Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
659bd61f by Moritz Muehlenhoff at 2024-10-12T11:09:19+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,215 +1,215 @@
CVE-2024-9860 (The Bridge Core plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9824 (The ImagePress \u2013 Image Gallery plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9821 (The Bot for Telegram on WooCommerce plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9778 (The ImagePress \u2013 Image Gallery plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9776 (The ImagePress \u2013 Image Gallery plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9756 (The Order Attachments for WooCommerce plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9704 (The Social Sharing (by Danny) plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9670 (The 2D Tag Cloud plugin for WordPress is vulnerable to
Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9656 (The Mynx Page Builder plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9592 (The Easy PayPal Gift Certificate plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9187 (The Read more By Adam plugin for WordPress is vulnerable to
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9047 (The WordPress File Upload plugin for WordPress is vulnerable to
Path T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7489 (The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp
List p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48938 (Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16
allows ...)
TODO: check
CVE-2024-48937 (Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16
allows ...)
TODO: check
CVE-2024-48788 (An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a
remote att ...)
- TODO: check
+ NOT-FOR-US: YESCAM
CVE-2024-48772 (An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a
remote att ...)
- TODO: check
+ NOT-FOR-US: C-CHIP
CVE-2024-46468 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the jpres ...)
- TODO: check
+ NOT-FOR-US: jpress
CVE-2024-45754 (An issue was discovered in the centreon-bi-server component in
Centreo ...)
- TODO: check
+ NOT-FOR-US: Centreon BI Server
CVE-2024-45184 (An issue was discovered in Samsung Mobile Processor, Wearable
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-35522 (Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition
before 1 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-35517 (Netgear XR1000 v1.0.0.64 is vulnerable to command injection in
usb_rem ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-9869
REJECTED
CVE-2024-9859 (Type confusion in WebAssembly in Google Chrome prior to
126.0.6478.126 ...)
TODO: check
CVE-2024-9856 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM
1.3.8. I ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-9855 (A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM
1.3.8. I ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-9539 (An information disclosure vulnerability was identified in
GitHub Enter ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2024-9538 (The ShopLentor plugin for WordPress is vulnerable to Sensitive
Informa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9164 (An issue was discovered in GitLab EE affecting all versions
starting f ...)
TODO: check
CVE-2024-9046 (A DLL hijack vulnerability was reported in Lenovo stARstudio
that coul ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-9002 (CWE-269: Improper Privilege Management vulnerability exists
that could ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8970 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
TODO: check
CVE-2024-8913 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page
Templa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8912 (An HTTP Request Smuggling vulnerability in Looker allowed an
unauthori ...)
- TODO: check
+ NOT-FOR-US: Looker
CVE-2024-8755 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-8531 (CWE-347: Improper Verification of Cryptographic Signature
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8530 (CWE-306: Missing Authentication for Critical Function
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2024-8376 (In Eclipse Mosquitto up to version 2.0.18a, an attacker can
achieve me ...)
TODO: check
CVE-2024-7514 (The WordPress Comments Import & Export plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6985 (A path traversal vulnerability exists in the api
open_personality_fold ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-6971 (A path traversal vulnerability exists in the
parisneo/lollms-webui rep ...)
- TODO: check
+ NOT-FOR-US: lollms-webui
CVE-2024-6657 (A denial of service may be caused to a single peripheral device
in a B ...)
- TODO: check
+ NOT-FOR-US: Silabs
CVE-2024-5474 (A potential information disclosure vulnerability was reported
in Lenov ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-5005 (An issue has been discovered discovered in GitLab EE/CE
affecting all ...)
TODO: check
CVE-2024-4132 (A DLL hijack vulnerability was reported in Lenovo Lock Screen
that cou ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-4131 (A DLL hijack vulnerability was reported in Lenovo Emulator that
could ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-4130 (A DLL hijack vulnerability was reported in Lenovo App Store
that could ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-4089 (A DLL hijack vulnerability was reported in Lenovo Super File
that coul ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-48827 (An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker
to exec ...)
