[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 21 21:29:32 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5cc831dc by Salvatore Bonaccorso at 2024-02-21T22:29:05+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2024-26145 (Discourse Calendar adds the ability to create a dynamic calendar
CVE-2024-26138 (The XWiki licensor application, which manages and enforce application ...)
NOT-FOR-US: XWiki
CVE-2024-26133 (EventStoreDB (ESDB) is an operational database built to store events. ...)
- TODO: check
+ NOT-FOR-US: EventStoreDB (ESDB)
CVE-2024-26130 (cryptography is a package designed to expose cryptographic primitives ...)
- python-cryptography <unfixed>
NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
@@ -51,37 +51,37 @@ CVE-2024-24476 (Buffer Overflow vulnerability in Wireshark team Wireshark before
CVE-2024-23346 (Pymatgen (Python Materials Genomics) is an open-source Python library ...)
TODO: check
CVE-2024-22778 (HackMD CodiMD <2.5.2 is vulnerable to Denial of Service.)
- TODO: check
+ NOT-FOR-US: HackMD CodiMD
CVE-2024-22473 (TRNG is used before initialization by ECDSA signing driver when exitin ...)
TODO: check
CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 ...)
TODO: check
CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified Intelligence ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-1714
REJECTED
CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authenti ...)
- TODO: check
+ NOT-FOR-US: ConnectWise ScreenConnect
CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traver ...)
- TODO: check
+ NOT-FOR-US: ConnectWise ScreenConnect
CVE-2024-1707 (A vulnerability, which was classified as problematic, was found in GAR ...)
- TODO: check
+ NOT-FOR-US: GARO WALLBOX GLB+ T2EV7
CVE-2024-1706 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: ZKTeco ZKBio Access IVS
CVE-2024-1705 (A vulnerability was found in Shopwind up to 4.6. It has been rated as ...)
- TODO: check
+ NOT-FOR-US: Shopwind
CVE-2024-1704 (A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been de ...)
- TODO: check
+ NOT-FOR-US: ZhongBangKeJi CRMEB
CVE-2024-1703 (A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been cl ...)
- TODO: check
+ NOT-FOR-US: ZhongBangKeJi CRMEB
CVE-2024-1702 (A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1. ...)
- TODO: check
+ NOT-FOR-US: keerti1924 PHP-MYSQL-User-Login-System
CVE-2024-1701 (A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-Syst ...)
- TODO: check
+ NOT-FOR-US: keerti1924 PHP-MYSQL-User-Login-System
CVE-2024-1700 (A vulnerability, which was classified as problematic, was found in kee ...)
- TODO: check
+ NOT-FOR-US: keerti1924 PHP-MYSQL-User-Login-System
CVE-2024-1474 (In WS_FTP Server versions before 8.8.5, reflected cross-site scripting ...)
- TODO: check
+ NOT-FOR-US: Progress WS_FTP Server
CVE-2024-1212 (Unauthenticated remote attackers can access the system through the Loa ...)
TODO: check
CVE-2023-7235 (The OpenVPN GUI installer before version 2.6.9 did not set the proper ...)
@@ -91,13 +91,13 @@ CVE-2023-6640 (Malformed S2 Nonce Get Command Class packets can be sent to crash
CVE-2023-6533 (Malformed Device Reset Locally Command Class packets can be sent to th ...)
TODO: check
CVE-2023-50975 (The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allow ...)
- TODO: check
+ NOT-FOR-US: TD Bank TD Advanced Dashboard client
CVE-2023-50955 (IBM InfoSphere Information Server 11.7 could allow an authenticated pr ...)
NOT-FOR-US: IBM
CVE-2023-49100 (Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-boun ...)
TODO: check
CVE-2023-47795 (Stored cross-site scripting (XSS) vulnerability in the Document and Me ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2023-46241 (`discourse-microsoft-auth` is a plugin that enables authentication via ...)
TODO: check
CVE-2023-33843 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
@@ -600,87 +600,87 @@ CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ servic
CVE-2024-1155 (Incorrect permissions in the installation directories for shared Syste ...)
TODO: check
CVE-2024-1133 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1128 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1091 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1090 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1089 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1070 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1058 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1054 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1044 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1043 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0984 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0983 (The ImageRecycle pdf & image compression plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0978 (The My Private Site plugin for WordPress is vulnerable to Sensitive In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0838 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0821 (The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0794 (Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Manag ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-0792 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0702 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0658 (The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0656 (The Password Protected \u2013 Ultimate Plugin to Password Protect Your ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0621 (The Simple Share Buttons Adder plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0620 (The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0616 (The Passster \u2013 Password Protect Pages and Content plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0604 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0602 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0590 (The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0516 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0515 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0514 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0513 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0512 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0506 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0442 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0438 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0407 (Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are p ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2024-0379 (The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7245 (The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3. ...)
TODO: check
CVE-2023-6923 (The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6881 (Possible buffer overflow in is_mount_point)
TODO: check
CVE-2023-6806 (The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6565 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6247 (The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did ...)
TODO: check
CVE-2023-52439 (In the Linux kernel, the following vulnerability has been resolved: u ...)
@@ -794,9 +794,9 @@ CVE-2023-6398 (A post-authentication command injection vulnerability in the file
CVE-2023-6397 (A null pointer dereference vulnerability in Zyxel ATP series firmware ...)
NOT-FOR-US: Zyxel
CVE-2023-6260 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Brivo
CVE-2023-6259 (Insufficiently Protected Credentials, : Improper Access Control vulner ...)
- TODO: check
+ NOT-FOR-US: Brivo
CVE-2023-5190 (Open redirect vulnerability in the Countries Management\u2019s edit re ...)
NOT-FOR-US: Liferay
CVE-2023-44308 (Open redirect vulnerability in adaptive media administration page in L ...)
@@ -84411,11 +84411,11 @@ CVE-2022-45181
CVE-2022-45180 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...)
NOT-FOR-US: LIVEBOX
CVE-2022-45179 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX Collaboration vDesk
CVE-2022-45178 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...)
NOT-FOR-US: LIVEBOX
CVE-2022-45177 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX Collaboration vDesk
CVE-2022-45176
RESERVED
CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
@@ -84431,7 +84431,7 @@ CVE-2022-45171
CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
NOT-FOR-US: LIVEBOX
CVE-2022-45169 (An issue was discovered in LIVEBOX Collaboration vDesk through v031. A ...)
- TODO: check
+ NOT-FOR-US: LIVEBOX Collaboration vDesk
CVE-2022-45168
RESERVED
CVE-2022-3962 (A content spoofing vulnerability was found in Kiali. It was discovered ...)
@@ -204047,7 +204047,7 @@ CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, an
CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...)
NOT-FOR-US: Liferay
CVE-2021-29050 (Cross-Site Request Forgery (CSRF) vulnerability in the terms of use pa ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal Workflow module ...)
NOT-FOR-US: Liferay
CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...)
@@ -204071,7 +204071,7 @@ CVE-2021-29040 (The JSON web services in Liferay Portal 7.3.4 and earlier, and L
CVE-2021-29039 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...)
NOT-FOR-US: Liferay
CVE-2021-29038 (Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, an ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2021-29037
RESERVED
CVE-2021-29036
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cc831dccdcdb1ef936015f0efc367687c52f4f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cc831dccdcdb1ef936015f0efc367687c52f4f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240221/d30c6402/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list