Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f2f049b0 by Salvatore Bonaccorso at 2024-10-25T22:33:27+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,115 +1,115 @@
CVE-2024-9991 (This vulnerability exists in Philips lighting devices due to
storage o ...)
- TODO: check
+ NOT-FOR-US: Philips lighting devices
CVE-2024-9585 (The Image Map Pro plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9584 (The Image Map Pro plugin for WordPress is vulnerable to
unauthorized m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8666 (The Shoutcast Icecast HTML5 Radio Player plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8036 (ABB is aware of privately reported vulnerabilities in the
product vers ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2024-49767 (Werkzeug is a Web Server Gateway Interface web application
library. Ap ...)
TODO: check
CVE-2024-49766 (Werkzeug is a Web Server Gateway Interface web application
library. On ...)
TODO: check
CVE-2024-49757 (The open-source identity infrastructure software Zitadel
allows admini ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-49753 (Zitadel is open-source identity infrastructure software.
Versions prio ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-49381 (Plenti, a static site generator, has an arbitrary file
deletion vulner ...)
- TODO: check
+ NOT-FOR-US: Plenti
CVE-2024-49380 (Plenti, a static site generator, has an arbitrary file write
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Plenti
CVE-2024-49378 (smartUp, a web browser mouse gestures extension, has a
universal cross ...)
- TODO: check
+ NOT-FOR-US: smartUp
CVE-2024-49376 (Autolab, a course management service that enables auto-graded
programm ...)
- TODO: check
+ NOT-FOR-US: Autolab
CVE-2024-48743 (Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2024-48700 (Kliqqi-CMS has a background arbitrary code execution
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Kliqqi-CMS
CVE-2024-48655 (An issue in Total.js CMS v.1.0 allows a remote attacker to
execute arb ...)
- TODO: check
+ NOT-FOR-US: Total.js CMS
CVE-2024-48654 (Cross Site Scripting vulnerability in Blood Bank v.1 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: Blood Bank
CVE-2024-48581 (File Upload vulnerability in Best courier management system in
php v.1 ...)
- TODO: check
+ NOT-FOR-US: Best courier management system in php
CVE-2024-48580 (SQL Injection vulnerability in Best courier management system
in php v ...)
- TODO: check
+ NOT-FOR-US: Best courier management system in php
CVE-2024-48579 (SQL Injection vulnerability in Best House rental management
system pro ...)
- TODO: check
+ NOT-FOR-US: Best House rental management system project in php
CVE-2024-48459 (A command execution vulnerability exists in the AX2 Pro home
router pr ...)
- TODO: check
+ NOT-FOR-US: AX2 Pro home router Shenzhen Tenda Technology Co., Ltd.
(Jixiang Tenda)
CVE-2024-48450 (An arbitrary file upload vulnerability in Huly Platform
v0.6.295 allow ...)
- TODO: check
+ NOT-FOR-US: Huly Platform
CVE-2024-48448 (An arbitrary file upload vulnerability in Huly Platform
v0.6.295 allow ...)
- TODO: check
+ NOT-FOR-US: Huly Platform
CVE-2024-48428 (An issue in Olive VLE allows an attacker to obtain sensitive
informati ...)
- TODO: check
+ NOT-FOR-US: Olive VLE
CVE-2024-48343 (A SQL Injection vulnerability in ESAFENET CDG 5 and earlier
allows an ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-48204 (SQL injection vulnerability in Hanzhou Haobo network
management system ...)
- TODO: check
+ NOT-FOR-US: Hanzhou Haobo network management system
CVE-2024-47483 (Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0,
contain(s) an Imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-47481 (Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an
Imprope ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-47041 (In valid_address of syscall.c, there is a possible out of
bounds read ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47035 (In vring_init of
external/headers/include/virtio/virtio_ring.h, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47034 (there is a possible out of bounds read due to a missing bounds
check. ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47033 (In lwis_allocator_free of lwis_allocator.c, there is a
possible memory ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47031 (Android before 2024-10-05 on Google Pixel devices allows
privilege esc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47030 (Android before 2024-10-05 on Google Pixel devices allows
information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47029 (In TrustySharedMemoryManager::GetSharedMemory of
ondevice/trusty/trust ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47028 (In ffu_flash_pack of ffu.c, there is a possible out of bounds
read due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47027 (In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is
a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47026 (In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of
bounds read ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47025 (In ppmp_protect_buf of drm_fw.c, there is a possible
information discl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47024 (In vring_size of
external/headers/include/virtio/virtio_ring.h, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47023 (there is a possible man-in-the-middle attack due to a logic
error in t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47022 (Android before 2024-10-05 on Google Pixel devices allows
information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47021 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47020 (Android before 2024-10-05 on Google Pixel devices allows
information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47019 (In ProtocolEmbmsSaiListAdapter::Init() of
protocolembmsadapter.cpp, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47018 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47017 (In ufshc_scsi_cmd of ufs.c, there is a possible stack variable
use aft ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47016 (there is a possible privilege escalation due to an insecure
default va ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47015 (In ProtocolMiscHwConfigChangeAdapter::GetData() of
protocolmiscadapter ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47014 (Android before 2024-10-05 on Google Pixel devices allows
privilege esc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47013 (In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-47012 (In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there
is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44101 (there is a possible Null Pointer Dereference (modem crash) due
to impr ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44100 (Android before 2024-10-05 on Google Pixel devices allows
information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44099 (There is a possible Local bypass of user interaction due to an
insecur ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-44098 (In lwis_device_event_states_clear_locked of lwis_event.c,
there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-37847 (An arbitrary file upload vulnerability in MangoOS before 5.1.4
and Man ...)
