Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cdfdc5ae by Moritz Mühlenhoff at 2024-10-16T15:40:45+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38,83 +38,83 @@ CVE-2024-9954 (Use after free in AI in Google Chrome prior
to 130.0.6723.58 allo
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9937 (The Woo Manage Fraud Orders plugin for WordPress is vulnerable
to Refl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9891 (The Multiline files upload for contact form 7 plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9888 (The ElementInvader Addons for Elementor plugin for WordPress is
vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9873 (The Community by PeepSo \u2013 Social Network, Membership,
Registratio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9652 (The Locatoraid Store Locator plugin for WordPress is vulnerable
to Ref ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9649 (The WP ULike \u2013 The Ultimate Engagement Toolkit for
Websites plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9647 (The Kama SpamBlock plugin for WordPress is vulnerable to
Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9634 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9594 (A security issue was discovered in the Kubernetes Image Builder
versio ...)
- TODO: check
+ NOT-FOR-US: Kubernetes Image Builder
CVE-2024-9582 (The Accordion Slider plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9540 (The Sina Extension for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9521 (The SEO Manager plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9486 (A security issue was discovered in the Kubernetes Image Builder
versio ...)
- TODO: check
+ NOT-FOR-US: Kubernetes Image Builder
CVE-2024-9305 (The AppPresser \u2013 Mobile App Framework plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9105 (The UltimateAI plugin for WordPress is vulnerable to
authentication by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9104 (The UltimateAI plugin for WordPress is vulnerable to
authentication by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9061 (The The WP Popup Builder \u2013 Popup Forms and Marketing Lead
Generat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8918 (The File Manager Pro plugin for WordPress is vulnerable to
Limited Jav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8787 (The Smart Online Order for Clover plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8746 (The File Manager Pro plugin for WordPress is vulnerable to
arbitrary b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8541 (The Discount Rules for WooCommerce \u2013 Create Smart
WooCommerce Cou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8507 (The File Manager Pro plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49340 (IBM Watson Studio Local 1.2.3 is vulnerable to cross-site
request forg ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-48783 (An issue in Ruijie NBR3000D-E Gateway allows a remote attacker
to obta ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-48782 (File Upload vulnerability in DYCMS Open-Source Version
v2.0.9.41 allow ...)
- TODO: check
+ NOT-FOR-US: DYCMS
CVE-2024-48781 (An issue in Wanxing Technology Yitu Project Management Kirin
Edition 2 ...)
- TODO: check
+ NOT-FOR-US: Wanxing Technology
CVE-2024-48779 (An issue in Wanxing Technology's Yitu project Management
Software 3.2. ...)
- TODO: check
+ NOT-FOR-US: Wanxing Technology
CVE-2024-48714 (In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function
handles th ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48713 (In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function
handles ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48712 (In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function
handles the pa ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48710 (In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function
handles ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-48411 (itsourcecode Online Tours and Travels Management System v1.0
is vulner ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Tours and Travels Management System
CVE-2024-45715 (The SolarWinds Platform was susceptible to a Cross-Site
Scripting vuln ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45714 (Application is vulnerable to Cross Site Scripting (XSS) an
authenticat ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45711 (SolarWinds Serv-U is vulnerable to a directory traversal
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45710 (SolarWinds Platform is susceptible to an Uncontrolled Search
Path Elem ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45217 (Insecure Default Initialization of Resource vulnerability in
Apache So ...)
TODO: check
CVE-2024-45216 (Improper Authentication vulnerability in Apache Solr. Solr
instances ...)
TODO: check
CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial
of serv ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of
Service ...)
TODO: check
CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in
ImageOverlay::parse() decodi ...)
@@ -124,111 +124,111 @@ CVE-2024-38204 (Improper Access Control in Imagine Cup
allows an authorized atta
CVE-2024-38190 (Missing authorization in Power Platform allows an
unauthenticated atta ...)
TODO: check
CVE-2024-38139 (Improper authentication in Microsoft Dataverse allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-31955 (An issue was discovered in Samsung eMMC with KLMAG2GE4A and
KLM8G1WEMB ...)
