Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
84cba931 by Salvatore Bonaccorso at 2024-09-13T22:35:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,53 +1,53 @@
CVE-2024-8784 (A vulnerability classified as critical was found in QDocs Smart
School ...)
- TODO: check
+ NOT-FOR-US: QDocs Smart School Management System
CVE-2024-8783 (A vulnerability classified as problematic has been found in
OpenTibiaB ...)
- TODO: check
+ NOT-FOR-US: OpenTibiaBR MyAAC
CVE-2024-8782 (A vulnerability was found in JFinalCMS up to 1.0. It has been
rated as ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2024-8747 (The Email Obfuscate Shortcode plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8737 (The PDF Thumbnail Generator plugin for WordPress is vulnerable
to Refl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8734 (The Lucas String Replace plugin for WordPress is vulnerable to
Reflect ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8732 (The Roles & Capabilities plugin for WordPress is vulnerable to
Reflect ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8731 (The Cron Jobs plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8730 (The Exit Notifier plugin for WordPress is vulnerable to
Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8714 (The WordPress Affiliates Plugin \u2014 SliceWP Affiliates
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8281 (An input validation weakness was discovered in XCC that could
allow a ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-8280 (An input validation weakness was discovered in XCC that could
allow a ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-8279 (A privilege escalation vulnerability was discovered in XCC that
could ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-8278 (A privilege escalation vulnerability was discovered in XCC that
could ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-8269 (The MStore API \u2013 Create Native Android & iOS Apps On The
Cloud pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8242 (The MStore API \u2013 Create Native Android & iOS Apps On The
Cloud pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8059 (IPMI credentials may be captured in XCC audit log entries when
the acc ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-7756 (A potential vulnerability was reported in the ThinkPad L390
Yoga and 1 ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-7423 (The Stream plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6867 (An information disclosure vulnerability exists in the
lunary-ai/lunary ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-6862 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
lunary-ai/ ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-6656 (Use of Hard-coded Credentials vulnerability in TNB Mobile
Solutions Co ...)
- TODO: check
+ NOT-FOR-US: TNB Mobile Solutions Cockpit Software
CVE-2024-6587 (A Server-Side Request Forgery (SSRF) vulnerability exists in
berriai/l ...)
- TODO: check
+ NOT-FOR-US: berriai/litellm
CVE-2024-6582 (A broken access control vulnerability exists in the latest
version of ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-6544 (The Custom Post Limits plugin for WordPress is vulnerable to
full path ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6258 (BT: Missing length checks of net_buf in rfcomm_handle_data)
TODO: check
CVE-2024-6137 (BT: Classic: SDP OOB access in get_att_search_list)
@@ -55,69 +55,69 @@ CVE-2024-6137 (BT: Classic: SDP OOB access in
get_att_search_list)
CVE-2024-6135 (BT:Classic: Multiple missing buf length checks)
TODO: check
CVE-2024-6087 (An improper access control vulnerability exists in
lunary-ai/lunary at ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-5931 (BT: Unchecked user input in bap_broadcast_assistant)
TODO: check
CVE-2024-5884 (The Beauty theme for WordPress is vulnerable to Stored
Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-5870 (The Tweaker5 theme for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-5869 (The Neighborly theme for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-5867 (The Delicate theme for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-5789 (The Triton Lite theme for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-5754 (BT: Encryption procedure host vulnerability)
TODO: check
CVE-2024-4550 (A potential buffer overflow vulnerability was reported in some
Lenovo ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-46049 (Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack
overflow vulner ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-46048 (Tenda FH451 v1.0.0.9 has a command injection vulnerability in
the form ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-46047 (Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the
fromDhc ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-46046 (Tenda FH451 v1.0.0.9 has a stack overflow vulnerability
located in the ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-46045 (Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability
located in ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-46044 (CH22 V1.0.0.6(468) has a stack overflow vulnerability located
in the f ...)
- TODO: check
+ NOT-FOR-US: CH22
CVE-2024-45368 (The H2-DM1E PLC's authentication protocol appears to utilize
either a ...)