- TODO: check
+ NOT-FOR-US: sbondCo Watcharr
CVE-2024-48813 (SQL injection vulnerability in
employee-management-system-php-and-mysq ...)
- TODO: check
+ NOT-FOR-US: employee-management-system-php-and-mysql
CVE-2024-48787 (An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5
allows a ...)
- TODO: check
+ NOT-FOR-US: Revic Optics Revic Ops
CVE-2024-48786 (An issue in SWITCHBOT INC SwitchBot
(com.theswitchbot.switchbot) 5.0.4 ...)
- TODO: check
+ NOT-FOR-US: SwitchBot
CVE-2024-48784 (An Incorrect Access Control issue in SAMPMAX
com.sampmax.homemax 2.1.2 ...)
- TODO: check
+ NOT-FOR-US: SAMPMAX
CVE-2024-48778 (An issue in GIANT MANUFACTURING CO., LTD RideLink
(tw.giant.ridelink) ...)
- TODO: check
+ NOT-FOR-US: GIANT MANUFACTURING CO
CVE-2024-48777 (LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: LEDVANCE
CVE-2024-48776 (An issue in Shelly com.home.shelly 1.0.4 allows a remote
attacker to o ...)
- TODO: check
+ NOT-FOR-US: com.home.shelly
CVE-2024-48775 (An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: com.ezset.delaney
CVE-2024-48774 (An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6
allows a ...)
- TODO: check
+ NOT-FOR-US: com.fermax.vida
CVE-2024-48773 (An issue in WoFit v.7.2.3 allows a remote attacker to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: WoFit
CVE-2024-48771 (An issue in almando GmbH Almando Play APP (com.almando.play)
1.8.2 all ...)
- TODO: check
+ NOT-FOR-US: com.almando.play
CVE-2024-48770 (An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0
allows a rem ...)
- TODO: check
+ NOT-FOR-US: com.wisdomcity.zwave
CVE-2024-48769 (An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0
allows a re ...)
- TODO: check
+ NOT-FOR-US: de.burgwachter.keyapp.app
CVE-2024-48768 (An issue in almaodo GmbH appinventor.ai_google.almando_control
2.3.1 a ...)
- TODO: check
+ NOT-FOR-US: appinventor.ai_google.almando_control
CVE-2024-48041 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48040 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48033 (Deserialization of Untrusted Data vulnerability in Elie
Burstein, Bapt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48020 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47884 (foxmarks is a CLI read-only interface for Firefox's bookmarks
and hist ...)
- TODO: check
+ NOT-FOR-US: foxmarks
CVE-2024-47877 (Extract is aA Go library to extract archives in zip, tar.gz or
tar.bz2 ...)
- TODO: check
+ NOT-FOR-US: codeclysm/extract Go library
CVE-2024-47875 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS
sanitizer for H ...)
TODO: check
CVE-2024-47830 (Plane is an open-source project management tool. Plane uses
the ** wil ...)
- TODO: check
+ NOT-FOR-US: Plane
CVE-2024-47509 (An Allocation of Resources Without Limits or
Throttlingvulnerability i ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2024-47508 (An Allocation of Resources Without Limits or
Throttlingvulnerability i ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2024-47505 (An Allocation of Resources Without Limits or
Throttlingvulnerability i ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2024-47353 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in Q ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47331 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-47074 (DataEase is an open source data visualization analysis tool.
In Dataea ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2024-46532 (SQL Injection vulnerability in OpenHIS v.1.0 allows an
attacker to exe ...)
- TODO: check
+ NOT-FOR-US: OpenHIS
CVE-2024-46215 (A vulnerability was discovered in KM08-708H-v1.1, There is a
buffer ov ...)
- TODO: check
+ NOT-FOR-US: KM08-708H-v1.1
CVE-2024-46088 (An arbitrary file upload vulnerability in the
ProductAction.entphone i ...)
- TODO: check
+ NOT-FOR-US: Zhejiang University Entersoft Customer Resource Management
System
CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Wh ...)
TODO: check
CVE-2024-45402 (Picotls is a TLS protocol library that allows users select
different c ...)
