Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76630549 by Moritz Muehlenhoff at 2025-01-23T08:44:07+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -237,33 +237,33 @@ CVE-2024-55488 (A stored cross-site scripting (XSS)
vulnerability in Umbraco CMS
CVE-2024-51457 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through
21.0.7.19 ...)
NOT-FOR-US: IBM
CVE-2024-42013 (In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side
Enforceme ...)
- TODO: check
+ NOT-FOR-US: GRAU
CVE-2024-42012 (GRAU DATA Blocky before 3.1 stores passwords encrypted rather
than has ...)
- TODO: check
+ NOT-FOR-US: GRAU
CVE-2024-34235 (Open5GS MME versions <= 2.6.4 contains an assertion that can
be remote ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-31903 (IBM Sterling B2B Integrator Standard Edition6.0.0.0 through
6.1.2.5 an ...)
NOT-FOR-US: IBM
CVE-2024-24432 (A reachable assertion in the ogs_kdf_hash_mme function of
Open5GS <= 2 ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24430 (A reachable assertion in the mme_ue_find_by_imsi function of
Open5GS < ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24429 (A reachable assertion in the nas_eps_send_emm_to_esm function
of Open5 ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-13499 (The The GamiPress \u2013 Gamification plugin to reward points,
achieve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13496 (The GamiPress \u2013 Gamification plugin to reward points,
achievement ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13495 (The The GamiPress \u2013 Gamification plugin to reward points,
achieve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13447 (The WP Hotel Booking plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11166 (For TCAS II systems using transponders compliant with MOPS
earlier tha ...)
- TODO: check
+ NOT-FOR-US: Traffic Alert and Collision Avoidance System (TCAS) II
CVE-2024-10929 (In certain circumstances, an issue in Arm Cortex-A72
(revisions before ...)
- TODO: check
+ NOT-FOR-US: Arm
CVE-2023-37777 (Synnefo Internet Management Software 2023 was discovered to
contain a ...)
- TODO: check
+ NOT-FOR-US: Synnefo
CVE-2023-37023 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in
the `Up ...)
NOT-FOR-US: Open5GS
CVE-2023-37022 (Open5GS MME versions <= 2.6.4 contain a reachable assertion in
the `UE ...)
@@ -571,77 +571,77 @@ CVE-2024-43771 (In gatts_process_read_req of gatt_sr.cc,
there is a possible out
CVE-2024-43770 (In gatts_process_find_info of gatt_sr.cc, there is a possible
out of b ...)
NOT-FOR-US: Android
CVE-2024-43765 (In multiple locations, there is a possible way to obtain
access to a f ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-43763 (In build_read_multi_rsp of gatt_sr.cc, there is a possible
denial of s ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-43096 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out
of boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-43095 (In multiple locations, there is a possible way to obtain any
system pe ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-34730 (In multiple locations, there is a possible bypass of user
consent to e ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-24451 (A stack overflow in the sctp_server::sctp_receiver_thread
component of ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24445 (OpenAirInterface CN5G AMF (oai-cn5g-amf) <= 2.0.0 contains a
null dere ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24444 (Improper file descriptor handling for closed connections in
OpenAirInt ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24443 (An uninitialized pointer dereference in the
ngap_handle_pdu_session_re ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24442 (A NULL pointer dereference in the ngap_app::handle_receive
routine of ...)
- TODO: check
+ NOT-FOR-US: OpenAirInterface
CVE-2024-24428 (A reachable assertion in the oai_nas_5gmm_decode function of
Open5GS < ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24427 (A reachable assertion in the amf_ue_set_suci function of
Open5GS <= 2. ...)
- TODO: check
+ NOT-FOR-US: Open5GS
CVE-2024-24424 (A reachable assertion in the decode_access_point_name_ie
function of M ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24423 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24422 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24421 (A type confusion in the nas_message_decode function of Magma
<= 1.8.0 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24420 (A reachable assertion in the decode_linked_ti_ie function of
Magma <= ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24419 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24418 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24417 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-24416 (The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit
08472ba98b83 ...)
- TODO: check
+ NOT-FOR-US: Magma
CVE-2024-21245 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2024-13590 (The Ketchup Shortcodes plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13584 (The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo
List plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13426 (The WP-Polls plugin for WordPress is vulnerable to SQL
Injection via C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13406 (The XML for Google Merchant Center plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13361 (The AI Power: Complete AI Pack plugin for WordPress is
vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13360 (The AI Power: Complete AI Pack plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13319 (The Themify Builder plugin for WordPress is vulnerable to
Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-13091 (The WPBot Pro Wordpress Chatbot plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12879 (The WPBot Pro Wordpress Chatbot plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12857 (The AdForest theme for WordPress is vulnerable to
authentication bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12117 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11218 (A vulnerability was found in `podman build` and `buildah.`
This issue ...)
TODO: check
CVE-2023-50733 (A Server-Side Request Forgery (SSRF) vulnerability has been
identified ...)
TODO: check
CVE-2023-40132 (In setActualDefaultRingtoneUri of RingtoneManager.java, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-40108 (In multiple locations, there is a possible way to access media
content ...)
TODO: check
CVE-2023-37039 (A Null pointer dereference vulnerability in the Mobile
Management Enti ...)
@@ -859,7 +859,7 @@ CVE-2024-51888 (Incorrect Privilege Assignment
vulnerability in NotFound Homey L
CVE-2024-51818 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-51417 (An issue in System.Linq.Dynamic.Core Latest version v.1.4.6
allows rem ...)
- TODO: check
+ NOT-FOR-US: System.Linq.Dynamic.Core
CVE-2024-49700 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-49699 (Deserialization of Untrusted Data vulnerability in NotFound
ARPrice al ...)
@@ -156602,9 +156602,9 @@ CVE-2023-27114 (radare2 v5.8.3 was discovered to
contain a segmentation fault vi
NOTE: https://github.com/radareorg/radare2/issues/21363
NOTE:
https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509
CVE-2023-27113 (pearProjectApi v2.8.10 was discovered to contain a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: pearProjectApi
CVE-2023-27112 (pearProjectApi v2.8.10 was discovered to contain a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: pearProjectApi
CVE-2023-27111
RESERVED
CVE-2023-27110
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76630549cc46026857f5d433ce01f075e7c995ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76630549cc46026857f5d433ce01f075e7c995ba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
