Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
42eb1036 by Salvatore Bonaccorso at 2024-12-04T10:32:39+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,95 +1,95 @@
CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This
only ap ...)
- TODO: check
+ NOT-FOR-US: Veritas
CVE-2024-54661 (readline.sh in socat through 1.8.0.1 relies on the
/tmp/$USER/stderr2 ...)
TODO: check
CVE-2024-54131 (The Kolide Agent (aka: Launcher) is the lightweight agent
designed to ...)
- TODO: check
+ NOT-FOR-US: Kolide Agent
CVE-2024-53672 (A vulnerability in the ClearPass Policy Manager web-based
management i ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-53502 (Seecms v4.8 was discovered to contain a SQL injection
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Seecms
CVE-2024-51773 (A vulnerability in the HPE Aruba Networking ClearPass Policy
Manager w ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51772 (An authenticated RCE vulnerability in the ClearPass Policy
Manager web ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51363 (Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows
attackers t ...)
- TODO: check
+ NOT-FOR-US: Hodoku
CVE-2024-46625 (An authenticated arbitrary file upload vulnerability in the
/documentC ...)
- TODO: check
+ NOT-FOR-US: InfoDom Performa 365
CVE-2024-46624 (An issue in InfoDom Performa 365 v4.0.1 allows authenticated
attackers ...)
- TODO: check
+ NOT-FOR-US: InfoDom Performa 365
CVE-2024-45757 (An issue was discovered in Centreon centreon-bam 24.04, 23.10,
23.04, ...)
TODO: check
CVE-2024-45717 (The SolarWinds Platform was susceptible to a XSS vulnerability
that af ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2024-45207 (DLL injection in Veeam Agent for Windows can occur if the
system's PAT ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-45206 (A vulnerability in Veeam Service Provider Console has been
identified, ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-45205 (An Improper Certificate Validation on the UniFi iOS App
managing a sta ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2024-45204 (A vulnerability exists where a low-privileged user can exploit
insuffi ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42457 (A vulnerability in Veeam Backup & Replication allows users
with certai ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42456 (A vulnerability in Veeam Backup & Replication platform allows
a low-pr ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42455 (A vulnerability in Veeam Backup & Replication allows a
low-privileged ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42453 (A vulnerability Veeam Backup & Replication allows
low-privileged users ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42452 (A vulnerability in Veeam Backup & Replication allows a
low-privileged ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42451 (A vulnerability in Veeam Backup & Replication allows
low-privileged us ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-42449 (From the VSPC management agent machine, under condition that
the manag ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-40717 (A vulnerability in Veeam Backup & Replication allows a
low-privileged ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-40391
REJECTED
CVE-2024-12123 (A hidden field manipulation vulnerability was identified in
Issuetrak ...)
- TODO: check
+ NOT-FOR-US: Issuetrak
CVE-2024-12099 (The Dollie Hub \u2013 Build Your Own WordPress Cloud Platform
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11985 (An improper input validation vulnerability leads to device
crashes in ...)
- TODO: check
+ NOT-FOR-US: Asus
CVE-2024-11903 (The WP eCards plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11897 (The Contact Form, Survey & Form Builder \u2013 MightyForms
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11813 (The Pulsating Chat Button plugin for WordPress is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11807 (The NPS computy plugin for WordPress is vulnerable to
Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11769 (The Flower Delivery by Florist One plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11747 (The Responsive Videos plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11479 (A HTML Injection vulnerability was identified in Issuetrak
version 17. ...)
- TODO: check
+ NOT-FOR-US: Issuetrak
CVE-2024-11466 (The Intro Tour Tutorial DeepPresentation plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11398 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-11293 (The Registration Forms \u2013 User Registration Forms,
Invitation-Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11093 (The SG Helper plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10952 (The The Authors List plugin for WordPress is vulnerable to
arbitrary s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10885 (The SearchIQ \u2013 The Search Solution plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10832 (The Posti Shipping plugin for WordPress is vulnerable to
Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10664 (The Knowledge Base documentation & wiki plugin \u2013
BasePress Docs p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10663 (The Eleblog \u2013 Elementor Blog And Magazine Addons plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10587 (The Interactive Contact Form and Multi Step Form Builder with
Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6978 (The WP Job Manager \u2013 Company Profiles plugin for WordPress
is vul ...)
TODO: check
CVE-2023-52944 (Incorrect authorization vulnerability in ActionRule webapi
component i ...)
@@ -122,29 +122,29 @@ CVE-2024-52805 (Synapse is an open-source Matrix
homeserver. In Synapse before 1
NOTE:
https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
NOTE:
https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
CVE-2024-52548 (An attacker who can execute arbitrary Operating Systems
commands, can ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-52547 (An authenticated attacker can trigger a stack based buffer
overflow in ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-52546 (An unauthenticated attacker can perform a null pointer
dereference in ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-52545 (An unauthenticated attacker can perform an out of bounds heap
read in ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-52544 (An unauthenticated attacker can trigger a stack based buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Lorex
CVE-2024-51771 (A vulnerability in the HPE Aruba Networking ClearPass Policy
Manager w ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-51114 (An issue in Beijing Digital China Yunke Information Technology
Co.Ltd ...)
- TODO: check
+ NOT-FOR-US: Beijing Digital China Yunke Information Technology Co.Ltd
CVE-2024-50948 (An issue in mochiMQTT v2.6.3 allows attackers to cause a
Denial of Ser ...)
