Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d27be7a by Salvatore Bonaccorso at 2024-12-12T10:33:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
CVE-2024-9881 (The LearnPress WordPress plugin before 4.2.7.2 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9641 (The LuckyWP Table of Contents WordPress plugin before 2.1.7
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9428 (The Popup Builder WordPress plugin before 4.3.5 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-55884 (In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and
2024.8-b ...)
- TODO: check
+ NOT-FOR-US: Mullvad VPN client
CVE-2024-55660 (SiYuan is a personal knowledge management system. Prior to
version 3.1 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2024-55659 (SiYuan is a personal knowledge management system. Prior to
version 3.1 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2024-55658 (SiYuan is a personal knowledge management system. Prior to
version 3.1 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2024-55657 (SiYuan is a personal knowledge management system. Prior to
version 3.1 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2024-55652 (PenDoc is a penetration testing reporting application. Prior
to commit ...)
- TODO: check
+ NOT-FOR-US: PenDoc
CVE-2024-54534 (The issue was addressed with improved memory handling. This
issue is f ...)
TODO: check
CVE-2024-54531 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -99,7 +99,7 @@ CVE-2024-53273 (Habitica is an open-source habit-building
program. Versions prio
CVE-2024-53272 (Habitica is an open-source habit-building program. Versions
prior to 5 ...)
TODO: check
CVE-2024-45404 (OpenCTI is an open-source cyber threat intelligence platform.
In versi ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2024-44300 (A logic issue was addressed with improved file handling. This
issue is ...)
TODO: check
CVE-2024-44299 (The issue was addressed with improved bounds checks. This
issue is fix ...)
@@ -133,77 +133,77 @@ CVE-2024-44201 (The issue was addressed with improved
memory handling. This issu
CVE-2024-44200 (This issue was addressed with improved redaction of sensitive
informat ...)
TODO: check
CVE-2024-42407 (Insertion of Sensitive Information into Log File (CWE-532) in
the Gall ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-41146 (Use of Multiple Resources with Duplicate Identifier (CWE-694)
in the C ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-12564 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
TODO: check
CVE-2024-12536 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Kortex Lite Advocate Office Management System
CVE-2024-12526 (The Arena.IM \u2013 Live Blogging for real-time events plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12503 (A vulnerability classified as problematic was found in
ClassCMS 4.8. A ...)
- TODO: check
+ NOT-FOR-US: ClassCMS
CVE-2024-12497 (A vulnerability classified as critical has been found in 1000
Projects ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Attendance Tracking Management System
CVE-2024-12492 (A vulnerability was found in code-projects Farmacia 1.0. It
has been r ...)
- TODO: check
+ NOT-FOR-US: code-projects Farmacia
CVE-2024-12490 (A vulnerability was found in code-projects Online Class and
Exam Sched ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Class and Exam Scheduling System
CVE-2024-12489 (A vulnerability was found in code-projects Online Class and
Exam Sched ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Class and Exam Scheduling System
CVE-2024-12488 (A vulnerability was found in code-projects Online Class and
Exam Sched ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Class and Exam Scheduling System
CVE-2024-12487 (A vulnerability has been found in code-projects Online Class
and Exam ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Class and Exam Scheduling System
CVE-2024-12486 (A vulnerability, which was classified as critical, was found
in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Class and Exam Scheduling System
CVE-2024-12485 (A vulnerability, which was classified as critical, has been
found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Online Class and Exam Scheduling System
CVE-2024-12463 (The Arena.IM \u2013 Live Blogging for real-time events plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12461 (The WP-Revive Adserver plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12441 (The BP Email Assign Templates plugin for WordPress is
vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12406 (The Library Management System \u2013 Manage e-Digital Books
Library pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12341 (The Custom Skins Contact Form 7 plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12338 (The Website Toolbox Community plugin for WordPress is
vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12329 (The Essential Real Estate plugin for WordPress is vulnerable
to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12312 (The Print Science Designer plugin for WordPress is vulnerable
to PHP O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12265 (The Web3 Crypto Payments by DePay for WooCommerce plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12263 (The Child Theme Creator by Orbisius plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12260 (The Ultimate Endpoints With Rest Api plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12258 (The WP Service Payment Form With Authorize.net plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12255 (The Accept Stripe Payments Using Contact Form 7 plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12201 (The Hash Form \u2013 Drag & Drop Form Builder plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12172 (The WP Courses LMS \u2013 Online Courses Builder, eLearning
Courses, C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12162 (The Video & Photo Gallery for Ultimate Member plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12156 (The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12072 (The Analytics Cat \u2013 Google Analytics Made Easy plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12059 (The ElementInvader Addons for Elementor plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12040 (The Product Carousel Slider & Grid Ultimate for WooCommerce
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12018 (The Snippet Shortcodes plugin for WordPress is vulnerable to
unauthori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11950 (XnSoft XnView Classic RWZ File Parsing Integer Underflow
Remote Code E ...)
