Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eff72ad0 by Salvatore Bonaccorso at 2024-11-13T09:36:53+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,99 +1,99 @@
CVE-2024-9614 (The Constant Contact Forms by MailMunch plugin for WordPress is
vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9578 (The Hide Links plugin for WordPress is vulnerable to
unauthorized shor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9426 (The Aqua SVG Sprite plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9409 (CWE-400: An Uncontrolled Resource Consumption vulnerability
exists tha ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8985 (The Social Proof (Testimonial) Slider plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8938 (CWE-119: Improper Restriction of Operations within the Bounds
of a Mem ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8937 (CWE-119: Improper Restriction of Operations within the Bounds
of a Mem ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8936 (CWE-20: Improper Input Validation vulnerability exists that
could lead ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8935 (CWE-290: Authentication Bypass by Spoofing vulnerability exists
that c ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8933 (CWE-924: Improper Enforcement of Message Integrity During
Transmission ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8874 (The AJAX Login and Registration modal popup + inline form
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-52268 (Cross-site scripting vulnerability exists in VK All in One
Expansion U ...)
- TODO: check
+ NOT-FOR-US: VK All in One Expansion Unit
CVE-2024-51179 (An issue in Open 5GS v.2.7.1 allows a remote attacker to cause
a denia ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a remote
attacker to ...)
TODO: check
CVE-2024-51093 (Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows
a remot ...)
TODO: check
CVE-2024-49512 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49511 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49510 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49509 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49508 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-49507 (InDesign Desktop versions ID18.5.3, ID19.5 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2024-48075 (A Heap buffer overflow in the server-site handshake
implementation in ...)
- TODO: check
+ NOT-FOR-US: SharkSSL
CVE-2024-39712 (Argument injection in Ivanti Connect Secure before version
22.7R2.1 an ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-39711 (Argument injection in Ivanti Connect Secure before version
22.7R2.1 an ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-39710 (Argument injection in Ivanti Connect Secure before version
22.7R2 and ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-39709 (Incorrect file permissions in Ivanti Connect Secure before
version 22. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38656 (Argument injection in Ivanti Connect Secure before version
22.7R2.2 an ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38655 (Argument injection in Ivanti Connect Secure before version
22.7R2.1 an ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38654 (Improper bounds checking in Ivanti Secure Access Client before
version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-38649 (An out-of-bounds write in IPsec of Ivanti Connect Secure
before versio ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37400 (An out of bounds read in Ivanti Connect Secure before version
22.7R2.3 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37398 (Insufficient validation in Ivanti Secure Access Client before
22.7R4 a ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37376 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34787 (Path traversal in Ivanti Endpoint Manager before 2024 November
Securit ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34784 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34782 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34781 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34780 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32847 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32844 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32841 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32839 (SQL injection in Ivanti Endpoint Manager before 2024 November
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29211 (A race condition in Ivanti Secure Access Client before version
22.7R4 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28731 (Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G
CPE Wit ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-28730 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE
With Wifi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-28729 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and
Dlink DWR 5G ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-28728 (Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE
With Wifi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-28726 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and
Dlink DWR 5G ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to
Arbitrary C ...)
TODO: check
CVE-2024-21540 (All versions of the package source-map-support are vulnerable
to Direc ...)
@@ -101,9 +101,9 @@ CVE-2024-21540 (All versions of the package
source-map-support are vulnerable to
CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions
improperly valida ...)
TODO: check
CVE-2024-11150 (The WordPress User Extra Fields plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11143 (The Kognetiks Chatbot for WordPress plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11117 (Inappropriate implementation in FileSystem in Google Chrome
prior to 1 ...)
TODO: check
CVE-2024-11116 (Inappropriate implementation in Blink in Google Chrome prior
to 131.0. ...)
@@ -238,15 +238,15 @@ CVE-2024-51721 (A code injection vulnerability in the
SecuSUITE Server Web Admin
CVE-2024-51720 (An insufficient entropy vulnerability in the SecuSUITE Secure
Client A ...)
NOT-FOR-US: SecuSUITE
CVE-2024-51566 (The NVMe driver queue processing is vulernable to
guest-induced infini ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-51565 (The hda driver is vulnerable to a buffer over-read from a
guest-contro ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-51564 (A guest can trigger an infinite loop in the hda audio driver.)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-51563 (The virtio_vq_recordon function is subject to a time-of-check
to time- ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-51562 (The NVMe driver function nvme_opc_get_log_page is vulnerable
to a buff ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-50572 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
NOT-FOR-US: Siemens
CVE-2024-50561 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (6G ...)
