[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 21 10:27:40 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e55d5bf4 by Salvatore Bonaccorso at 2024-02-21T11:27:19+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,39 +19,39 @@ CVE-2024-25601 (Stored cross-site scripting (XSS) vulnerability in Expando modul
 CVE-2024-25428 (SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run ar ...)
 	NOT-FOR-US: MRCMS
 CVE-2024-25152 (Stored cross-site scripting (XSS) vulnerability in Message Board widge ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25151 (The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older u ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25147 (Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in L ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25141 (When sslwas enabled for Mongo Hook, default settings included "allow_i ...)
 	NOT-FOR-US: Apache Airflow Mongo Provider
 CVE-2024-24876 (Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin M ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24872 (Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Bui ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24849 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quick ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24843 (Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24837 (Cross-Site Request Forgery (CSRF) vulnerability in Fr\xe9d\xe9ric GILL ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24802 (Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24798 (Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23830 (MantisBT is an open source issue tracker. Prior to version 2.26.1, an  ...)
 	- mantis <removed>
 CVE-2024-23758 (An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to vi ...)
-	TODO: check
+	NOT-FOR-US: Unisys
 CVE-2024-22235 (VMware Aria Operations contains a local privilege escalation vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-1631 (Impact: The library offers a function to generate an ed25519 key pair  ...)
 	TODO: check
 CVE-2024-1562 (The WooCommerce Google Sheet Connector plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1501 (The Database Reset plugin for WordPress is vulnerable to Cross-Site Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1108 (The Plugin Groups plugin for WordPress is vulnerable to unauthorized m ...)
 	TODO: check
 CVE-2024-1081 (The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is  ...)
@@ -376,81 +376,81 @@ CVE-2024-1546 (When storing and re-accessing data on a networking channel, the l
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1546
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1546
 CVE-2024-1519 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1496 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1492 (The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1475 (The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1472 (The WP Maintenance plugin for WordPress is vulnerable to Information E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1470 (Authorization Bypass Through User-Controlled Key vulnerability in NetI ...)
-	TODO: check
+	NOT-FOR-US: Microfocus
 CVE-2024-1448 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1447 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1445 (The Page scroll to id plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1425 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1411 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1408 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1390 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1389 (The Paid Membership Subscriptions \u2013 Effortless Memberships, Recur ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1349 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1340 (The Login Lockdown \u2013 Protect Login Form plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1339 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1338 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1337 (The SKT Page Builder plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1336 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1335 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1334 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1322 (The Directorist \u2013 WordPress Business Directory Plugin with Classi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1318 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1317 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1294 (The Sunshine Photo Cart: Free Client Galleries for Photographers plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1288 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1282 (The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1277 (The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1276 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1242 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1236 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1235 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1218 (The Contact Form builder with drag & drop for WordPress \u2013 Kali Fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1217 (The Contact Form builder with drag & drop for WordPress \u2013 Kali Fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1206 (The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injectio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1172 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1171 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ service may ...)
 	TODO: check
 CVE-2024-1155 (Incorrect permissions in the installation directories for shared Syste ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e55d5bf46324f4ff8d307f646c4c38c22c42f7f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e55d5bf46324f4ff8d307f646c4c38c22c42f7f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240221/307ca5a4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list