Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1d7d8e1 by Salvatore Bonaccorso at 2024-09-12T22:39:17+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2024-8754 (An issue has been discovered in GitLab EE/CE affecting all
versions fr ...)
TODO: check
CVE-2024-8750 (Cross-site Scripting (XSS) vulnerability in idoit pro version
28. This ...)
- TODO: check
+ NOT-FOR-US: idoit pro
CVE-2024-8749 (SQL injection vulnerability in idoit pro version 28. This
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: idoit pro
CVE-2024-8711 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Food Ordering Management System
CVE-2024-8710 (A vulnerability classified as critical was found in
code-projects Inve ...)
- TODO: check
+ NOT-FOR-US: code-projects Inventory Management
CVE-2024-8709 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best House Rental Management System
CVE-2024-8708 (A vulnerability was found in SourceCodester Best House Rental
Manageme ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Best House Rental Management System
CVE-2024-8707 (A vulnerability was found in
\u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u670 ...)
- TODO: check
+ NOT-FOR-US: Yunke Online School System
CVE-2024-8706 (A vulnerability was found in JFinalCMS up to 20240903. It has
been cla ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2024-8705 (A vulnerability was found in Shandong Star Measurement and
Control Equ ...)
- TODO: check
+ NOT-FOR-US: Shandong Star Measurement and Control Equipment Heating
Network Wireless Monitoring System
CVE-2024-8696 (A remote code execution (RCE) vulnerability via crafted
extension publ ...)
TODO: check
CVE-2024-8695 (A remote code execution (RCE) vulnerability via crafted
extension desc ...)
TODO: check
CVE-2024-8694 (A vulnerability, which was classified as problematic, was found
in JFi ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2024-8641 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
TODO: check
CVE-2024-8640 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -33,73 +33,73 @@ CVE-2024-8635 (A server-side request forgery issue has been
discovered in GitLab
CVE-2024-8631 (A privilege escalation issue has been discovered in GitLab EE
affectin ...)
TODO: check
CVE-2024-8622 (The amCharts: Charts and Maps plugin for WordPress is
vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8533 (A privilege escalation vulnerability exists in the Rockwell
Automation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-8529 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8522 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8311 (An issue was discovered with pipeline execution policies in
GitLab EE ...)
TODO: check
CVE-2024-8124 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
TODO: check
CVE-2024-8056 (The MM-Breaking News WordPress plugin through 0.7.9 does not
escape th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8054 (The MM-Breaking News WordPress plugin through 0.7.9 does not
have CSRF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7890 (Local privilege escalation allows a low-privileged user to gain
SYSTEM ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2024-7889 (Local privilege escalation allows a low-privileged user to gain
SYSTEM ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2024-7862 (The blogintroduction-wordpress-plugin WordPress plugin through
0.3.0 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7861 (The Misiek Paypal WordPress plugin through 1.1.20090324 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7860 (The Simple Headline Rotator WordPress plugin through 1.0 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7859 (The Visual Sound WordPress plugin through 1.03 does not have
CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7822 (The Quick Code WordPress plugin through 1.0 does not have CSRF
check i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7820 (The ILC Thickbox WordPress plugin through 1.0 does not have
CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7818 (The Misiek Photo Album WordPress plugin through 1.4.3 does not
have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7817 (The Misiek Photo Album WordPress plugin through 1.4.3 does not
have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7816 (The Gixaw Chat WordPress plugin through 1.0 does not have CSRF
check i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7766 (The Adicon Server WordPress plugin through 1.2 does not
sanitize and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6887 (The Giveaways and Contests by RafflePress WordPress plugin
before 1.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6702 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by
an HTML ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2024-6701 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by
an XSS i ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2024-6700 (Pega Platform versions 8.1 to Infinity 24.1.2 are affected by
an XSS i ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2024-6678 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
TODO: check
CVE-2024-6658 (Improper Input Validation vulnerability of Authenticated User
in Progr ...)
- TODO: check
+ NOT-FOR-US: Progress LoadMaster
CVE-2024-6510 (Local Privilege Escalation in AVG Internet Security v24 on
Windows all ...)
- TODO: check
+ NOT-FOR-US: AVG Internet Security
CVE-2024-6446 (An issue has been discovered in GitLab affecting all versions
starting ...)
TODO: check
CVE-2024-6389 (An issue was discovered in GitLab-CE/EE affecting all versions
startin ...)
TODO: check
CVE-2024-6077 (A denial-of-service vulnerability exists in the Rockwell
Automation af ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-6019 (The Music Request Manager WordPress plugin through 1.3 does not
saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6018 (The Music Request Manager WordPress plugin through 1.3 does not
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6017 (The Music Request Manager WordPress plugin through 1.3 does not
have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5799 (The CM Pop-Up Banners for WordPress plugin before 1.7.3 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5435 (An issue has been discovered discovered in GitLab EE/CE
affecting all ...)
TODO: check
CVE-2024-4660 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -109,7 +109,7 @@ CVE-2024-4612 (An issue has been discovered in GitLab EE
affecting all versions
CVE-2024-4472 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
TODO: check
CVE-2024-45857 (Deserialization of untrusted data can occur in versions 2.4.0
or newer ...)