- TODO: check
+ NOT-FOR-US: MicrosoftSamsung
CVE-2024-10018 (Improper permission control in the mobile application
(com.transsion.a ...)
TODO: check
CVE-2024-10004 (Opening an external link to an HTTP website when Firefox iOS
was previ ...)
TODO: check
CVE-2023-7296 (The BigBlueButton plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7295 (The Video Grid plugin for WordPress is vulnerable to Reflected
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7294 (The Paytium: Mollie payment forms & donations plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7293 (The Paytium: Mollie payment forms & donations plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7292 (The Paytium: Mollie payment forms & donations plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7291 (The Paytium: Mollie payment forms & donations plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7290 (The Paytium: Mollie payment forms & donations plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7289 (The Paytium: Mollie payment forms & donations plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7288 (The Paytium: Mollie payment forms & donations plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7287 (The Paytium: Mollie payment forms & donations plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7286 (The plugin ACF Quick Edit Fields for WordPress is vulnerable to
Insecu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4974 (The Freemius SDK, as used by hundreds of WordPress plugin and
theme de ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin SDK
CVE-2022-4973 (WordPress Core, in versions up to 6.0.2, is vulnerable to
Authenticate ...)
TODO: check
CVE-2022-4972 (The Download Monitor plugin for WordPress is vulnerable to
authorizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4971 (The Sassy Social Share plugin for WordPress is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4452 (The Google Language Translator plugin for WordPress is
vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4451 (The NinjaFirewall plugin for WordPress is vulnerable to
Authenticated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4450 (The Post Grid plugin for WordPress is vulnerable to blind SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4449 (The ZoomSounds plugin for WordPress is vulnerable to arbitrary
file up ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4448 (The Kaswara Modern VC Addons plugin for WordPress is vulnerable
to aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4447 (The Essential Addons for Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4446 (The Essential Addons for Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4445 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4444 (The Product Filter by WooBeWoo plugin for WordPress is
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4443 (The WordPress Mega Menu plugin for WordPress is vulnerable to
Arbitrar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36842 (The Migration, Backup, Staging \u2013 WPvivid plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36840 (The Timetable and Event Schedule by MotoPress plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36839 (The WP Lead Plus X plugin for WordPress is vulnerable to
Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36838 (The Facebook Chat Plugin for WordPress is vulnerable to
authorization ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36837 (The ThemeGrill Demo Importer plugin for WordPress is
vulnerable to aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36836 (The WP Fastest Cache plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36835 (The Migration, Backup, Staging \u2013 WPvivid plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36834 (The Discount Rules for WooCommerce plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36833 (The Indeed Membership Pro plugin for WordPress is vulnerable
to author ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36832 (The Ultimate Membership Pro plugin for WordPress is vulnerable
to Auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36831 (The NextScripts: Social Networks Auto-Poster plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25217 (The SiteGround Optimizer plugin for WordPress is vulnerable to
authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25216 (The Rich Review plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25215 (The ARI-Adminer plugin for WordPress is vulnerable to
authorization by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25214 (The ShopWP plugin for WordPress is vulnerable to authorization
bypass ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25213 (The Advanced Access Manager plugin for WordPress is vulnerable
to Unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2018-25105 (The File Manager plugin for WordPress is vulnerable to
authorization ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20194 (The Formidable Form Builder plugin for WordPress is vulnerable
to Sens ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20193 (The Product Vendors is vulnerable to Reflected Cross-Site
Scripting vi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2017-20192 (The Formidable Form Builder plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15042 (The Frontend File Manager (versions < 4.0), N-Media Post
Front-end For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15041 (The MainWP Dashboard \u2013 The Private WordPress Manager for
Multiple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2016-15040 (The Kento Post View Counter plugin for WordPress is vulnerable
to SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2012-10018 (The Mapplic and Mapplic Lite plugins for WordPress are
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45693 (Users logged into the Apache CloudStack's web interface can be
tricked ...)
NOT-FOR-US: Apache CloudStack
CVE-2024-45462 (The logout operation in the CloudStack web interface does not
expire t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdfdc5ae9d438afa52b980eef73215a761bf132a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdfdc5ae9d438afa52b980eef73215a761bf132a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