- TODO: check
+ NOT-FOR-US: XnSoft XnView
CVE-2024-11949 (GFI Archiver Store Service Deserialization of Untrusted Data
Remote Co ...)
TODO: check
CVE-2024-11948 (GFI Archiver Telerik Web UI Remote Code Execution
Vulnerability. This ...)
@@ -211,103 +211,103 @@ CVE-2024-11948 (GFI Archiver Telerik Web UI Remote Code
Execution Vulnerability.
CVE-2024-11947 (GFI Archiver Core Service Deserialization of Untrusted Data
Remote Cod ...)
TODO: check
CVE-2024-11914 (The Gutenberg Blocks and Page Layouts \u2013 Attire Blocks
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11901 (The PowerBI Embed Reports plugin for WordPress is vulnerable
to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11891 (The Perfect Font Awesome Integration plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11882 (The FAQ And Answers \u2013 Create Frequently Asked Questions
Area on W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11875 (The Add infos to the events calendar plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11872 (Epic Games Launcher Incorrect Default Permissions Local
Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: Epic Games Launcher
CVE-2024-11871 (The Social Media Shortcodes plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11804 (The Planaday API plugin for WordPress is vulnerable to
Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11785 (The Integrate Firebase plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11781 (The Smart Agenda \u2013 Prise de rendez-vous en ligne plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11766 (The WordPress Book Plugin for Displaying Books in Grid, Flip,
Slider, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11765 (The WordPress Portfolio Plugin \u2013 A Plugin for Making
Filterable P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11757 (The WP GeoNames plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11750 (The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11727 (The NotificationX \u2013 Live Sales Notification, WooCommerce
Sales Po ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11724 (The Cookie Consent for WP \u2013 Cookie Consent, Consent Log,
Cookie S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11723 (The kvCORE IDX plugin for WordPress is vulnerable to Reflected
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11709 (The AI Post Generator | AutoWriter plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11689 (The HQ Rental Software plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11683 (The Newsletter Subscriptions plugin for WordPress is
vulnerable to Ref ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11459 (The Country Blocker plugin for WordPress is vulnerable to
Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11443 (The de:branding plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11442 (The Horizontal scroll image slideshow plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11433 (The Surbma | SalesAutopilot Shortcode plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11430 (The SQL Chart Builder plugin for WordPress is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11427 (The Catch Popup plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11419 (The Password for WP plugin for WordPress is vulnerable to
Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11417 (The dejure.org Vernetzungsfunktion plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11413 (The HostFact bestelformulier integratie plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11410 (The Top and footer bars for announcements, notifications,
advertisemen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11384 (The Arena.IM \u2013 Live Blogging for real-time events plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11359 (The Library Bookshelves plugin for WordPress is vulnerable to
Reflecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11279 (The Schema App Structured Data plugin for WordPress is
vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11181 (The Greenshift \u2013 animation and page builder blocks plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11052 (The Ninja Forms \u2013 The Contact Form Builder That Grows
With You pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11015 (The Sign In With Google plugin for WordPress is vulnerable to
authenti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10910 (The The Grid Plus \u2013 Unlimited grid layout plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10784 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10637 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin
before 3. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10590 (The Opt-In Downloads plugin for WordPress is vulnerable to
arbitrary f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10583 (The Popup Maker \u2013 Boost Sales, Conversions, Optins,
Subscribers w ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10568 (The Ajax Search Lite WordPress plugin before 4.12.4 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10518 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10517 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10499 (The AI Engine WordPress plugin before 2.6.5 does not sanitize
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10182 (The Cognito Forms plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10124 (The Vayu Blocks \u2013 Gutenberg Blocks for WordPress &
WooCommerce pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10111 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10010 (The LearnPress WordPress plugin before 4.2.7.2 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9845 (Under specific circumstances, insecure permissions in Ivanti
Automatio ...)
