Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51bcdde4 by Moritz Muehlenhoff at 2024-10-08T12:01:30+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2024-9292 (The Bridge Core plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9021 (In the process of testing the Relevanssi WordPress plugin
before 4.23 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8983 (Custom Twitter Feeds WordPress plugin before 2.2.3 is not
filtering s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8964 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7206 (SSL Pinning BypassineWeLink Some hardware productsallows local
ATTACKE ...)
- TODO: check
+ NOT-FOR-US: eWeLink
CVE-2024-47974 (Race condition during resource shutdown in some Solidigm DC
Products m ...)
- TODO: check
+ NOT-FOR-US: Solidigm DC
CVE-2024-47973 (In some Solidigm DC Products, a defect in device
overprovisioning may ...)
- TODO: check
+ NOT-FOR-US: Solidigm DC
CVE-2024-47969 (Improper resource management in firmware of some Solidigm DC
Products ...)
- TODO: check
+ NOT-FOR-US: Solidigm DC
CVE-2024-47968 (Improper resource shutdown in middle of certain operations on
some Sol ...)
- TODO: check
+ NOT-FOR-US: Solidigm DC
CVE-2024-47967 (Improper resource initialization handling in firmware of some
Solidigm ...)
- TODO: check
+ NOT-FOR-US: Solidigm DC
CVE-2024-47818 (Saltcorn is an extensible, open source, no-code database
application b ...)
TODO: check
CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for
your webs ...)
@@ -27,45 +27,45 @@ CVE-2024-47814 (Vim is an open source, command line text
editor. A use-after-fre
CVE-2024-47782 (WikiDiscover is an extension designed for use with a
CreateWiki manage ...)
TODO: check
CVE-2024-47781 (CreateWiki is an extension used at Miraheze for requesting &
creating ...)
- TODO: check
+ NOT-FOR-US: CreateWiki MediaWiki extension
CVE-2024-47772 (Discourse is an open source platform for community discussion.
An atta ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-47610 (InvenTree is an Open Source Inventory Management System. In
affected v ...)
TODO: check
CVE-2024-47594 (SAP NetWeaver Enterprise Portal (KMC) does not sufficiently
encode use ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-47095 (Cross Site Scripting vulnerability in Follet School Solutions
Destiny ...)
TODO: check
CVE-2024-45919 (A security flaw has been discovered in Solvait version 24.4.2
that all ...)
TODO: check
CVE-2024-45874 (A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: VegaBird
CVE-2024-45873 (A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2
allows attack ...)
- TODO: check
+ NOT-FOR-US: VegaBird
CVE-2024-45382 (in OpenHarmony v4.1.0 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-45297 (Discourse is an open source platform for community discussion.
Users c ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-45291 (PHPSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
- TODO: check
+ NOT-FOR-US: PHPSpreadsheet
CVE-2024-45290 (PHPSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
- TODO: check
+ NOT-FOR-US: PHPSpreadsheet
CVE-2024-45282 (Fields which are in 'read only' state in Bank Statement Draft
in Manag ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-45278 (SAP Commerce Backoffice does not sufficiently encode user
controlled i ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-45277 (The SAP HANA Node.js client package versions from 2.0.0 before
2.21.31 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-45060 (PHPSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
- TODO: check
+ NOT-FOR-US: PHPSpreadsheet
CVE-2024-45051 (Discourse is an open source platform for community discussion.
A malic ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-43789 (Discourse is an open source platform for community discussion.
A user ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-43697 (in OpenHarmony v4.1.0 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-43696 (in OpenHarmony v4.1.0 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-43365 (Cacti is an open source performance and fault management
framework. Th ...)
TODO: check
CVE-2024-43364 (Cacti is an open source performance and fault management
framework. Th ...)
@@ -75,63 +75,63 @@ CVE-2024-43363 (Cacti is an open source performance and
fault management framewo
CVE-2024-43362 (Cacti is an open source performance and fault management
framework. Th ...)
TODO: check
CVE-2024-39831 (in OpenHarmony v4.1.0 allow a local attacker with high
privileges arbi ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-39806 (in OpenHarmony v4.1.0 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-37179 (SAP BusinessObjects Business Intelligence Platform allows an
authentic ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-34672 (Improper input validation in SamsungVideoPlayer prior to
versions 7.3. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34671 (Use of implicit intent for sensitive communication in
translation\ud63 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34670 (Use of implicit intent for sensitive communication in Sound
Assistant ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34669 (Out-of-bounds write in parsing h.263+ format in
librtppayload.so prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34668 (Out-of-bounds write in parsing h.263 format in
librtppayload.so prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34667 (Out-of-bounds write in parsing h.265 format in
librtppayload.so prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34666 (Out-of-bounds write in parsing h.264 format in a specific mode
in libr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34665 (Out-of-bounds write in parsing h.264 format in
librtppayload.so prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34664 (Improper check for exception conditions in Knox Guard prior to
SMR Oct ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34663 (Integer overflow in libSEF.quram.so prior to SMR Oct-2024
Release 1 al ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34662 (Improper access control in ActivityManager prior to SMR
Oct-2024 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-21533 (All versions of the package ggit are vulnerable to Arbitrary
Argument ...)
TODO: check
CVE-2024-21532 (All versions of the package ggit are vulnerable to Command
Injection v ...)
TODO: check
CVE-2024-9576 (Vulnerability in Distro Linux Workbooth v2.5 that allows to
escalate p ...)
- TODO: check
+ NOT-FOR-US: Distro Linux Workbooth
CVE-2024-9574 (SQL injection vulnerability in SOPlanning <1.45, via
/soplanning/www/u ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2024-9573 (SQL injection vulnerability in SOPlanning <1.45, through
/soplanning/w ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2024-9572 (Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45,
due to l ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2024-9571 (Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45,
due to l ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2024-9570 (A vulnerability was found in D-Link DIR-619L B1 2.06 and
classified as ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-9569 (A vulnerability has been found in D-Link DIR-619L B1 2.06 and
classifi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-9568 (A vulnerability, which was classified as critical, was found in
D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-9567 (A vulnerability, which was classified as critical, has been
found in D ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-9566 (A vulnerability classified as critical was found in D-Link
DIR-619L B1 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-47976 (Improper access removal handling in firmware of some Solidigm
DC Produ ...)
- TODO: check
+ NOT-FOR-US: Solidigm DC
CVE-2024-47975 (Improper access control validation in firmware of some
Solidigm DC Pro ...)
- TODO: check
+ NOT-FOR-US: Solidigm DC
CVE-2024-47972 (Improper resource management in firmware of some Solidigm DC
Products ...)
- TODO: check
+ NOT-FOR-US: Solidigm DC
CVE-2024-47971 (Improper error handling in firmware of some SSD DC Products
may allow ...)
TODO: check
CVE-2024-47559 (Authenticated RCE via Path Traversal)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51bcdde4c44e16f5d2ac236c52f99fcdb12f7fb6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51bcdde4c44e16f5d2ac236c52f99fcdb12f7fb6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