- TODO: check
+ NOT-FOR-US: Cleanlab project
CVE-2024-45856 (A cross-site scripting (XSS) vulnerability exists in all
versions of t ...)
TODO: check
CVE-2024-45855 (Deserialization of untrusted data can occur in versions
23.10.2.0 and ...)
@@ -133,25 +133,25 @@ CVE-2024-45847 (An arbitrary code execution vulnerability
exists in versions 23.
CVE-2024-45846 (An arbitrary code execution vulnerability exists in versions
23.10.3.0 ...)
TODO: check
CVE-2024-45826 (CVE-2024-45826 IMPACT Due to improper input validation, a path
travers ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-45825 (CVE-2024-45825 IMPACT A denial-of-service vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-45824 (CVE-2024-45824 IMPACT A remote code vulnerability exists in
the aff ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-45823 (CVE-2024-45823 IMPACT An authentication bypass
vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-45624 (Exposure of sensitive information due to incompatible policies
issue e ...)
TODO: check
CVE-2024-45607 (whatsapp-api-js is a TypeScript server agnostic Whatsapp's
Official AP ...)
TODO: check
CVE-2024-45383 (A mishandling of IRP requests vulnerability exists in the
HDAudBus_DMA ...)
- TODO: check
+ NOT-FOR-US: Microsoft High Definition Audio Bus Driver
CVE-2024-45303 (Discourse Calendar plugin adds the ability to create a dynamic
calenda ...)
- TODO: check
+ NOT-FOR-US: Discourse Calendar plugin
CVE-2024-45182 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS
WibuKey befor ...)
- TODO: check
+ NOT-FOR-US: WIBU-SYSTEMS WibuKey
CVE-2024-45181 (An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS
WibuKey befor ...)
- TODO: check
+ NOT-FOR-US: WIBU-SYSTEMS WibuKey
CVE-2024-44460 (An invalid read size in Nanomq v0.21.9 allows attackers to
cause a Den ...)
TODO: check
CVE-2024-44459 (A memory allocation issue in vernemq v2.0.1 allows attackers
to cause ...)
@@ -161,65 +161,65 @@ CVE-2024-42484 (ESP-NOW Component provides a
connectionless Wi-Fi communication
CVE-2024-42483 (ESP-NOW Component provides a connectionless Wi-Fi
communication protoc ...)
TODO: check
CVE-2024-41629 (An issue in Texas Instruments Fusion Digital Power Designer
v.7.10.1 a ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments Fusion Digital Power Designer
CVE-2024-40457 (No-IP Dynamic Update Client (DUC) v3.x uses cleartext
credentials that ...)
TODO: check
CVE-2024-3306 (Authorization Bypass Through User-Controlled Key vulnerability
in Utar ...)
- TODO: check
+ NOT-FOR-US: Utarit Information SoliClub
CVE-2024-3305 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Utarit Information SoliClub
CVE-2024-3163 (The Easy Property Listings WordPress plugin before 3.5.4 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38222 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37397 (An External XML Entity (XXE) vulnerability in the provisioning
web ser ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-36066 (The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6
octets o ...)
TODO: check
CVE-2024-34785 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34783 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34779 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-34336 (User enumeration vulnerability in ORDAT FOSS-Online before
v2.24.01 al ...)
- TODO: check
+ NOT-FOR-US: ORDAT FOSS-Online
CVE-2024-34335 (ORDAT FOSS-Online before version 2.24.01 was discovered to
contain a r ...)
- TODO: check
+ NOT-FOR-US: ORDAT FOSS-Online
CVE-2024-34334 (ORDAT FOSS-Online before v2.24.01 was discovered to contain a
SQL inje ...)
- TODO: check
+ NOT-FOR-US: ORDAT FOSS-Online
CVE-2024-32848 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32846 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32845 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32843 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32842 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-32840 (An unspecified SQL injection in Ivanti EPM before 2022 SU6, or
the 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-2743 (An issue was discovered in GitLab-EE starting with version 13.3
before ...)
TODO: check
CVE-2024-2010 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
TODO: check
CVE-2024-29847 (Deserialization of untrusted data in the agent portal of
Ivanti EPM be ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28991 (SolarWinds Access Rights Manager (ARM) was found to be
susceptible to ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Access Rights Manager (ARM)
CVE-2024-28990 (SolarWinds Access Rights Manager (ARM) was found to contain a
hard-cod ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Access Rights Manager (ARM)
CVE-2024-28981 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2024-27321 (An arbitrary code execution vulnerability exists in versions
0.0.8 and ...)
TODO: check
CVE-2024-27320 (An arbitrary code execution vulnerability exists in versions
0.0.8 and ...)
TODO: check
CVE-2024-25270 (An issue in Mirapolis LMS 4.6.XX allows authenticated users to
exploit ...)
- TODO: check
+ NOT-FOR-US: Mirapolis LMS
CVE-2024-20430 (A vulnerability in Cisco Meraki Systems Manager (SM) Agent for
Windows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-8693 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Kaon CG3000
CVE-2024-8692 (A vulnerability classified as critical was found in TDuckCloud
TDuckPr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1d7d8e10418e478abd15ec4c4fde88660a71002
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1d7d8e10418e478abd15ec4c4fde88660a71002
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
