[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 17 10:18:18 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2fb6e3de by Salvatore Bonaccorso at 2024-04-17T11:17:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,9 +33,9 @@ CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras fr
CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...)
- check-mk <removed>
CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...)
TODO: check
CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...)
@@ -47,39 +47,39 @@ CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect
CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...)
TODO: check
CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32524 (Missing Authorization vulnerability in Nuggethon Custom Order Statuses ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32522 (Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Te ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32520 (Missing Authorization vulnerability in WPClever WPC Grouped Product fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32519 (Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32518 (Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32517 (Missing Authorization vulnerability in WooCommerce & WordPress Tutoria ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32516 (Missing Authorization vulnerability in Palscode Multi Currency For Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32515 (Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32514 (Unrestricted Upload of File with Dangerous Type vulnerability in Poll ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32513 (Insertion of Sensitive Information into Log File vulnerability in AdTr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32509 (Missing Authorization vulnerability in Loopus WP Cost Estimation & Pay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32455 (Missing Authorization vulnerability in Very Good Plugins Fatal Error N ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32256 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Tourism Management System
CVE-2024-32254 (Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricte ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul Tourism Management System
CVE-2024-32086 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32027 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss v22. ...)
TODO: check
CVE-2024-32026 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is v ...)
@@ -95,49 +95,49 @@ CVE-2024-32022 (Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_s
CVE-2024-31887 (IBM Security Verify Privilege 11.6.25 could allow an unauthenticated a ...)
NOT-FOR-US: IBM
CVE-2024-31760 (An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attac ...)
- TODO: check
+ NOT-FOR-US: flipped-aurora gin-vue-admin
CVE-2024-31759 (An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to esc ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2024-31680 (File Upload vulnerability in Shibang Communications Co., Ltd. IP netwo ...)
- TODO: check
+ NOT-FOR-US: Shibang Communications Co., Ltd. IP network intercom broadcasting system
CVE-2024-31503 (Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and befor ...)
TODO: check
CVE-2024-31452 (OpenFGA is a high-performance and flexible authorization/permission en ...)
- TODO: check
+ NOT-FOR-US: OpenFGA
CVE-2024-31451 (DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable ...)
- TODO: check
+ NOT-FOR-US: DocsGPT
CVE-2024-31446 (OpenComputers is a Minecraft mod that adds programmable computers and ...)
TODO: check
CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2024-30378 (A Use After Free vulnerability in command processing of Juniper Networ ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable ...)
TODO: check
CVE-2024-2309 (The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2102 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...)
TODO: check
CVE-2024-2101 (The Salon booking system WordPress plugin before 9.6.3 does not proper ...)
TODO: check
CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which allows a ...)
- TODO: check
+ NOT-FOR-US: cskefu
CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...)
TODO: check
CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to call protec ...)
TODO: check
CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22440 (A potential security vulnerability has been identified in HPE Compute ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-22354 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...)
NOT-FOR-US: IBM
CVE-2024-22329 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...)
NOT-FOR-US: IBM
CVE-2024-21676 (This High severity Injection vulnerability was introduced in versions ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2024-21121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
TODO: check
CVE-2024-21120 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb6e3dec98a0799f8d097f2c3e84867521d7f54
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb6e3dec98a0799f8d097f2c3e84867521d7f54
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240417/6a8f3b2d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list