@@ -511,7 +511,7 @@ CVE-2024-46889 (A vulnerability has been identified in
SINEC INS (All versions <
CVE-2024-46888 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
NOT-FOR-US: Siemens
CVE-2024-45289 (The fetch(3) library uses environment variables for passing
certain in ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-45147 (Bridge versions 13.0.9, 14.1.2 and earlier are affected by an
out-of-b ...)
NOT-FOR-US: Adobe
CVE-2024-45114 (Illustrator versions 28.7.1 and earlier are affected by an
out-of-boun ...)
@@ -603,7 +603,7 @@ CVE-2024-42442 (APTIOV contains a vulnerability in the BIOS
where a user or atta
CVE-2024-40592 (An improper verification of cryptographic signature
vulnerability [CWE ...)
NOT-FOR-US: FortiGuard
CVE-2024-39281 (The command ctl_persistent_reserve_out allows the caller to
specify an ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2024-38264 (Microsoft Virtual Hard Disk (VHDX) Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-38255 (SQL Server Native Client Remote Code Execution Vulnerability)
@@ -641,17 +641,17 @@ CVE-2024-31496 (A stack-based buffer overflow
vulnerability [CWE-121] in Fortine
CVE-2024-30133 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a
control ...)
NOT-FOR-US: HCL
CVE-2024-2315 (APTIOV contains a vulnerability in BIOS where may cause
Improper Acces ...)
- TODO: check
+ NOT-FOR-US: APTIOV
CVE-2024-2208 (Potential vulnerabilities have been identified in the audio
package fo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-2207 (Potential vulnerabilities have been identified in the audio
package fo ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-29119 (A vulnerability has been identified in Spectrum Power 7 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2024-26011 (A missing authentication for critical function in Fortinet
FortiManage ...)
NOT-FOR-US: FortiGuard
CVE-2024-23666 (A client-side enforcement of server-side security in Fortinet
FortiAna ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-21976 (Improper input validation in the NPU driver could allow an
attacker to ...)
TODO: check
CVE-2024-21975 (Improper input validation in the NPU driver could allow an
attacker to ...)
@@ -675,23 +675,23 @@ CVE-2024-21938 (Incorrect default permissions in the AMD
Management Plugin for t
CVE-2024-21937 (Incorrect default permissions in the AMD HIP SDK installation
director ...)
TODO: check
CVE-2024-11138 (A vulnerability classified as problematic has been found in
DedeCMS 5. ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-11130 (A vulnerability was found in ZZCMS up to 2023. It has been
rated as pr ...)
- TODO: check
+ NOT-FOR-US: ZZCMS
CVE-2024-11127 (A vulnerability was found in code-projects Job Recruitment up
to 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects Job Recruitment
CVE-2024-11126 (A vulnerability was found in Digistar AG-30 Plus 2.6b. It has
been cla ...)
- TODO: check
+ NOT-FOR-US: Digistar AG-30 Plus
CVE-2024-11125 (A vulnerability was found in GetSimpleCMS 3.3.16 and
classified as pro ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2024-11124 (A vulnerability has been found in TimGeyssens UIOMatic 5 and
classifie ...)
- TODO: check
+ NOT-FOR-US: TimGeyssens
CVE-2024-11123 (A vulnerability, which was classified as problematic, was
found in \u4 ...)
- TODO: check
+ NOT-FOR-US: Lingdang CRM
CVE-2024-11122 (A vulnerability, which was classified as critical, has been
found in \ ...)
- TODO: check
+ NOT-FOR-US: Lingdang CRM
CVE-2024-11121 (A vulnerability classified as critical was found in
\u4e0a\u6d77\u7075 ...)
- TODO: check
+ NOT-FOR-US: Lingdang CRM
CVE-2024-11007 (Command injection in Ivanti Connect Secure before version
22.7R2.1 and ...)
TODO: check
CVE-2024-11006 (Command injection in Ivanti Connect Secure before version
22.7R2.1 and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eff72ad0a65960f5b92f638e3bbe5d80b97298cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eff72ad0a65960f5b92f638e3bbe5d80b97298cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