TODO: check
CVE-2024-37846 (MangoOS before 5.2.0 was discovered to contain a Client-Side
Template ...)
@@ -119,29 +119,29 @@ CVE-2024-37845 (MangoOS before 5.2.0 was discovered to
contain an authenticated
CVE-2024-37844 (A stored cross-site scripting (XSS) vulnerability in MangoOS
before 5. ...)
TODO: check
CVE-2024-10387 (CVE-2024-10387 IMPACT A Denial-of-Service vulnerability
exists in t ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-10386 (CVE-2024-10386 IMPACT An authentication vulnerability
exists in the ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-10381 (This vulnerability exists in Matrix Door Controller Cosec Vega
FAXQ du ...)
TODO: check
CVE-2024-10380 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Petrol Pump Management Software
CVE-2024-10379 (A vulnerability classified as problematic was found in
ESAFENET CDG 5. ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-10378 (A vulnerability classified as critical has been found in
ESAFENET CDG ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-10377 (A vulnerability was found in ESAFENET CDG 5. It has been rated
as crit ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-10376 (A vulnerability was found in ESAFENET CDG 5. It has been
declared as c ...)
- TODO: check
+ NOT-FOR-US: ESAFENET CDG 5
CVE-2024-10374 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10343 (The Beek Widget Extention plugin for WordPress is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10112 (The Simple News plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10016 (The File Upload Types by WPForms plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9686 (The Order Notification for Telegram plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9630 (The WPS Telegram Chat plugin for WordPress is vulnerable to
authorizat ...)
@@ -755,13 +755,13 @@ CVE-2024-42643 (Integer Overflow in fast_ping.c in
SmartDNS Release46 allows rem
CVE-2024-41717 (Kieback & Peter's DDC4000 seriesis vulnerable to a path
traversal vuln ...)
NOT-FOR-US: Kieback & Peter's DDC4000 series
CVE-2024-40494 (Buffer Overflow in coap_msg.c in FreeCoAP allows remote
attackers to e ...)
- TODO: check
+ NOT-FOR-US: FreeCoAP
CVE-2024-40493 (Null Pointer Dereference in `coap_client_exchange_blockwise2`
function ...)
- TODO: check
+ NOT-FOR-US: FreeCoAP
CVE-2024-31880 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
NOT-FOR-US: IBM
CVE-2024-31029 (An issue in the server_handle_regular function of the
test_coap_server ...)
- TODO: check
+ NOT-FOR-US: FreeCoAP
CVE-2024-26519 (An issue in Casa Systems NTC-221 version 2.0.99.0 and before
allows a ...)
NOT-FOR-US: Casa Systems NTC-221
CVE-2024-10231 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69
allowed a ...)
@@ -199316,21 +199316,21 @@ CVE-2022-30363
CVE-2022-30362
RESERVED
CVE-2022-30361 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data
Exposure ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30360 (OvalEdge 5.2.8.0 and earlier is affected by multiple Stored
XSS (AKA P ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30359 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data
Exposure ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30358 (OvalEdge 5.2.8.0 and earlier is affected by an Account
Takeover vulner ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30357 (OvalEdge 5.2.8.0 and earlier is affected by an Account
Takeover vulner ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30356 (OvalEdge 5.2.8.0 and earlier is affected by a Privilege
Escalation vul ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30355 (OvalEdge 5.2.8.0 and earlier is affected by an Account
Takeover vulner ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30354 (OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data
Exposure ...)
- TODO: check
+ NOT-FOR-US: OvalEdge
CVE-2022-30353
RESERVED
CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to
insufficient sanit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f049b019624b5a0e6106e7f2c5a1aa955048cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2f049b019624b5a0e6106e7f2c5a1aa955048cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
