[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 26 14:47:44 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dae61f40 by Salvatore Bonaccorso at 2024-04-26T15:47:16+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12,19 +12,19 @@ CVE-2024-3890 (The Happy Addons for Elementor plugin for WordPress is vulnerable
 CVE-2024-3678 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3265 (The Advanced Search WordPress plugin through 1.1.6 does not properly e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3188 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3075 (The MM-email2image WordPress plugin through 0.2.5 does not validate an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3060 (The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3059 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3058 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3048 (The Bannerlid WordPress plugin through 1.1.0 does not escape generated ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33673 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...)
 	NOT-FOR-US: Veritas
 CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The Multi-Th ...)
@@ -32,9 +32,9 @@ CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The Mu
 CVE-2024-33671 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...)
 	NOT-FOR-US: Veritas
 CVE-2024-33670 (Passbolt API before 4.6.2 allows HTML injection in a URL parameter, re ...)
-	TODO: check
+	NOT-FOR-US: Passbolt API
 CVE-2024-33669 (An issue was discovered in Passbolt Browser Extension before 4.6.2. It ...)
-	TODO: check
+	NOT-FOR-US: Passbolt Browser Extension
 CVE-2024-33668 (An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cach ...)
 	TODO: check
 CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An authenticated agent ...)
@@ -48,21 +48,21 @@ CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial of
 CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...)
 	TODO: check
 CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is not index. ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33650 (Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Se ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33639 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33638 (Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Sma ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based One-Time-Pass ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2024-32651 (changedetection.io is an open source web page change detection, websit ...)
 	TODO: check
 CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer relate  ...)
@@ -72,33 +72,33 @@ CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer r
 CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...)
 	TODO: check
 CVE-2024-31610 (File Upload vulnerability in the function for employees to upload avat ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Simple School Management System
 CVE-2024-31609 (Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attac ...)
-	TODO: check
+	NOT-FOR-US: BOSSCMS
 CVE-2024-2920 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2908 (The Call Now Button  WordPress plugin before 1.4.7 does not sanitise a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2837 (The WP Chat App WordPress plugin before 3.6.4 does not sanitise and es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2603 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2439 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2429 (The Salon booking system WordPress plugin through 9.6.5 does not have  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2310 (The WP Google Review Slider WordPress plugin before 13.6 does not sani ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2159 (The Social Sharing Plugin  WordPress plugin before 3.3.61 does not val ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22633 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...)
-	TODO: check
+	NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.)
 CVE-2024-22632 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...)
-	TODO: check
+	NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.)
 CVE-2024-0916 (Unauthenticatedfile upload allows remote code execution. This issue af ...)
 	TODO: check
 CVE-2024-0905 (The Fancy Product Designer WordPress plugin before 6.1.8 does not sani ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6116 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...)
 	TODO: check
 CVE-2023-6096 (Vladimir Kononovich, a Security Researcher has found a flaw that using ...)
@@ -241,7 +241,7 @@ CVE-2024-22391 (A heap-based buffer overflow vulnerability exists in the LookupT
 CVE-2024-22373 (An out-of-bounds write vulnerability exists in the JPEG2000Codec::Deco ...)
 	TODO: check
 CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1347 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
 	- gitlab <unfixed>
 CVE-2023-52220 (Missing Authorization vulnerability in MonsterInsights Google Analytic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dae61f409f2e771cd2416a40ec6ea96feb4a02c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dae61f409f2e771cd2416a40ec6ea96feb4a02c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240426/1e8bd649/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list