[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jan 23 07:44:29 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76630549 by Moritz Muehlenhoff at 2025-01-23T08:44:07+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -237,33 +237,33 @@ CVE-2024-55488 (A stored cross-site scripting (XSS) vulnerability in Umbraco CMS
CVE-2024-51457 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 ...)
NOT-FOR-US: IBM
CVE-2024-42013 (In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforceme ...)
- TODO: check
+ NOT-FOR-US: GRAU
CVE-2024-42012 (GRAU DATA Blocky before 3.1 stores passwords encrypted rather than has ...)
- TODO: check
+ NOT-FOR-US: GRAU
CVE-2024-34235 (Open5GS MME versions <= 2.6.4 contains an assertion that can be remote ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-31903 (IBM Sterling B2B Integrator Standard Edition6.0.0.0 through 6.1.2.5 an ...)
NOT-FOR-US: IBM
CVE-2024-24432 (A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2 ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24430 (A reachable assertion in the mme_ue_find_by_imsi function of Open5GS < ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24429 (A reachable assertion in the nas_eps_send_emm_to_esm function of Open5 ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-13499 (The The GamiPress \u2013 Gamification plugin to reward points, achieve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13496 (The GamiPress \u2013 Gamification plugin to reward points, achievement ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13495 (The The GamiPress \u2013 Gamification plugin to reward points, achieve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13447 (The WP Hotel Booking plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11166 (For TCAS II systems using transponders compliant with MOPS earlier tha ...)
- TODO: check
+ NOT-FOR-US: Traffic Alert and Collision Avoidance System (TCAS) II
CVE-2024-10929 (In certain circumstances, an issue in Arm Cortex-A72 (revisions before ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-37777 (Synnefo Internet Management Software 2023 was discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: Synnefo
CVE-2023-37023 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Up ...)
NOT-FOR-US: Open5GS
CVE-2023-37022 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE ...)
@@ -571,77 +571,77 @@ CVE-2024-43771 (In gatts_process_read_req of gatt_sr.cc, there is a possible out
CVE-2024-43770 (In gatts_process_find_info of gatt_sr.cc, there is a possible out of b ...)
NOT-FOR-US: Android
CVE-2024-43765 (In multiple locations, there is a possible way to obtain access to a f ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-43763 (In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of s ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-43096 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-43095 (In multiple locations, there is a possible way to obtain any system pe ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-34730 (In multiple locations, there is a possible bypass of user consent to e ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-24451 (A stack overflow in the sctp_server::sctp_receiver_thread component of ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24445 (OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a null dere ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24444 (Improper file descriptor handling for closed connections in OpenAirInt ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24443 (An uninitialized pointer dereference in the ngap_handle_pdu_session_re ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24442 (A NULL pointer dereference in the ngap_app::handle_receive routine of ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24428 (A reachable assertion in the oai_nas_5gmm_decode function of Open5GS < ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24427 (A reachable assertion in the amf_ue_set_suci function of Open5GS <= 2. ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24424 (A reachable assertion in the decode_access_point_name_ie function of M ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24423 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24422 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24421 (A type confusion in the nas_message_decode function of Magma <= 1.8.0 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24420 (A reachable assertion in the decode_linked_ti_ie function of Magma <= ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24419 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24418 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24417 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24416 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-21245 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2024-13590 (The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13584 (The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo List plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13426 (The WP-Polls plugin for WordPress is vulnerable to SQL Injection via C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13406 (The XML for Google Merchant Center plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13361 (The AI Power: Complete AI Pack plugin for WordPress is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13360 (The AI Power: Complete AI Pack plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13319 (The Themify Builder plugin for WordPress is vulnerable to Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13091 (The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12879 (The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12857 (The AdForest theme for WordPress is vulnerable to authentication bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12117 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11218 (A vulnerability was found in `podman build` and `buildah.` This issue ...)
TODO: check
CVE-2023-50733 (A Server-Side Request Forgery (SSRF) vulnerability has been identified ...)
TODO: check
CVE-2023-40132 (In setActualDefaultRingtoneUri of RingtoneManager.java, there is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40108 (In multiple locations, there is a possible way to access media content ...)
TODO: check
CVE-2023-37039 (A Null pointer dereference vulnerability in the Mobile Management Enti ...)
@@ -859,7 +859,7 @@ CVE-2024-51888 (Incorrect Privilege Assignment vulnerability in NotFound Homey L
CVE-2024-51818 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-51417 (An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows rem ...)
- TODO: check
+ NOT-FOR-US: System.Linq.Dynamic.Core
CVE-2024-49700 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-49699 (Deserialization of Untrusted Data vulnerability in NotFound ARPrice al ...)
@@ -156602,9 +156602,9 @@ CVE-2023-27114 (radare2 v5.8.3 was discovered to contain a segmentation fault vi
NOTE: https://github.com/radareorg/radare2/issues/21363
NOTE: https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509
CVE-2023-27113 (pearProjectApi v2.8.10 was discovered to contain a SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: pearProjectApi
CVE-2023-27112 (pearProjectApi v2.8.10 was discovered to contain a SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: pearProjectApi
CVE-2023-27111
RESERVED
CVE-2023-27110
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76630549cc46026857f5d433ce01f075e7c995ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76630549cc46026857f5d433ce01f075e7c995ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/4198a9d3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list