TODO: check
CVE-2024-45113 (ColdFusion versions 2023.6, 2021.12 and earlier are affected
by an Imp ...)
TODO: check
CVE-2024-45112 (Acrobat Reader versions 24.002.21005, 24.001.30159,
20.005.30655, 24.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-45111 (Illustrator versions 28.6, 27.9.5 and earlier are affected by
an out-o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-45109 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-45108 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-45105 (An internal product security audit discovered a UEFI SMM
(System Manag ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-45104 (A valid, authenticated LXCA user without sufficient privileges
may be ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-45103 (A valid, authenticated LXCA user may be able to unmanage an
LXCA manag ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-45101 (A privilege escalation vulnerability was discovered when
Single Sign O ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-44798 (phpgurukul Bus Pass Management System 1.0 is vulnerable to
Cross-site ...)
- TODO: check
+ NOT-FOR-US: phpgurukul Bus Pass Management System
CVE-2024-44685 (Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a
vulnera ...)
- TODO: check
+ NOT-FOR-US: Titan SFTP and Titan MFT Server
CVE-2024-44430 (SQL Injection vulnerability in Best Free Law Office Management
Softwar ...)
- TODO: check
+ NOT-FOR-US: Best Free Law Office Management Software
CVE-2024-43760 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-43759 (Illustrator versions 28.6, 27.9.5 and earlier are affected by
a NULL P ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-43758 (Illustrator versions 28.6, 27.9.5 and earlier are affected by
a Use Af ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-43756 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-43099 (The session hijacking attack targets the application layer's
control m ...)
TODO: check
CVE-2024-42025 (A Command Injection vulnerability found in a Self-Hosted UniFi
Network ...)
@@ -125,15 +125,15 @@ CVE-2024-42025 (A Command Injection vulnerability found
in a Self-Hosted UniFi N
CVE-2024-41874 (ColdFusion versions 2023.9, 2021.15 and earlier are affected
by a Dese ...)
TODO: check
CVE-2024-41869 (Acrobat Reader versions 24.002.21005, 24.001.30159,
20.005.30655, 24.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41867 (After Effects versions 23.6.6, 24.5 and earlier are affected
by a Stac ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41859 (After Effects versions 23.6.6, 24.5 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-41857 (Illustrator versions 28.6, 27.9.5 and earlier are affected by
an Integ ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-3100 (A potential buffer overflow vulnerability was reported in some
Lenovo ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-39926 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS)
1.30.3. ...)
TODO: check
CVE-2024-39925 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS)
1.30.3. ...)
@@ -141,23 +141,23 @@ CVE-2024-39925 (An issue was discovered in Vaultwarden
(formerly Bitwarden_RS) 1
CVE-2024-39924 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS)
1.30.3. ...)
TODO: check
CVE-2024-39385 (Premiere Pro versions 24.5, 23.6.8 and earlier are affected by
a Use A ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-39384 (Premiere Pro versions 24.5, 23.6.8 and earlier are affected by
an out- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-39382 (After Effects versions 23.6.6, 24.5 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-39381 (After Effects versions 23.6.6, 24.5 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-39380 (After Effects versions 23.6.6, 24.5 and earlier are affected
by a Heap ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-34121 (Illustrator versions 28.6, 27.9.5 and earlier are affected by
an Integ ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-31416 (The Eaton Foreseer software provides multiple customizable
input field ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2024-31415 (The Eaton Foreseer software provides the feasibility for the
user to c ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2024-31414 (The Eaton Foreseer software provides users the capability to
customize ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2024-46713 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)
@@ -173159,7 +173159,7 @@ CVE-2022-35874 (Four format string injection
vulnerabilities exist in the XCMD t
CVE-2022-35244 (A format string injection vulnerability exists in the XCMD
getVarHA fu ...)
NOT-FOR-US: Abode Systems
CVE-2022-2446 (The WP Editor plugin for WordPress is vulnerable to
deserialization of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2445
REJECTED
CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin
for Wor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84cba93134e5f50521651653d5e20c4c8fc80a2e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84cba93134e5f50521651653d5e20c4c8fc80a2e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
