[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 10 07:05:31 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cc97337 by Salvatore Bonaccorso at 2024-04-10T08:05:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin
CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4 ...)
- TODO: check
+ NOT-FOR-US: Eclipse Kura LogServlet
CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...)
NOT-FOR-US: Siemens
CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...)
@@ -63,7 +63,7 @@ CVE-2024-31506 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable
CVE-2024-31487 (A improper limitation of a pathname to a restricted directory ('path t ...)
NOT-FOR-US: FortiGuard
CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue and gin, w ...)
- TODO: check
+ NOT-FOR-US: gin-vue-admin
CVE-2024-31455 (Minder by Stacklok is an open source software supply chain security pl ...)
NOT-FOR-US: Minder by Stacklok
CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...)
@@ -141,103 +141,103 @@ CVE-2024-2536 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulne
CVE-2024-2513 (The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2507 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2504 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2501 (The Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2492 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2457 (The Modal Window \u2013 create popup modal window plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2456 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2436 (The Lightweight Accordion plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2423 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2348 (The Gum Elementor Addon plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2347 (The Astra theme for WordPress is vulnerable to Stored Cross-Site Scrip ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2344 (The Avada theme for WordPress is vulnerable to SQL Injection via the ' ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2343 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2342 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2341 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2340 (The Avada theme for WordPress is vulnerable to Sensitive Information E ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2336 (The Popup Maker \u2013 Popup for opt-ins, lead gen, & more plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2335 (The Elements Plus! plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2334 (The Template Kit \u2013 Import plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2327 (The Global Elementor Buttons plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2325 (The Link Library plugin for WordPress is vulnerable to Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2311 (The Avada theme for WordPress is vulnerable to Stored Cross-Site Scrip ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2306 (The Revslider plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2305 (The Cards for Beaver Builder plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2302 (The Easy Digital Downloads \u2013 Sell Digital Files & Subscriptions ( ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2289 (The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2287 (The Knight Lab Timeline plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2261 (The Event Tickets and Registration plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2226 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2224 (Improper Limitation of a Pathname to a Restricted Directory (\u2018Pat ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2024-2223 (An Incorrect Regular Expression vulnerability in Bitdefender GravityZo ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2024-2222 (The Advanced Classifieds & Directory Pro plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2200 (The Contact Form by BestWebSoft plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2198 (The Contact Form by BestWebSoft plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2187 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2186 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2185 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2183 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2181 (The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2165 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2138 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2125 (The Env\xedaloSimple: Email Marketing y Newsletters plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2117 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2112 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2093 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2081 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2039 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2033 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2027 (The Real Media Library: Media Library Folder & File Manager plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2026 (The Passster plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2018 (The WP Activity Log Premium plugin for WordPress is vulnerable to SQL ...)
TODO: check
CVE-2024-29993 (Azure CycleCloud Elevation of Privilege Vulnerability)
@@ -395,7 +395,7 @@ CVE-2024-28191 (Contao is an open source content management system. Starting in
CVE-2024-28190 (Contao is an open source content management system. Starting in versio ...)
NOT-FOR-US: Contao CMS
CVE-2024-27665 (Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XS ...)
- TODO: check
+ NOT-FOR-US: Unifiedtransform
CVE-2024-27247 (Improper privilege management in the installer for Zoom Desktop Client ...)
NOT-FOR-US: Zoom
CVE-2024-27242 (Cross site scripting in Zoom Desktop Client for Linux before version 5 ...)
@@ -529,54 +529,54 @@ CVE-2024-26168 (Secure Boot Security Feature Bypass Vulnerability)
CVE-2024-26158 (Microsoft Install Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-25116 (RedisBloom adds a set of probabilistic data structures to Redis. Start ...)
- TODO: check
+ NOT-FOR-US: RedisBloom
CVE-2024-25115 (RedisBloom adds a set of probabilistic data structures to Redis. Start ...)
- TODO: check
+ NOT-FOR-US: RedisBloom
CVE-2024-24694 (Improper privilege management in the installer for Zoom Desktop Client ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2024-24576 (Rust is a programming language. The Rust Security Response WG was noti ...)
- rustc <not-affected> (Only affects rustc on Windows)
NOTE: https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh
CVE-2024-24245 (An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fi ...)
- TODO: check
+ NOT-FOR-US: Canimaan Software LTD ClamXAV
CVE-2024-23671 (A improper limitation of a pathname to a restricted directory ('path t ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-23662 (An exposure of sensitive information to an unauthorized actor in Forti ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-22423 (yt-dlp is a youtube-dl fork with additional features and fixes. The pa ...)
TODO: check
CVE-2024-21756 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-21755 (A improper neutralization of special elements used in an os command (' ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-21447 (Windows Authentication Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21424 (Azure Compute Gallery Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21409 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21324 (Microsoft Defender for IoT Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21323 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-21322 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20693 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20689 (Secure Boot Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20688 (Secure Boot Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20685 (Azure Private 5G Core Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20678 (Remote Procedure Call Runtime Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20670 (Outlook for Windows Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20669 (Secure Boot Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-20665 (BitLocker Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-1999 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...)
TODO: check
CVE-2024-1991 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
@@ -812,13 +812,13 @@ CVE-2024-30215 (The Resource Settings page allows a high privilege attacker to l
CVE-2024-30214 (The application allows a high privilege attacker to append a malicious ...)
NOT-FOR-US: SAP
CVE-2024-2975 (A race condition was identified through which privilege escalation was ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2024-28167 (SAP Group Reporting Data Collectiondoes not perform necessary authoriz ...)
NOT-FOR-US: SAP
CVE-2024-27901 (SAP Asset Accounting could allow a high privileged attacker to exploit ...)
NOT-FOR-US: SAP
CVE-2024-27899 (Self-Registrationand Modify your own profile in User Admin Application ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-27898 (SAP NetWeaver application, due to insufficient input validation, allow ...)
NOT-FOR-US: SAP
CVE-2024-27632 (An issue in GNU Savane v.3.12 and before allows a remote attacker to e ...)
@@ -830,7 +830,7 @@ CVE-2024-27630 (Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and
CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intelligence La ...)
NOT-FOR-US: SAP
CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...)
TODO: check
CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...)
@@ -926,9 +926,9 @@ CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been identi
CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu ver ...)
NOT-FOR-US: Faucet SDN Ryu
CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...)
- TODO: check
+ NOT-FOR-US: web-flash
CVE-2024-28224 (Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadve ...)
- TODO: check
+ NOT-FOR-US: Ollama
CVE-2024-28066 (In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a h ...)
NOT-FOR-US: Unify CP IP Phone firmware
CVE-2024-27897 (Input verification vulnerability in the call module. Impact: Successfu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc973373e2d4acc6f3e3228b57eea5798949693
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc973373e2d4acc6f3e3228b57eea5798949693
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240410/4efcec0c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list