- TODO: check
+ NOT-FOR-US: mochiMQTT
CVE-2024-48080 (An issue in aedes v0.51.2 allows attackers to cause a Denial
of Servic ...)
- TODO: check
+ NOT-FOR-US: aedes
CVE-2024-47476 (Dell NetWorker Management Console, version(s) 19.11,
contain(s) an Imp ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-45676 (IBM Cognos Controller 11.0.0 and 11.0.1 could allow an
authent ...)
NOT-FOR-US: IBM
CVE-2024-42422 (Dell NetWorker, version(s) 19.10, contain(s) an Authorization
Bypass T ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-41777 (IBM Cognos Controller 11.0.0 and 11.0.1 contains
hard-coded ...)
NOT-FOR-US: IBM
CVE-2024-41776 (IBM Cognos Controller 11.0.0 and 11.0.1 is
vulnerable to c ...)
@@ -170,25 +170,25 @@ CVE-2024-25019 (IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to
CVE-2024-12101
REJECTED
CVE-2024-12082 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-12062 (The Charity Addon for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12053 (Type Confusion in V8 in Google Chrome prior to 131.0.6778.108
allowed ...)
TODO: check
CVE-2024-11866 (The BMLT Tabbed Map plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11844 (The IdeaPush plugin for WordPress is vulnerable to
unauthorized modifi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11782 (The WP Mailster plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11391 (The Advanced File Manager plugin for WordPress is vulnerable
to arbitr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11326 (The Campaign Monitor Forms by Optin Cat plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11325 (The AWeber Forms by Optin Cat plugin for WordPress is
vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11200 (The Goodlayers Core plugin for WordPress is vulnerable to
Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10074 (in OpenHarmony v4.1.1 and prior versions allow a local
attacker cause ...)
TODO: check
CVE-2023-7255
@@ -263,9 +263,9 @@ CVE-2024-49416 (Use of implicit intent for sensitive
communication in SmartThing
CVE-2024-49415 (Out-of-bound write in libsaped.so prior to SMR Dec-2024
Release 1 allo ...)
NOT-FOR-US: Samsung
CVE-2024-49414 (Authentication Bypass Using an Alternate Path in Dex Mode
prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49413 (Improper Verification of Cryptographic Signature in
SmartSwitch prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-49412 (Improper input validation in Settings prior to SMR Dec-2024
Release 1 ...)
NOT-FOR-US: Samsung
CVE-2024-49411 (Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1
allows p ...)
@@ -538,27 +538,27 @@ CVE-2024-39343 (An issue was discovered in Samsung Mobile
Processor and Wearable
CVE-2024-38827 (The usage of String.toLowerCase()and String.toUpperCase()has
some Loca ...)
- libspring-security-2.0-java <removed>
CVE-2024-33063 (Transient DOS while parsing the ML IE when a beacon with
common info l ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33056 (Memory corruption when allocating and accessing an entry in an
SMEM pa ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33053 (Memory corruption when multiple threads try to unregister the
CVP buff ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33044 (Memory corruption while Configuring the SMR/S2CR register in
Bypass mo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33040 (Memory corruption while invoking redundant release command to
release ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33039 (Memory corruption when PAL client calls PAL service APIs by
passing a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33037 (Information disclosure as NPU firmware can send invalid IPC
message to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-33036 (Memory corruption while parsing sensor packets in camera
driver, user- ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-31669 (rizin before Release v0.6.3 is vulnerable to Uncontrolled
Resource Con ...)
TODO: check
CVE-2024-29645 (Buffer Overflow vulnerability in radarorg radare2 v.5.8.8
allows an at ...)
TODO: check
CVE-2024-12015 (The 'Project Manager' WordPress Plugin is affected by an
authenticated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10905 (IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2,
IdentityIQ 8.3 ...)
TODO: check
CVE-2024-10490 (An \u201cAuthentication Bypass Using an Alternate Path or
Channel\u201 ...)
@@ -685,39 +685,39 @@ CVE-2024-53103 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2024-45520 (WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a
remote ...)
NOT-FOR-US: WithSecure
CVE-2024-20139 (In Bluetooth firmware, there is a possible firmware asssert
due to imp ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20138 (In wlan driver, there is a possible out of bound read due to
improper ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20137 (In wlan driver, there is a possible client disconnection due
to improp ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20136 (In da, there is a possible out of bounds read due to a missing
bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20135 (In soundtrigger, there is a possible out of bounds write due
to a miss ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20134 (In ril, there is a possible out of bounds write due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20133 (In Modem, there is a possible escalation of privilege due to
an incorr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20132 (In Modem, there is a possible out of bonds write due to a
mission boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20131 (In Modem, there is a possible escalation of privilege due to
an incorr ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20130 (In power, there is a possible out of bounds write due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20129 (In Telephony, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20128 (In Telephony, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20127 (In Telephony, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20125 (In vdec, there is a possible out of bounds write due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20116 (In cmdq, there is a possible out of bounds read due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-12007 (A vulnerability, which was classified as critical, was found
in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Farmacia
CVE-2024-11856 (A security vulnerability in HPE IceWall products could be
exploited re ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-52596 (SimpleSAMLphp xml-common is a common classes for handling
XML-structur ...)
{DSA-5822-1 DLA-3981-1}
- simplesamlphp <unfixed> (bug #1088904)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42eb10369d6610e328ded537eeac01ce14019228
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42eb10369d6610e328ded537eeac01ce14019228
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
