Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1ee7579e by Salvatore Bonaccorso at 2024-11-06T09:29:19+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2024-9946 (The Social Share, Social Login and Social Comments Plugin
\u2013 Super ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9934 (The Wp-ImageZoom WordPress plugin through 1.1.0 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9681 (When curl is asked to use HSTS, the expiry time for a subdomain
might ...)
- curl <unfixed>
[bookworm] - curl <no-dsa> (Minor issue)
@@ -10,15 +10,15 @@ CVE-2024-9681 (When curl is asked to use HSTS, the expiry
time for a subdomain m
NOTE: Introduced by:
https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c
(curl-7_74_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/a94973805df96269bf3f3bf0a20ccb9887313316
(curl-8_11_0)
CVE-2024-9307 (The mFolio Lite plugin for WordPress is vulnerable to file
uploads due ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7995 (A maliciously crafted binary file when downloaded could lead to
escala ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2024-7879 (The WP ULike WordPress plugin before 4.7.5 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6626 (The EleForms \u2013 All In One Form Integration including DB
for Eleme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-52043 (Observable Response Discrepancy vulnerability in HumHub GmbH &
Co. KG ...)
- TODO: check
+ NOT-FOR-US: HumHub
CVE-2024-51756 (The cap-std project is organized around the eponymous
`cap-std` crate, ...)
TODO: check
CVE-2024-51745 (Wasmtime is a fast and secure runtime for WebAssembly.
Wasmtime's file ...)
@@ -26,75 +26,75 @@ CVE-2024-51745 (Wasmtime is a fast and secure runtime for
WebAssembly. Wasmtime'
CVE-2024-51358 (An issue in Linux Server Heimdall v.2.6.1 allows a remote
attacker to ...)
TODO: check
CVE-2024-51116 (Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer
overflo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-51115 (DCME-320 v7.4.12.90 was discovered to contain a command
injection vuln ...)
- TODO: check
+ NOT-FOR-US: DCME-320
CVE-2024-49409 (Out-of-bounds write in Battery Full Capacity node prior to
Firmware up ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49408 (Out-of-bounds write in usb driver prior to Firmware update
Sep-2024 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49407 (Improper access control in Samsung Flow prior to version
4.9.15.7 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49406 (Improper validation of integrity check value in Blockchain
Keystore pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49405 (Improper authentication in Private Info in Samsung Pass in
prior to ve ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49404 (Improper Access Control in Samsung Video Player prior to
versions 7.3. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49403 (Improper access control in Samsung Voice Recorder prior to
version 21. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49402 (Improper input validation in Dressroom prior to SMR Nov-2024
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49401 (Improper input validation in Settings Suggestions prior to SMR
Nov-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-48746 (An issue in Lens Visual integration with Power BI v.4.0.0.3
allows a r ...)
- TODO: check
+ NOT-FOR-US: Lens Visual integration with Power BI
CVE-2024-48176 (Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control.
There is ...)
- TODO: check
+ NOT-FOR-US: Lylme Spage
CVE-2024-47464 (An authenticated Path Traversal vulnerability exists in
Instant AOS-8 ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-47463 (An arbitrary file creation vulnerability exists in the Instant
AOS-8 a ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-47462 (An arbitrary file creation vulnerability exists in the Instant
AOS-8 a ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-47461 (An authenticated command injection vulnerability exists in the
Instant ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-47460 (Command injection vulnerability in the underlying CLI service
could le ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-42509 (Command injection vulnerability in the underlying CLI service
could le ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-34682 (Improper authorization in Settings prior to SMR Nov-2024
Release 1 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34681 (Improper input validation in BluetoothAdapter prior to SMR
Nov-2024 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34680 (Use of implicit intent for sensitive communication in WlanTest
prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34679 (Incorrect default permissions in Crane prior to SMR Nov-2024
Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34678 (Out-of-bounds write in libsapeextractor.so prior to SMR
Nov-2024 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34677 (Exposure of sensitive information in System UI prior to SMR
Nov-2024 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34676 (Out-of-bounds write in parsing subtitle file in
libsubextractor.so pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34675 (Improper access control in Dex Mode prior to SMR Nov-2024
Release 1 al ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34674 (Improper access control in Contacts prior to SMR Nov-2024
Release 1 al ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-34673 (Improper Input Validation in IpcProtocol in Modem prior to SMR
Nov-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-10647 (The WS Form LITE \u2013 Drag & Drop Contact Form Builder for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10543 (The Tumult Hype Animations plugin for WordPress is vulnerable
to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10535 (The Video Gallery for WooCommerce plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10084 (The Contact Form 7 \u2013 Dynamic Text Extension plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10028 (The Everest Backup \u2013 WordPress Cloud Backup, Migration,
Restore & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10020 (The Heateor Social Login WordPress plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10826
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -592,7 +592,7 @@ CVE-2024-48059 (gaizhenbiao/chuanhuchatgpt project, version
<=20240802 is vulner
CVE-2024-48057 (localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS).
When cal ...)
NOT-FOR-US: localai
CVE-2024-48052 (In gradio <=4.42.0, the gr.DownloadButton function has a
hidden server ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-48050 (In agentscope <=v0.0.4, the file
agentscope\web\workstation\workflow_u ...)
TODO: check
CVE-2024-47797 (in OpenHarmony v4.1.0 and prior versions allow a local
attacker cause ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ee7579eee38b7ad6c747e78144a1376f54e4cdd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ee7579eee38b7ad6c747e78144a1376f54e4cdd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
