Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5aa9b75 by Salvatore Bonaccorso at 2024-12-18T10:29:39+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30,9 +30,9 @@ CVE-2024-52792 (LDAP Account Manager (LAM) is a php
webfrontend for managing ent
CVE-2024-51175 (An issue in H3C switch h3c-S1526 allows a remote attacker to
obtain se ...)
NOT-FOR-US: H3C switch h3c-S1526
CVE-2024-4464 (Authorization bypass through user-controlled key vulnerability
in stre ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47480 (Dell Inventory Collector Client, versions prior to 12.7.0,
contains an ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-47397 (Weak authentication issue exists in AE1021 firmware versions
2.0.10 an ...)
TODO: check
CVE-2024-39703 (In ThreatQuotient ThreatQ before 5.29.3, authenticated users
are able ...)
@@ -48,47 +48,47 @@ CVE-2024-21547 (Versions of the package spatie/browsershot
before 5.0.2 are vuln
CVE-2024-21546 (Versions of the package unisharp/laravel-filemanager before
2.9.1 are ...)
TODO: check
CVE-2024-1610 (In OPPO Store APP, there's a possible escalation of privilege
due to i ...)
- TODO: check
+ NOT-FOR-US: OPPO Store APP
CVE-2024-12698 (An incomplete fix for ose-olm-catalogd-container was issued
for the Ra ...)
TODO: check
CVE-2024-12596 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, &
Quizzes p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12539 (An issue was discovered where improper authorization controls
affected ...)
- elasticsearch <removed>
CVE-2024-12513 (The Contests by Rewards Fuel plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12500 (The Philantro \u2013 Donations and Donor Management plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12449 (The Video Share VOD \u2013 Turnkey Video Site Builder Script
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12432 (The WPC Shop as a Customer for WooCommerce plugin for
WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12287 (The Biagiotti Membership plugin for WordPress is vulnerable to
authent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12259 (The CRM WordPress Plugin \u2013 RepairBuddy plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12250 (The Accept Authorize.NET Payments Using Contact Form 7 plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12061 (The Events Addon for Elementor plugin for WordPress is
vulnerable to I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12025 (The Collapsing Categories plugin for WordPress is vulnerable
to SQL In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11993 (Reflected cross-site scripting (XSS) vulnerability in Liferay
Portal 7 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2024-11881 (The Easy Waveform Player plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11748 (The Taeggie Feed plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11439 (The ScanCircle plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11295 (The Simple Page Access Restriction plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11254 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10892 (The Cost Calculator Builder WordPress plugin before 3.2.43
does not ha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37940 (Cross-site scripting (XSS) vulnerability in the edit Service
Access Po ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability
in Next ...)
NOT-FOR-US: NextGeography NG Analyser
CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable
to Impro ...)
@@ -297991,13 +297991,13 @@ CVE-2021-26283
CVE-2021-26282
RESERVED
CVE-2021-26281 (Some parameters of the alarm clock module are improperly
stored, leaki ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2021-26280 (Locally installed application can bypass the permission check
and perf ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2021-26279 (Some parameters of the weather module are improperly stored,
leaking s ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2021-26278 (The wifi module exposes the interface and has improper
permission cont ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2021-26277 (The framework service handles pendingIntent incorrectly,
allowing a ma ...)
NOT-FOR-US: Vivo
CVE-2021-26276 (scripts/cli.js in the GoDaddy node-config-shield (aka Config
Shield) p ...)
@@ -362457,13 +362457,13 @@ CVE-2020-12489
CVE-2020-12488 (The attacker can access the sensitive information stored
within the jo ...)
NOT-FOR-US: Vivo
CVE-2020-12487 (Due to the flaws in the verification of input parameters, the
attacker ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2020-12486
RESERVED
CVE-2020-12485 (The frame touch module does not make validity judgments on
parameter l ...)
NOT-FOR-US: Vivo
CVE-2020-12484 (When using special mode to connect to enterprise wifi, certain
options ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components,
and the a ...)
NOT-FOR-US: Vivo
CVE-2020-12482
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5aa9b754c3cad8621aa72b3ca865616a061af6f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5aa9b754c3cad8621aa72b3ca865616a061af6f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
