CG3000
CVE-2024-8692 (A vulnerability classified as critical was found in TDuckCloud TDuckPr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1d7d8e10418e478abd15ec4c4fde88660a71002
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1d7d8e10418e478abd15ec4c4fde88660a71002
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240912/f9c0434d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list