NOT-FOR-US: Ivanti
CVE-2024-8496 (Under specific circumstances, insecure permissions in Ivanti
Workspace ...)
@@ -548,11 +548,11 @@ CVE-2024-47537 (GStreamer is a library for constructing
graphs of media-handling
CVE-2024-45337 (Applications and libraries which misuse the
ServerConfig.PublicKeyCall ...)
TODO: check
CVE-2024-42448 (From the VSPC management agent machine, under condition that
the manag ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2024-37401 (An out-of-bounds read in IPsec of Ivanti Connect Secure before
version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-37377 (A heap-based buffer overflow in IPsec of Ivanti Connect Secure
before ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28141 (The web application is not protected against cross-site
request forger ...)
TODO: check
CVE-2024-28140 (The scanner device boots into a kiosk mode by default and
opens the Sc ...)
@@ -560,45 +560,45 @@ CVE-2024-28140 (The scanner device boots into a kiosk
mode by default and opens
CVE-2024-28139 (The www-data user can elevate its privileges because sudo is
configure ...)
TODO: check
CVE-2024-12484 (A vulnerability classified as critical was found in Codezips
Technical ...)
- TODO: check
+ NOT-FOR-US: Codezips Technical Discussion Forum
CVE-2024-12483 (A vulnerability classified as problematic has been found in
Dromara UJ ...)
- TODO: check
+ NOT-FOR-US: Dromara UJCMS
CVE-2024-12482 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It
has been ...)
- TODO: check
+ NOT-FOR-US: cjbi wetech-cms
CVE-2024-12481 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It
has been ...)
- TODO: check
+ NOT-FOR-US: cjbi wetech-cms
CVE-2024-12480 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It
has been ...)
- TODO: check
+ NOT-FOR-US: cjbi wetech-cms
CVE-2024-12479 (A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and
classifie ...)
- TODO: check
+ NOT-FOR-US: cjbi wetech-cms
CVE-2024-12363 (Insufficient permissions in the TeamViewer Patch & Asset
Management co ...)
TODO: check
CVE-2024-12325 (The Waymark plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12294 (The Last Viewed Posts by WPBeginner plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12283 (The WP Pipes plugin for WordPress is vulnerable to Reflected
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12004 (The WPC Order Notes for WooCommerce plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11840 (The RapidLoad \u2013 Optimize Web Vitals Automatically plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11737 (CWE-20: Improper Input Validation vulnerability exists that
could lead ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-11598 (Under specific circumstances, insecure permissions in Ivanti
Applicati ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11597 (Under specific circumstances, insecure permissions in Ivanti
Performan ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-11401 (Rapid7 Insight Platform versions prior to November 13th 2024,
suffer f ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Insight Platform
CVE-2024-11351 (The Restrict \u2013 membership, site, content and user access
restrict ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11008 (The Members \u2013 Membership & User Role Editor Plugin plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10511 (CWE-287: Improper Authentication vulnerability exists that
could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-10251 (Under specific circumstances, insecure permissions in Ivanti
Security ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-12382 (Use after free in Translate in Google Chrome prior to
131.0.6778.139 a ...)
- chromium 131.0.6778.139-1
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d27be7a39304d7c9843c805d0ef9312b9d8b6cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d27be7a39304d7c9843c805d0ef9312b9d8b6cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
