[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 8 20:53:17 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
758770c3 by Salvatore Bonaccorso at 2024-01-08T21:52:56+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,103 +23,103 @@ CVE-2024-0321 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior
NOTE: https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/
NOTE: https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a
CVE-2024-0308 (A vulnerability was found in Inis up to 2.0.1. It has been rated as cr ...)
- TODO: check
+ NOT-FOR-US: Inis
CVE-2024-0307 (A vulnerability was found in Kashipara Dynamic Lab Management System u ...)
- TODO: check
+ NOT-FOR-US: Kashipara Dynamic Lab Management System
CVE-2024-0306 (A vulnerability was found in Kashipara Dynamic Lab Management System u ...)
- TODO: check
+ NOT-FOR-US: Kashipara Dynamic Lab Management System
CVE-2024-0305 (A vulnerability was found in Guangzhou Yingke Electronic Technology Nc ...)
- TODO: check
+ NOT-FOR-US: Guangzhou Yingke Electronic Technology Ncast
CVE-2023-7224 (OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users ...)
- TODO: check
+ NOT-FOR-US: OpenVPN Connect
CVE-2023-6921 (Blind SQL Injection vulnerability in PrestaShow Google Integrator (Pre ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-6845 (The CommentTweets WordPress plugin through 0.6 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6750 (The Clone WordPress plugin before 2.4.3 uses buffer files to store in- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6631 (PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnera ...)
- TODO: check
+ NOT-FOR-US: PowerSYSTEM Center
CVE-2023-6627 (The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6555 (The Email Subscription Popup WordPress plugin before 1.2.20 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6552 (Lack of "current" GET parameter validation during the action of changi ...)
TODO: check
CVE-2023-6532 (The WP Blogs' Planetarium WordPress plugin through 1.0 does not have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6529 (The WP VR WordPress plugin before 8.3.15 does not authorisation and CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6528 (The Slider Revolution WordPress plugin before 6.6.19 does not prevent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6505 (The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6383 (The Debug Log Manager WordPress plugin before 2.3.0 contains a Directo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6161 (The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6141 (The Essential Real Estate WordPress plugin before 4.4.0 does not apply ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6140 (The Essential Real Estate WordPress plugin before 4.4.0 does not preve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6139 (The Essential Real Estate WordPress plugin before 4.4.0 does not apply ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6042 (Any unauthenticated user may send e-mail from the site with any title ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5957 (The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5911 (The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin throu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5235 (The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5091 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allo ...)
TODO: check
CVE-2023-52271 (The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-pr ...)
TODO: check
CVE-2023-52225 (Deserialization of Untrusted Data vulnerability in Tagbox Tagbox \u201 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52222 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooComme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52219 (Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52218 (Deserialization of Untrusted Data vulnerability in Anton Bond Woocomme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52216 (Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52215 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52213 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52208 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52207 (Deserialization of Untrusted Data vulnerability in SVNLabs Softwares H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52206 (Deserialization of Untrusted Data vulnerability in Live Composer Team ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52205 (Deserialization of Untrusted Data vulnerability in SVNLabs Softwares H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52204 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52203 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52201 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52200 (Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-52190 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51701 (fastify-reply-from is a Fastify plugin to forward the current HTTP req ...)
TODO: check
CVE-2023-51508 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51246 (A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exi ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2023-50982 (Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executab ...)
TODO: check
CVE-2023-47890 (pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.)
TODO: check
CVE-2023-47211 (A directory traversal vulnerability exists in the uploadMib functional ...)
- TODO: check
+ NOT-FOR-US: ManageEngine OpManager
CVE-2023-41710 (User-defined script code could be stored for a upsell related shop URL ...)
TODO: check
CVE-2023-39444 (Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing ...)
@@ -327,7 +327,7 @@ CVE-2024-0288 (A vulnerability classified as critical has been found in Kashipar
CVE-2024-0287 (A vulnerability was found in Kashipara Food Management System 1.0. It ...)
NOT-FOR-US: Kashipara Food Management System
CVE-2023-7215 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Chanzhaoyu chatgpt-web
CVE-2023-50948 (IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credent ...)
NOT-FOR-US: IBM
CVE-2023-47140 (IBM CICS Transaction Gateway 9.3 could allow a user to transfer or vie ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/758770c3f57ba2d5cef9c39449ce3d0f536e9742
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/758770c3f57ba2d5cef9c39449ce3d0f536e9742
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240108/1fbb32cc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list