[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 10 07:38:28 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23af76fd by Salvatore Bonaccorso at 2024-04-10T08:37:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -239,7 +239,7 @@ CVE-2024-2027 (The Real Media Library: Media Library Folder & File Manager plugi
 CVE-2024-2026 (The Passster plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2018 (The WP Activity Log Premium plugin for WordPress is vulnerable to SQL  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29993 (Azure CycleCloud Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-29992 (Azure Identity Library for .NET Information Disclosure Vulnerability)
@@ -582,167 +582,167 @@ CVE-2024-20669 (Secure Boot Security Feature Bypass Vulnerability)
 CVE-2024-20665 (BitLocker Security Feature Bypass Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-1999 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1991 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1990 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1984 (The Graphene theme for WordPress is vulnerable to unauthorized access  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-1974 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1960 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1948 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1934 (The WP Compress \u2013 Image Optimizer plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1904 (The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1893 (The Easy Property Listings plugin for WordPress is vulnerable to time- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1852 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1850 (The AI Post Generator | AutoWriter plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1813 (The Simple Job Board plugin for WordPress is vulnerable to PHP Object  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1812 (The Everest Forms plugin for WordPress is vulnerable to Server-Side Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1794 (The Forminator plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1792 (The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1790 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1774 (The Customily Product Personalizer plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1641 (The Accordion plugin for WordPress is vulnerable to unauthorized acces ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1637 (The 360 Javascript Viewer plugin for WordPress is vulnerable to unauth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1587 (The Newsmatic theme for WordPress is vulnerable to Sensitive Informati ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-1571 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1498 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1466 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1465 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1464 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1463 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1461 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1458 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1424 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1412 (The Memberpress plugin for WordPress is vulnerable to Reflected Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1387 (The Happy Addons for Elementor plugin for WordPress is vulnerable to u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1352 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1315 (The Classified Listing \u2013 Classified ads & Business Directory Plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1308 (The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1289 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0952 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0899 (The s2Member \u2013 Best Membership Plugin for All Kinds of Membership ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0873 (The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0872 (The Watu Quiz plugin for WordPress is vulnerable to Sensitive Informat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0826 (The Qi Addons For Elementor plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0662 (The FancyBox for WordPress plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0626 (The WooCommerce Clover Payment Gateway plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0598 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0588 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0376 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7046 (The WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6999 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6993 (The Custom post types, Custom Fields & more plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6967 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6965 (The Pods \u2013 Custom Content Types and Fields plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6964 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6799 (The WP Reset \u2013 Most Advanced WordPress Reset Tool plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6777 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6695 (The Beaver Themer plugin for WordPress is vulnerable to Sensitive Info ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6694 (The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6486 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6320 (A command injection vulnerability exists in the com.webos.service.conn ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2023-6319 (A command injection vulnerability exists in the getAudioMetadatamethod ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2023-6318 (A command injection vulnerability exists in the processAnalyticsReport ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2023-6317 (A prompt bypass exists in the secondscreen.gateway service running on  ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2023-50821 (A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All version ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2023-49913 (A stack-based buffer overflow vulnerability exists in the web interfac ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49912 (A stack-based buffer overflow vulnerability exists in the web interfac ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49911 (A stack-based buffer overflow vulnerability exists in the web interfac ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49910 (A stack-based buffer overflow vulnerability exists in the web interfac ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49909 (A stack-based buffer overflow vulnerability exists in the web interfac ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49908 (A stack-based buffer overflow vulnerability exists in the web interfac ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49907 (A stack-based buffer overflow vulnerability exists in the web interfac ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49906 (A stack-based buffer overflow vulnerability exists in the web interfac ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49134 (A command execution vulnerability exists in the tddpd enable_test_mode ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49133 (A command execution vulnerability exists in the tddpd enable_test_mode ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-49074 (A denial of service vulnerability exists in the TDDP functionality of  ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-48784 (Ause of externally-controlled format string vulnerability [CWE-134] in ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-48724 (A memory corruption vulnerability exists in the web interface function ...)
-	TODO: check
+	NOT-FOR-US: Tp-Link
 CVE-2023-47542 (A improper neutralization of special elements used in a template engin ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-47541 (An improper limitation of a pathname to a restricted directory ('path  ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-47540 (An improper neutralization of special elements used in an os command ( ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-45590 (An improper control of generation of code ('code injection') in Fortin ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7 ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2201 [Native Branch History Injection]
 	- linux <unfixed>
 	- xen <unfixed>
@@ -847,13 +847,13 @@ CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerExcep
 CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...)
 	- libjfreechart-java <unfixed>
 CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...)
 	TODO: check
 CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA ChatRTX
 CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA ChatRTX
 CVE-2024-25743
 	- linux <unfixed>
 	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html
@@ -947,7 +947,7 @@ CVE-2024-27895 (Vulnerability of permission control in the window module. Succes
 CVE-2024-26574 (Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 al ...)
 	NOT-FOR-US: Wondershare Filmora
 CVE-2024-24279 (An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint  ...)
-	TODO: check
+	NOT-FOR-US: secdiskapp
 CVE-2024-23192 (RSS feeds that contain malicious data- attributes could be abused to i ...)
 	NOT-FOR-US: Open-Xchange
 CVE-2024-23191 (Upsell advertisement information of an account can be manipulated to e ...)
@@ -72478,9 +72478,9 @@ CVE-2023-1085
 CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
 	- gitlab 15.10.8+ds1-2
 CVE-2023-1083 (An unauthenticated remote attacker who is aware of aMQTT  topic name c ...)
-	TODO: check
+	NOT-FOR-US: Welotec
 CVE-2023-1082 (An remote attacker with low privileges can perform a command injection ...)
-	TODO: check
+	NOT-FOR-US: Welotec
 CVE-2023-27296 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure to requi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23af76fd71890567745cf29448fef58a03f7bf73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23af76fd71890567745cf29448fef58a03f7bf73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240410/575ea25e/attachment.htm>


More information about the debian-security-tracker-commits mailing list