Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b810e7f by Salvatore Bonaccorso at 2024-12-06T21:37:45+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,193 +47,193 @@ CVE-2024-54137 (liboqs is a C-language cryptographic
library that provides imple
NOTE:
https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7
NOTE: Fixed by:
https://github.com/open-quantum-safe/liboqs/commit/cce1bfde4e52c524b087b9687020d283fbde0f24
(0.12.0-rc1)
CVE-2024-54136 (ClipBucket V5 provides open source video hosting with PHP.
ClipBucket- ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2024-54135 (ClipBucket V5 provides open source video hosting with PHP.
ClipBucket- ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2024-53826 (Missing Authorization vulnerability in WPSight WPCasa allows
Accessing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53825 (Missing Authorization vulnerability in Ninja Team Filebird
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53824 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53823 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53821 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53820 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53817 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53815 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53813 (Missing Authorization vulnerability in WP Travel WP Travel
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53812 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53811 (Unrestricted Upload of File with Dangerous Type vulnerability
in POSIM ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53810 (Missing Authorization vulnerability in Najeeb Ahmad Simple
User Regist ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53809 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs
Namaste ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53808 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53807 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53806 (Missing Authorization vulnerability in WpMaspik Maspik \u2013
Spam bla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53805 (Missing Authorization vulnerability in brandtoss WP Mailster
allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53804 (Insertion of Sensitive Information Into Sent Data
vulnerability in bra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53803 (Missing Authorization vulnerability in brandtoss WP Mailster
allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53802 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53801 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53799 (Missing Authorization vulnerability in BAKKBONE Australia
FloristPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53797 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53796 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53795 (Missing Authorization vulnerability in Andy Moyle Church Admin
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53794 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-53691 (A link following vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-52558 (The affected product is vulnerable to an integer underflow. An
unauthe ...)
- TODO: check
+ NOT-FOR-US: Planet Technology
CVE-2024-52335 (A vulnerability has been identified in syngo.plaza VB30E (All
versions ...)
- TODO: check
+ NOT-FOR-US: syngo.plaza VB30E
CVE-2024-52324 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x uses ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-52320 (The affected product is vulnerable to a command injection. An
unauthen ...)
- TODO: check
+ NOT-FOR-US: Planet Technology
CVE-2024-51815 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-51727 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x conta ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-51615 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-50677 (A cross-site scripting (XSS) vulnerability in OroPlatform CMS
v5.1 all ...)
- TODO: check
+ NOT-FOR-US: OroPlatform CMS
CVE-2024-50404 (A link following vulnerability has been reported to affect
Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50403 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50402 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50393 (A command injection vulnerability has been reported to affect
several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50389 (A SQL injection vulnerability has been reported to affect
QuRouter. If ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50388 (An OS command injection vulnerability has been reported to
affect HBS ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50387 (A SQL injection vulnerability has been reported to affect
several QNAP ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-4633 (The Slider and Carousel slider by Depicter plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-48874 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-48871 (The affected product is vulnerable to a stack-based buffer
overflow. A ...)
- TODO: check
+ NOT-FOR-US: Planet Technology
CVE-2024-48868 (An improper neutralization of CRLF sequences ('CRLF
Injection') vulner ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48867 (An improper neutralization of CRLF sequences ('CRLF
Injection') vulner ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48866 (An improper handling of URL encoding (Hex Encoding)
vulnerability has ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48865 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48863 (A command injection vulnerability has been reported to affect
License ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48859 (An improper authentication vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-48703 (PhpGurukul Medical Card Generation System v1.0 is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: PhpGurukul Medical Card Generation System
CVE-2024-47791 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-47547 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x conta ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-47146 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-47043 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-46874 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x could ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-45722 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x uses ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-42494 (Ruijie Reyee OS versions 2.206.x up to but not including
2.320.x conta ...)
- TODO: check
+ NOT-FOR-US: Ruijie
CVE-2024-42196 (HCL Launch stores potentially sensitive information in log
files that ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30129 (The HTTP host header can be manipulated and cause the
application to b ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-21571 (Snyk has identified a remote code execution (RCE)
vulnerability in all ...)
TODO: check
CVE-2024-12254 (Starting in Python 3.12.0, the
asyncio._SelectorSocketTransport.writel ...)
TODO: check
CVE-2024-12155 (The SV100 Companion plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12110 (The Gold Addons for Elementor plugin for WordPress is
vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12060 (The WP Media Optimizer (.webp) plugin for WordPress is
vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12028 (The Friends plugin for WordPress is vulnerable to unauthorized
access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12027 (The Message Filter for Contact Form 7 plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12003 (The WP System plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11823 (The Folder Gallery plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11730 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11729 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11728 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11687 (The Next-Cart Store to WooCommerce Migration plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11460 (The Verowa Connect plugin for WordPress is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11450 (The ONLYOFFICE Docs plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11444 (The CLUEVO LMS, E-Learning Platform plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11368 (The Splash Sync plugin for WordPress is vulnerable to
Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11352 (The TwentyTwenty plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11339 (The Smart PopUp Blaster plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11336 (The Clickbank WordPress Plugin (Storefront) plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11323 (The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to
unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11321 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Hi e-learning Learning Management System (LMS)
CVE-2024-11292 (The WP Private Content Plus plugin for WordPress is vulnerable
to Sens ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11289 (The Soledad theme for WordPress is vulnerable to Local File
Inclusion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11276 (The PDF Builder for WooCommerce. Create invoices,packing slips
and mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11220 (A local low-level user on the server machine with credentials
to the r ...)
TODO: check
CVE-2024-11204 (The ForumWP \u2013 Forum & Discussion Board plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11022 (The authentication process to the web server uses a challenge
response ...)
TODO: check
CVE-2024-10909 (The The Pojo Forms plugin for WordPress is vulnerable to
arbitrary sho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10879 (The ForumWP \u2013 Forum & Discussion Board plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10849 (The NewsMash theme for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10776 (Lua apps can be deployed, removed, started, reloaded or
stopped withou ...)
TODO: check
CVE-2024-10774 (Unauthenticated CROWN APIs allow access to critical functions.
This le ...)
@@ -245,19 +245,19 @@ CVE-2024-10772 (Since the firmware update is not
validated, an attacker can inst
CVE-2024-10771 (Due to missing input validation during one step of the
firmware update ...)
TODO: check
CVE-2024-10692 (The PowerPack Elementor Addons (Free Widgets, Extensions and
Templates ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10689 (The XLTab \u2013 Accordions and Tabs for Elementor Page
Builder plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10681 (The The ARMember \u2013 Membership Plugin, Content
Restriction, Member ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10516 (The Swift Performance Lite plugin for WordPress is vulnerable
to Local ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10320 (The Cookielay plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0139 (NVIDIA Base Command Manager and Bright Cluster Manager for
Linux conta ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2024-0130 (NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a
vulner ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2024-XXXX [RUSTSEC-2024-0409]
- rust-pyo3 <not-affected> (Only affects 0.23.x)
NOTE: https://github.com/PyO3/pyo3/issues/4757
@@ -476839,7 +476839,7 @@ CVE-2018-9465 (In task_get_unused_fd_flags of
binder.c, there is a possible memo
CVE-2018-9464
RESERVED
CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds
write du ...)
NOT-FOR-US: Android
CVE-2018-9461
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b810e7f72d3816623857441317c7211bb1cd0bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b810e7f72d3816623857441317c7211bb1cd0bc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
