Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9f283e1 by Salvatore Bonaccorso at 2024-12-20T10:13:52+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,107 +1,107 @@
CVE-2024-9619 (The WP SHAPES plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9503 (The Maintenance & Coming Soon Redirect Animation plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8968 (The WordPress Button Plugin MaxButtons WordPress plugin before
9.8.1 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5955 (Cross-site scripting vulnerability in Trellix ePolicy
Orchestrator pri ...)
- TODO: check
+ NOT-FOR-US: Trellix
CVE-2024-56327 (pyrage is a set of Python bindings for the rage file
encryption librar ...)
TODO: check
CVE-2024-54984 (An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to
bypass au ...)
- TODO: check
+ NOT-FOR-US: Quectel BG96 BG96MAR02A08M1G
CVE-2024-54983 (An issue in Quectel BC95-CNV V100R001C00SPC051 allows
attackers to byp ...)
- TODO: check
+ NOT-FOR-US: Quectel BC95-CNV V100R001C00SPC051
CVE-2024-54982 (An issue in Quectel BC25 with firmware version BC25PAR01A06
allows att ...)
- TODO: check
+ NOT-FOR-US: Quectel BC25 BC25PAR01A06
CVE-2024-54663 (An issue was discovered in the Webmail Classic UI in Zimbra
Collaborat ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2024-54538 (A denial-of-service issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-54009 (Remote authentication bypass vulnerability in HPE Alletra
Storage MP B ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-44298 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44293 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44292 (A privacy issue was addressed with improved private data
redaction for ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44231 (This issue was addressed through improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44223 (This issue was addressed through improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44211 (This issue was addressed with improved validation of symlinks.
This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-44195 (A logic issue was addressed with improved validation. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-21549 (Versions of the package spatie/browsershot before 5.0.3 are
vulnerable ...)
TODO: check
CVE-2024-12832 (Arista NG Firewall ReportEntry SQL Injection Arbitrary File
Read and W ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-12831 (Arista NG Firewall uvm_login Incorrect Authorization Privilege
Escalat ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-12830 (Arista NG Firewall custom_handler Directory Traversal Remote
Code Exec ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-12829 (Arista NG Firewall ExecManagerImpl Command Injection Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2024-12729 (A post-auth code injection vulnerability in the User Portal
allows aut ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2024-12728 (A weak credentials vulnerability potentially allows privileged
system ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2024-12727 (A pre-auth SQL injection vulnerability in the email protection
feature ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2024-12700 (There is an unrestricted file upload vulnerability where it is
possibl ...)
TODO: check
CVE-2024-12678 (Nomad Community and Nomad Enterprise ("Nomad") allocations are
vulnera ...)
TODO: check
CVE-2024-12672 (A third-party vulnerability exists in the Rockwell
AutomationArena\xae ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12571 (The Store Locator for WordPress with Google Maps \u2013
LotsOfLocales ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12509 (The Embed Twine plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12506 (The NACC WordPress Plugin plugin for WordPress is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12175 (Another \u201cuse after free\u201dcode execution vulnerability
exists ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-12111 (In a specific scenario a LDAP user can abuse the
authentication proces ...)
TODO: check
CVE-2024-11893 (The Spoki \u2013 Chat Buttons and WooCommerce Notifications
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11878 (The Category Post Slider plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11812 (The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable
to Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11806 (The PKT1 Centro de envios plugin for WordPress is vulnerable
to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11784 (The Sell Tickets Online \u2013 TicketSource Ticket Shop for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11783 (The Financial Calculator plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11776 (The PCRecruiter Extensions plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11775 (The Particle Background plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11774 (The Outdooractive Embed plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11411 (The Spotlightr plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11364 (Another \u201cuninitialized variable\u201d code execution
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11331 (The \u0627\u0633\u062a\u062e\u0631\u0627\u062c
\u0645\u062d\u0635\u064 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11297 (The Page Restriction WordPress (WP) \u2013 Protect WP
Pages/Post plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11157 (A third-party vulnerability exists in the Rockwell Automation
Arena\xa ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-11108 (The Serious Slider WordPress plugin before 1.2.7 does not
validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10706 (The Download Manager WordPress plugin before 3.3.03 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10555 (The WordPress Button Plugin MaxButtons WordPress plugin before
9.8.1 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-42867 (This issue was addressed with improved validation of the
process entit ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2024-9154 (A code injection vulnerability in HMS Networks Ewon Flexy 205
allows e ...)
NOT-FOR-US: HMS Networks Ewon Flexy 205
CVE-2024-7139 (Due to an unchecked buffer length, a specially crafted L2CAP
packet ca ...)
@@ -205134,7 +205134,7 @@ CVE-2022-34161 (IBM CICS TX 11.1 is vulnerable to
cross-site request forgery whi
CVE-2022-34160 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML
injection ...)
NOT-FOR-US: IBM
CVE-2022-34159 (Huawei printers have an input verification vulnerability.
Successful e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-34158 (A carefully crafted invocation on the Image plugin could
trigger an CS ...)
- jspwiki <removed>
CVE-2022-2143 (The affected product is vulnerable to two instances of command
injecti ...)
@@ -210209,9 +210209,9 @@ CVE-2022-1973 (A use-after-free flaw was found in the
Linux kernel in log_replay
CVE-2022-1972
REJECTED
CVE-2022-32204 (There is an improper input verification vulnerability in
Huawei printe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-32203 (There is a command injection vulnerability in Huawei terminal
printer ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1970
@@ -210402,7 +210402,7 @@ CVE-2022-32146
CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active
Workspace V5. ...)
NOT-FOR-US: Siemens
CVE-2022-32144 (There is an insufficient input verification vulnerability in
Huawei pr ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2022-32143 (In multiple CODESYS products, file download and upload
function allows ...)
NOT-FOR-US: CODESYS
CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or
write a ...)
@@ -372858,7 +372858,7 @@ CVE-2020-9252 (HUAWEI Mate 20 versions earlier than
10.1.0.160(C00E160R3P8), HUA
CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than
10.1.0.160(C00E1 ...)
NOT-FOR-US: Huawei
CVE-2020-9250 (There is an insufficient authentication vulnerability in some
Huawei s ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than
10.1.0.160(C00E160R2 ...)
NOT-FOR-US: Huawei
CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f283e16aa7d01864ead862d80cb7420797a85f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f283e16aa7d01864ead862d80cb7420797a85f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
