Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a542f1e7 by Moritz Muehlenhoff at 2024-12-13T09:31:23+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2024-9508 (Horner Automation Cscape contains a memory corruption
vulnerability, w ...)
- TODO: check
+ NOT-FOR-US: Horner Automation Cscape
CVE-2024-55918 (An issue was discovered in the Graphics::ColorNames package
before 3.2 ...)
TODO: check
CVE-2024-21544 (Versions of the package spatie/browsershot before 5.0.1 are
vulnerable ...)
@@ -9,43 +9,43 @@ CVE-2024-21543 (Versions of the package djoser before 2.3.0
are vulnerable to Au
CVE-2024-12603 (A logic vulnerability in the the mobile application
(com.transsion.app ...)
TODO: check
CVE-2024-12581 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder
Feature ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12579 (The Minify HTML plugin for WordPress is vulnerable to Regular
Expressi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12574 (The SVG Shortcode plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12572 (The Hello In All Languages plugin for WordPress is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12300 (The AR for WordPress plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12289 (Boundary Community Edition and Boundary Enterprise
(\u201cBoundary\u20 ...)
TODO: check
CVE-2024-12212 (The vulnerability occurs in the parsing of CSP files. The
issues resul ...)
- TODO: check
+ NOT-FOR-US: Horner Automation Cscape
CVE-2024-11839 (Deserialization of Untrusted Data vulnerability in PlexTrac
(Runbooks ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11838 (External Control of File Name or Path vulnerability in
PlexTrac allows ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11837 (Improper Neutralization of Special Elements used in an N1QL
Command (' ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11836 (Server-Side Request Forgery (SSRF) vulnerability in PlexTrac
allowing ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11835 (Uncontrolled Resource Consumption vulnerability in PlexTrac
allows Web ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11834 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11833 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: PlexTrac
CVE-2024-11809 (The Primer MyData for Woocommerce plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11767 (The NewsmanApp plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10939 (The Image Widget WordPress plugin before 4.4.11 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10678 (The Ultimate Blocks WordPress plugin before 3.2.4 does not
validate a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25221 (The Responsive Filterable Portfolio plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12455 [powerpc: getrandom() returns EINVAL as retcode instead of
errno]
- glibc <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32440
@@ -143,7 +143,7 @@ CVE-2024-54096 (Vulnerability of improper access control in
the MTP module Impac
CVE-2024-52901 (IBM InfoSphere Information Server 11.7 could allow an
authenticated us ...)
NOT-FOR-US: IBM
CVE-2024-50584 (An authenticated attacker with the user/role "Poweruser" can
perform a ...)
- TODO: check
+ NOT-FOR-US: Scan2Net
CVE-2024-4109 (A flaw was found in Undertow. An HTTP request header value from
a prev ...)
TODO: check
CVE-2024-49147 (Deserialization of untrusted data in Microsoft Update Catalog
allows a ...)
@@ -151,13 +151,13 @@ CVE-2024-49147 (Deserialization of untrusted data in
Microsoft Update Catalog al
CVE-2024-49071 (Improper authorization of an index that contains sensitive
information ...)
NOT-FOR-US: Microsoft
CVE-2024-47947 (Due to missing input sanitization, an attacker can perform
cross-site- ...)
- TODO: check
+ NOT-FOR-US: Scan2Net
CVE-2024-47238 (Dell Client Platform BIOS contains an Improper Input
Validation vulner ...)
NOT-FOR-US: Dell
CVE-2024-36498 (Due to missing input sanitization, an attacker can perform
cross-site- ...)
- TODO: check
+ NOT-FOR-US: Scan2Net
CVE-2024-36494 (Due to missing input sanitization, an attacker can perform
cross-site- ...)
- TODO: check
+ NOT-FOR-US: Scan2Net
CVE-2024-31670 (rizin before v0.6.3 is vulnerable to Buffer Overflow via
create_cache_ ...)
TODO: check
CVE-2024-28146 (The application uses several hard-coded credentialsto encrypt
config f ...)
@@ -177,7 +177,7 @@ CVE-2024-21574 (The issue stems from a missing validation
of the pip field in a
CVE-2024-12570 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
TODO: check
CVE-2024-12401 (A flaw was found in the cert-manager package. This flaw allows
an atta ...)
- TODO: check
+ NOT-FOR-US: Open Shift
CVE-2024-12333 (The Woodmart theme for WordPress is vulnerable to arbitrary
shortcode ...)
NOT-FOR-US: WordPress theme
CVE-2024-12292 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a542f1e7c74ac7e391e74da3b8b415cbfdd358c1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a542f1e7c74ac7e391e74da3b8b415cbfdd358c1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