- TODO: check
+ - picotls <itp> (bug #925405)
CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Wh ...)
TODO: check
CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to
commtit d ...)
- TODO: check
+ NOT-FOR-US: Quicly
CVE-2024-45317 (A Server-Side Request Forgery (SSRF) vulnerability in SMA1000
applianc ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-45316 (The Improper link resolution before file access ('Link
Following') vul ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-45315 (The Improper link resolution before file access ('Link
Following') vul ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-44807 (A directory listing issue in the baserCMS plugin in D-ZERO
CO., LTD. B ...)
- TODO: check
+ NOT-FOR-US: baserCMS plugin
CVE-2024-44734 (Incorrect access control in Mirotalk before commit 9de226
allows attac ...)
- TODO: check
+ NOT-FOR-US: Mirotalk
CVE-2024-44731 (Mirotalk before commit 9de226 was discovered to contain a
DOM-based cr ...)
- TODO: check
+ NOT-FOR-US: Mirotalk
CVE-2024-44730 (Incorrect access control in the function
handleDataChannelChat(dataMes ...)
- TODO: check
+ NOT-FOR-US: Mirotalk
CVE-2024-44729 (Incorrect access control in the component app/src/server.js of
Mirotal ...)
- TODO: check
+ NOT-FOR-US: Mirotalk
CVE-2024-44415 (A vulnerability was discovered in DI_8200-16.07.26A1, There is
a buffe ...)
- TODO: check
+ NOT-FOR-US: DI_8200-16.07.26A1
CVE-2024-44414 (A vulnerability was discovered in FBM_292W-21.03.10V, which
has been c ...)
- TODO: check
+ NOT-FOR-US: FBM_292W-21.03.10V
CVE-2024-44413 (A vulnerability was discovered in DI_8200-16.07.26A1, which
has been c ...)
- TODO: check
+ NOT-FOR-US: DI_8200-16.07.26A1
CVE-2024-44157 (A stack buffer overflow was addressed through improved input
validatio ...)
- TODO: check
+ NOT-FOR-US: APple
CVE-2024-42640 (angular-base64-upload prior to v0.1.21 is vulnerable to
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: angular-base64-upload
CVE-2024-42018 (An issue was discovered in Atos Eviden SMC xScale before
1.6.6. During ...)
- TODO: check
+ NOT-FOR-US: Atos
CVE-2024-38365 (btcd is an alternative full node bitcoin implementation
written in Go ...)
- TODO: check
+ NOT-FOR-US: btcd
CVE-2024-33582 (A DLL hijack vulnerability was reported in Lenovo Service
Framework th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-33581 (A DLL hijack vulnerability was reported in Lenovo PC Manager
AI intell ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-33580 (A DLL hijack vulnerability was reported in Lenovo Personal
Cloud that ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-33579 (A DLL hijack vulnerability was reported in Lenovo Baiying that
could a ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-33578 (A DLL hijack vulnerability was reported in Lenovo Leyun that
could all ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Th ...)
TODO: check
CVE-2023-42133 (PAX Android based POS devices allow for escalation of
privilege via im ...)
- TODO: check
+ NOT-FOR-US: PAX Android based POS devices
CVE-2024-9779
NOT-FOR-US: Open Cluster Management (OCM)
CVE-2024-47499 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
@@ -845,6 +845,7 @@ CVE-2024-46304 (A NULL pointer dereference in libcoap
v4.3.5-rc2 and below allow
NOTE: https://github.com/obgm/libcoap/issues/1509
CVE-2024-46292 (A buffer overflow in modsecurity v3.0.12 allows attackers to
cause a D ...)
TODO: check
+ NOTE: Being sorted out by upstream whether it's an actual issue
CVE-2024-46237 (PHPGurukul Hospital Management System 4.0 is vulnerable to
Cross Site ...)
NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2024-45918 (Fujian Kelixin Communication Command and Dispatch Platform
<=7.6.6.439 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659bd61f95cb2bf1ee8c55c9b24d434867e3c123
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659bd61f95cb2bf1ee8c55c9b24d434867e3c123
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
