Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5b546f8a by Salvatore Bonaccorso at 2024-11-09T09:35:51+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2024-9874 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image
Polls plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9775 (The Anih - Creative Agency WordPress Theme theme for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9270 (The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9262 (The User Meta \u2013 User Profile Builder and User management
plugin p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9226 (The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page
& Squee ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8960 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8756 (The Quform - WordPress Form Builder plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-52314 (A data.all admin team member who has access to the
customer-owned AWS ...)
TODO: check
CVE-2024-52313 (An authenticated data.all user is able to manipulate a
getDataset quer ...)
@@ -21,47 +21,47 @@ CVE-2024-52312 (Due to inconsistent authorization
permissions, data.all may allo
CVE-2024-52311 (Authentication tokens issued via Cognito in data.all are not
invalidat ...)
TODO: check
CVE-2024-52009 (Atlantis is a self-hosted golang application that listens for
Terrafor ...)
- TODO: check
+ NOT-FOR-US: Atlantis
CVE-2024-52007 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
- TODO: check
+ NOT-FOR-US: HAPI FHIR
CVE-2024-52004 (MediaCMS is an open source video and media CMS, written in
Python/Djan ...)
- TODO: check
+ NOT-FOR-US: MediaCMS
CVE-2024-52002 (Combodo iTop is a simple, web based IT Service Management
tool. Severa ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2024-52001 (Combodo iTop is a simple, web based IT Service Management
tool. In aff ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2024-52000 (Combodo iTop is a simple, web based IT Service Management
tool. Affect ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2024-51157 (07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: 07FLYCMS
CVE-2024-50809 (The theme.php file in SDCMS 2.8 has a command execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SDCMS
CVE-2024-50808 (SeaCms 13.1 is vulnerable to code injection in the
notification module ...)
- TODO: check
+ NOT-FOR-US: SeaCms
CVE-2024-48073 (sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure
Permiss ...)
- TODO: check
+ NOT-FOR-US: sunniwell HT3300
CVE-2024-35427 (vmir e8117 was discovered to contain a segmentation violation
via the ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35426 (vmir e8117 was discovered to contain a stack overflow via the
init_loc ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35425 (vmir e8117 was discovered to contain a segmentation violation
via the ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35424 (vmir e8117 was discovered to contain a segmentation violation
via the ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35423 (vmir e8117 was discovered to contain a heap buffer overflow
via the wa ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35422 (vmir e8117 was discovered to contain a heap buffer overflow
via the wa ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35421 (vmir e8117 was discovered to contain a segmentation violation
via the ...)
- TODO: check
+ NOT-FOR-US: vmir
CVE-2024-35420 (wac commit 385e1 was discovered to contain a heap overflow.)
- TODO: check
+ NOT-FOR-US: wac
CVE-2024-35419 (wac commit 385e1 was discovered to contain a heap overflow via
the loa ...)
- TODO: check
+ NOT-FOR-US: wac
CVE-2024-35418 (wac commit 385e1 was discovered to contain a heap overflow via
the set ...)
- TODO: check
+ NOT-FOR-US: wac
CVE-2024-35410 (wac commit 385e1 was discovered to contain a heap overflow via
the int ...)
- TODO: check
+ NOT-FOR-US: wac
CVE-2024-27532 (wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR)
06df58f is ...)
TODO: check
CVE-2024-27530 (wasm3 139076a contains a Use-After-Free in ForEachModule.)
@@ -73,61 +73,61 @@ CVE-2024-27528 (wasm3 139076a suffers from Invalid Memory
Read, leading to DoS a
CVE-2024-27527 (wasm3 139076a is vulnerable to Denial of Service (DoS).)
TODO: check
CVE-2024-21994 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.9 are ...)
- TODO: check
+ NOT-FOR-US: NetAPP
CVE-2024-11026 (A vulnerability was found in Intelligent Apps Freenow App
12.10.0 on A ...)
- TODO: check
+ NOT-FOR-US: Intelligent Apps Freenow App
CVE-2024-10953 (An authenticated data.all user is able to perform mutating
UPDATE oper ...)
