[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 29 08:57:48 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
330c3813 by Moritz Muehlenhoff at 2024-02-29T09:57:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2024-26559 (An issue in uverif v.2.0 allows a remote attacker to obtain sensitive  ...)
-	TODO: check
+	NOT-FOR-US: uverif
 CVE-2024-26476 (An issue in open-emr before v.7.0.2 allows a remote attacker to escala ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2024-26450 (Cross Site Scripting vulnerability in Piwigo before v.14.2.0 allows a  ...)
 	- piwigo <removed>
 CVE-2024-25869 (An Unrestricted File Upload vulnerability in CodeAstro Membership Mana ...)
@@ -89,35 +89,35 @@ CVE-2024-1468 (The Avada | Website Builder For WordPress & WooCommerce theme for
 CVE-2024-1437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1435 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1341 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0689 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6090 (Unrestricted Upload of File with Dangerous Type vulnerability in Molli ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-5617 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-51802 (Cross Site Scripting (XSS) vulnerability in the Simple Student Attenda ...)
-	TODO: check
+	NOT-FOR-US: Simple Student Attendance System
 CVE-2023-51801 (SQL Injection vulnerability in the Simple Student Attendance System v. ...)
-	TODO: check
+	NOT-FOR-US: Simple Student Attendance System
 CVE-2023-51800 (Cross Site Scripting (XSS) vulnerability in School Fees Management Sys ...)
-	TODO: check
+	NOT-FOR-US: School Fees Management System
 CVE-2023-51696 (Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - An ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51531 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thriv ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51530 (Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Sli ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51529 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega \ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51528 (Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Powe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50437 (An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. ...)
 	NOT-FOR-US: Couchbase Server
 CVE-2023-50436 (An issue was discovered in Couchbase Server before 7.2.4. ns_server ad ...)
@@ -131,13 +131,13 @@ CVE-2023-49930 (An issue was discovered in Couchbase Server before 7.2.4. cURL c
 CVE-2023-49338 (Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authent ...)
 	NOT-FOR-US: Couchbase Server
 CVE-2023-47874 (Missing Authorization vulnerability in Perfmatters.This issue affects  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-45874 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...)
 	NOT-FOR-US: Couchbase Server
 CVE-2023-45873 (An issue was discovered in Couchbase Server through 7.2.2. A data read ...)
 	NOT-FOR-US: Couchbase Server
 CVE-2023-45859 (In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 ...)
-	TODO: check
+	- hazelcast <itp> (bug #745640)
 CVE-2023-43769 (An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 ...)
 	NOT-FOR-US: Couchbase Server
 CVE-2023-38372 (An unauthorized attacker who has obtained an IBM Watson IoT Platform 1 ...)
@@ -339,7 +339,7 @@ CVE-2023-52226 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flam
 CVE-2023-52223 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-52048 (RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: RuoYi
 CVE-2023-52047 (Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forger ...)
 	NOT-FOR-US: Dedecms
 CVE-2023-51692 (Missing Authorization vulnerability in CusRev Customer Reviews for Woo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330c3813fc6a04448dcbb97e6f2c8d755c29099b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330c3813fc6a04448dcbb97e6f2c8d755c29099b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240229/0df386cf/attachment.htm>

More information about the debian-security-tracker-commits mailing list