[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 28 20:58:28 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
852b8d65 by Salvatore Bonaccorso at 2024-02-28T21:58:03+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,117 +43,117 @@ CVE-2024-25831 (F-logic DataCube3 Version 1.0 is affected by a reflected cross-s
 CVE-2024-25830 (F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due t ...)
 	NOT-FOR-US: F-logic DataCube3
 CVE-2024-25435 (A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2. ...)
-	TODO: check
+	NOT-FOR-US: Md1health Md1patient
 CVE-2024-25202 (Cross Site Scripting vulnerability in Phpgurukul User Registration & L ...)
-	TODO: check
+	NOT-FOR-US: Phpgurukul User Registration & Login and User Management System
 CVE-2024-25170 (An issue in Mezzanine v6.0.0 allows attackers to bypass access control ...)
-	TODO: check
+	NOT-FOR-US: Mezzanine
 CVE-2024-25169 (An issue in Mezzanine v6.0.0 allows attackers to bypass access control ...)
-	TODO: check
+	NOT-FOR-US: Mezzanine
 CVE-2024-25128 (Flask-AppBuilder is an application development framework, built on top ...)
 	TODO: check
 CVE-2024-24868 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24708 (Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEED ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24705 (Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24702 (Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24701 (Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24148 (A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0 ...)
 	TODO: check
 CVE-2024-23519 (Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Emai ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22459 (Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3 ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-21749 (Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-20344 (A vulnerability in system resource management in Cisco UCS 6400 and 65 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20321 (A vulnerability in the External Border Gateway Protocol (eBGP) impleme ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20294 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20291 (A vulnerability in the access control list (ACL) programming for port  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20267 (A vulnerability with the handling of MPLS traffic for Cisco NX-OS Soft ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-1965 (Server-Side Request Forgery vulnerability in Haivision's Aviwest Manag ...)
-	TODO: check
+	NOT-FOR-US: Haivision's Aviwest Manager and Aviwest Steamhub
 CVE-2024-1954 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1861 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enum ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1860 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enum ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1847 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out ...)
-	TODO: check
+	NOT-FOR-US: Solidworks
 CVE-2024-1808 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1791 (The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1719 (The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1636 (Potential Cross-Site Scripting (XSS) in the page editing area.)
-	TODO: check
+	NOT-FOR-US: sitefinity-cms
 CVE-2024-1632 (Low-privileged users with access to the Sitefinity backend may obtain  ...)
-	TODO: check
+	NOT-FOR-US: sitefinity-cms
 CVE-2024-1566 (The Redirects plugin for WordPress is vulnerable to unauthorized modif ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1516 (The WP eCommerce plugin for WordPress is vulnerable to unauthorized ar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1514 (The WP eCommerce plugin for WordPress is vulnerable to time-based blin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1476 (The Under Construction / Maintenance Mode from Acurax plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1368 (The Page Duplicator plugin for WordPress is vulnerable to unauthorized ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1136 (The Coming Soon Page & Maintenance Mode plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0975 (The WordPress Access Control plugin for WordPress is vulnerable to Sen ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0786 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0768 (The Envo's Elementor Templates & Widgets for WooCommerce plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0767 (The Envo's Elementor Templates & Widgets for WooCommerce plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0766 (The Envo's Elementor Templates & Widgets for WooCommerce plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0682 (The Page Restrict plugin for WordPress is vulnerable to information di ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0680 (The WP Private Content Plus plugin for WordPress is vulnerable to info ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0560 (A vulnerability was found in 3Scale, when used with Keycloak 15 (or RH ...)
-	TODO: check
+	NOT-FOR-US: Red Hat 3scale API gateway
 CVE-2024-0433 (The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0432 (The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0431 (The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6922 (The Under Construction / Maintenance Mode from Acurax plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6917 (A vulnerability has been identified in the Performance Co-Pilot (PCP)  ...)
 	TODO: check
 CVE-2023-52226 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52223 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52048 (RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vu ...)
 	TODO: check
 CVE-2023-52047 (Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forger ...)
-	TODO: check
+	NOT-FOR-US: Dedecms
 CVE-2023-51692 (Missing Authorization vulnerability in CusRev Customer Reviews for Woo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51683 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51681 (Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51533 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25065 (Possible path traversal in Apache OFBiz allowing authentication bypass ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2024-23946 (Possible path traversal in Apache OFBiz allowing file inclusion. Users ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/852b8d6524878edf4cd7be9b0663e8eeccd04797

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/852b8d6524878edf4cd7be9b0663e8eeccd04797
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240228/b13dfda7/attachment.htm>

More information about the debian-security-tracker-commits mailing list