Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7fd92def by Salvatore Bonaccorso at 2024-12-12T22:15:21+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,63 +29,63 @@ CVE-2024-55663 (XWiki Platform is a generic wiki platform.
Starting in version 1
CVE-2024-55662 (XWiki Platform is a generic wiki platform. Starting in version
3.3-mil ...)
NOT-FOR-US: XWiki
CVE-2024-55099 (A SQL Injection vulnerability was found in /admin/index.php in
phpguru ...)
- TODO: check
+ NOT-FOR-US: phpgurukul Online Nurse Hiring System
CVE-2024-54842 (A SQL injection vulnerability was found in phpgurukul Online
Nurse Hir ...)
- TODO: check
+ NOT-FOR-US: phpgurukul Online Nurse Hiring System
CVE-2024-54811 (A SQL injection vulnerability in /index.php in PHPGurukul Park
Ticketi ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Park Ticketing Management System
CVE-2024-54810 (A SQL Injection vulnerability was found in
/preschool/admin/password-r ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Pre-School Enrollment System Project
CVE-2024-54122 (Concurrent variable access vulnerability in the ability module
Impact: ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54119 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54118 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54117 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54116 (Out-of-bounds read vulnerability in the M3U8 module Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54115 (Out-of-bounds read vulnerability in the DASH module Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54114 (Out-of-bounds access vulnerability in playback in the DASH
module Impa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54113 (Process residence vulnerability in abnormal scenarios in the
print mod ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54112 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54111 (Read/Write vulnerability in the image decoding module Impact:
Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54110 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54109 (Read/Write vulnerability in the image decoding module Impact:
Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54108 (Read/Write vulnerability in the image decoding module Impact:
Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54107 (Read/Write vulnerability in the image decoding module Impact:
Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54106 (Null pointer dereference vulnerability in the image decoding
module Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54105 (Read/Write vulnerability in the image decoding module Impact:
Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54104 (Cross-process screen stack vulnerability in the UIExtension
module Imp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54103 (Vulnerability of improper access control in the album module
Impact: S ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54102 (Race condition vulnerability in the DDR module Impact:
Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54101 (Denial of service (DoS) vulnerability in the installation
module Impac ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54100 (Vulnerability of improper access control in the secure input
module Im ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54099 (File replacement vulnerability on some devices Impact:
Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54098 (Service logic error vulnerability in the system service module
Impact: ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54097 (Security vulnerability in the HiView module Impact: Successful
exploit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-54096 (Vulnerability of improper access control in the MTP module
Impact: Suc ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an
authenticated us ...)
NOT-FOR-US: IBM
CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can
perform a ...)
@@ -93,13 +93,13 @@ CVE-2024-50584 (An authenticated attacker with the
user/role "Poweruser" can per
CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from
a prev ...)
TODO: check
CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-49071 (Improper authorization of an index that contains sensitive
information ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-47947 (Due to missing input sanitization, an attacker can perform
cross-site- ...)
TODO: check
CVE-2024-47238 (Dell Client Platform BIOS contains an Improper Input
Validation vulner ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-36498 (Due to missing input sanitization, an attacker can perform
cross-site- ...)
TODO: check
CVE-2024-36494 (Due to missing input sanitization, an attacker can perform
cross-site- ...)
@@ -107,7 +107,7 @@ CVE-2024-36494 (Due to missing input sanitization, an
attacker can perform cross
CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via
create_cache_ ...)
TODO: check
CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt
config f ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2024-28145 (An unauthenticated attacker can perform an SQL injection by
accessing ...)
TODO: check
CVE-2024-28144 (An attacker who can spoof the IP address and the User-Agent of
a logge ...)
@@ -117,23 +117,23 @@ CVE-2024-28143 (The password change function at
/cgi/admin.cgi does not require
CVE-2024-28142 (Due to missing input sanitization, an attacker can perform
cross-site- ...)
TODO: check
CVE-2024-21575 (ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue
stems f ...)
- TODO: check
+ NOT-FOR-US: ComfyUI-Impact-Pack
CVE-2024-21574 (The issue stems from a missing validation of the pip field in
a POST r ...)
- TODO: check
+ NOT-FOR-US: ComfyUI-Impact-Pack
CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
TODO: check
CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows
an atta ...)
TODO: check
CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary
shortcode ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
TODO: check
CVE-2024-12271 (The 360 Javascript Viewer plugin for WordPress is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12160 (The Seraphinite Bulk Discounts for WooCommerce plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11760 (The Currency Converter Widget \u26a1 PRO plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11274 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
TODO: check
CVE-2024-10043 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -243,43 +243,43 @@ CVE-2024-53272 (Habitica is an open-source habit-building
program. Versions prio
CVE-2024-45404 (OpenCTI is an open-source cyber threat intelligence platform.
In versi ...)
NOT-FOR-US: OpenCTI
CVE-2024-44300 (A logic issue was addressed with improved file handling. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44299 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44291 (A logic issue was addressed with improved file handling. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44290 (This issue was addressed with improved redaction of sensitive
informat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44248 (This issue was addressed through improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44246 (The issue was addressed with improved routing of
Safari-originated req ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44245 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44243 (A configuration issue was addressed with additional
restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44242 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44241 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44225 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44224 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44220 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44212 (A cookie management issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44201 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44200 (This issue was addressed with improved redaction of sensitive
informat ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-42407 (Insertion of Sensitive Information into Log File (CWE-532) in
the Gall ...)
NOT-FOR-US: Gallagher
CVE-2024-41146 (Use of Multiple Resources with Duplicate Identifier (CWE-694)
in the C ...)
NOT-FOR-US: Gallagher
CVE-2024-12564 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance CDE inWEB SDK
CVE-2024-12536 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System
CVE-2024-12526 (The Arena.IM \u2013 Live Blogging for real-time events plugin
for Word ...)
@@ -3356,7 +3356,7 @@ CVE-2024-33037 (Information disclosure as NPU firmware
can send invalid IPC mess
CVE-2024-33036 (Memory corruption while parsing sensor packets in camera
driver, user- ...)
NOT-FOR-US: Qualcomm
CVE-2024-31669 (rizin before Release v0.6.3 is vulnerable to Uncontrolled
Resource Con ...)
- TODO: check
+ NOT-FOR-US: Rizin
CVE-2024-29645 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8
allows an at ...)
- radare2 5.9.0+dfsg-1
NOTE: https://github.com/radareorg/radare2/pull/22561
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd92def62da0fa8ec3ac4284438db428f54de46
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fd92def62da0fa8ec3ac4284438db428f54de46
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