TODO: check
CVE-2024-10876 (The Charitable \u2013 Donation Plugin for WordPress \u2013
Fundraising ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10871 (The Category Ajax Filter plugin for WordPress is vulnerable to
Local F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10814 (The Code Embed plugin for WordPress is vulnerable to
Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10801 (The WordPress User Extra Fields plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10779 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10770 (The Envo Extra plugin for WordPress is vulnerable to
Information Expos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10693 (The SKT Addons for Elementor plugin for WordPress is
vulnerable to Inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10688 (The Attesa Extra plugin for WordPress is vulnerable to
Information Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10683 (The Contact Form 7 \u2013 PayPal & Stripe Add-on plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10674 (The Th Shop Mania theme for WordPress is vulnerable to
unauthorized ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10673 (The Top Store theme for WordPress is vulnerable to
unauthorized arbitr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10669 (The Countdown Timer block \u2013 Display the event's date
into a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10667 (The Content Slider Block plugin for WordPress is vulnerable to
Informa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10627 (The WooCommerce Support Ticket System plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10626 (The WooCommerce Support Ticket System plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10625 (The WooCommerce Support Ticket System plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10589 (The Leopard - WordPress Offload Media plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10588 (The Debug Tool plugin for WordPress is vulnerable to
unauthorized acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10586 (The Debug Tool plugin for WordPress is vulnerable to arbitrary
file cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10547 (The WP Membership plugin for WordPress is vulnerable to
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10508 (The RegistrationMagic \u2013 User Registration Plugin with
Custom Regi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10470 (The WPLMS Learning Management System for WordPress, WordPress
LMS them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10294 (The CE21 Suite plugin for WordPress is vulnerable to
unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10285 (The CE21 Suite plugin for WordPress is vulnerable to sensitive
informa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10284 (The CE21 Suite plugin for WordPress is vulnerable to
authentication by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10973
NOT-FOR-US: Keycloak
CVE-2024-9841 (A Reflected Cross-Site Scripting (XSS) vulnerability has been
identifi ...)
@@ -149,51 +149,51 @@ CVE-2024-51030 (A SQL injection vulnerability in
manage_client.php and view_cab.
CVE-2024-50966 (dingfanzu CMS V1.0 was discovered to contain a Cross-Site
Request Forg ...)
NOT-FOR-US: dingfanzu CMS
CVE-2024-50811 (hopetree izone lts c011b48 contains a server-side request
forgery (SSR ...)
- TODO: check
+ NOT-FOR-US: hopetree izone
CVE-2024-50810 (hopetree izone lts c011b48 contains a Cross Site Scripting
(XSS) vulne ...)
- TODO: check
+ NOT-FOR-US: hopetree izone
CVE-2024-50634 (A vulnerability in a weak JWT token in Watcharr v1.43.0 and
below allo ...)
TODO: check
CVE-2024-50593 (An attacker with local access to the medical office computer
can acce ...)
- TODO: check
+ NOT-FOR-US: Elefant Service tool
CVE-2024-50592 (An attacker with local access the to medical office computer
can esca ...)
- TODO: check
+ NOT-FOR-US: Elefant Update Service
CVE-2024-50591 (An attacker with local access the to medical office computer
can esca ...)
- TODO: check
+ NOT-FOR-US: Elefant Update Service
CVE-2024-50590 (Attackers with local access to the medical office computer can
escala ...)
- TODO: check
+ NOT-FOR-US: Elefant Update Service
CVE-2024-50589 (An unauthenticated attacker with access to the local network
of the m ...)
- TODO: check
+ NOT-FOR-US: Fast Healthcare Interoperability Resources (FHIR) API
CVE-2024-50588 (An unauthenticated attacker with access to the local network
of the m ...)
- TODO: check
+ NOT-FOR-US: Elefant Firebird database
CVE-2024-50378 (Airflow versions before 2.10.3 have a vulnerability that
allows authen ...)
TODO: check
CVE-2024-47190 (Northern.tech Hosted Mender before 2024.07.11 allows SSRF.)
- TODO: check
+ NOT-FOR-US: Northern.tech Hosted Mender
CVE-2024-46948 (Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has
Incorrect ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2024-46947 (Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7
allows SSRF.)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender
CVE-2024-45765 (Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s)
an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-45764 (Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s)
a Missin ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-45763 (Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s)
an Impro ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-44765 (An Improper Authorization (Access Control Misconfiguration)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: MGT-COMMERCE
CVE-2024-40240 (An incorrect access control issue in HomeServe Home Repair'
android ap ...)
- TODO: check
+ NOT-FOR-US: HomeServe Home Repair Android app
CVE-2024-40239 (An incorrect access control issue in Life: Personal Diary,
Journal and ...)
- TODO: check
+ NOT-FOR-US: Life: Personal Diary, Journal android app
CVE-2024-25431 (An issue in bytecodealliance wasm-micro-runtime before
v.b3f728c and f ...)
TODO: check
CVE-2024-10839 (Zohocorp ManageEngine SharePoint Manager Plus versions4503 and
prior a ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2024-10325 (The Elementor Header & Footer Builder plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10187 (The myCred \u2013 Loyalty Points and Rewards plugin for
WordPress and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8810 (A GitHub App installed in organizations could upgrade some
permissions ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2024-8424 (Improper Privilege Management vulnerability in WatchGuard EPDR,
Panda ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b546f8a6f2f72dce3d45528c11bef89a415e24b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b546f8a6f2f72dce3d45528c11bef89a415e24b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
