[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 13 08:28:34 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0091edd0 by Salvatore Bonaccorso at 2024-01-13T09:28:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,103 +4,103 @@ CVE-2024-23301 (Relax-and-Recover (aka ReaR) through 2.7 creates a world-readabl
NOTE: https://github.com/rear/rear/pull/3123
NOTE: https://github.com/rear/rear/commit/89b61793d80bc2cb2abe47a7d0549466fb087d16
CVE-2024-22209 (Open edX Platform is a service-oriented platform for authoring and del ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2024-22206 (Clerk helps developers build user management. Unauthorized access or p ...)
TODO: check
CVE-2024-22142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Cozmoslabs Profile Builder Pro
CVE-2024-22137 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: MailMunch Constant Contact Forms
CVE-2024-21655 (Discourse is a platform for community discussion. For fields that are ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-21654 (Rubygems.org is the Ruby community's gem hosting service. Rubygems.org ...)
- TODO: check
+ NOT-FOR-US: Rubygems.org gem hosting service
CVE-2024-21640 (Chromium Embedded Framework (CEF) is a simple framework for embedding ...)
TODO: check
CVE-2024-21639 (CEF (Chromium Embedded Framework ) is a simple framework for embedding ...)
TODO: check
CVE-2024-0480 (A vulnerability was found in Taokeyun up to 1.0.5. It has been declare ...)
- TODO: check
+ NOT-FOR-US: Taokeyun
CVE-2024-0479 (A vulnerability was found in Taokeyun up to 1.0.5. It has been classif ...)
- TODO: check
+ NOT-FOR-US: Taokeyun
CVE-2024-0478 (A vulnerability was found in code-projects Fighting Cock Information S ...)
- TODO: check
+ NOT-FOR-US: code-projects Fighting Cock Information System
CVE-2024-0477 (A vulnerability has been found in code-projects Fighting Cock Informat ...)
- TODO: check
+ NOT-FOR-US: code-projects Fighting Cock Information System
CVE-2024-0476 (A vulnerability, which was classified as problematic, was found in Blo ...)
- TODO: check
+ NOT-FOR-US: Blood Bank & Donor Management
CVE-2024-0475 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Dormitory Management System
CVE-2024-0474 (A vulnerability classified as critical was found in code-projects Dorm ...)
- TODO: check
+ NOT-FOR-US: code-projects Dormitory Management System
CVE-2024-0473 (A vulnerability classified as critical has been found in code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects Dormitory Management System
CVE-2024-0472 (A vulnerability was found in code-projects Dormitory Management System ...)
- TODO: check
+ NOT-FOR-US: code-projects Dormitory Management System
CVE-2024-0471 (A vulnerability was found in code-projects Human Resource Integrated S ...)
- TODO: check
+ NOT-FOR-US: code-projects Human Resource Integrated System
CVE-2024-0470 (A vulnerability was found in code-projects Human Resource Integrated S ...)
- TODO: check
+ NOT-FOR-US: code-projects Human Resource Integrated System
CVE-2024-0469 (A vulnerability was found in code-projects Human Resource Integrated S ...)
- TODO: check
+ NOT-FOR-US: code-projects Human Resource Integrated System
CVE-2024-0468 (A vulnerability has been found in code-projects Fighting Cock Informat ...)
- TODO: check
+ NOT-FOR-US: code-projects Fighting Cock Information System
CVE-2024-0251 (The Advanced Woo Search plugin for WordPress is vulnerable to Reflecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0230 (A session management issue was addressed with improved checks. This is ...)
- TODO: check
+ NOT-FOR-US: Magic Keyboard Firmware Update
CVE-2023-52289 (An issue was discovered in the flaskcode package through 0.0.8 for Pyt ...)
TODO: check
CVE-2023-52288 (An issue was discovered in the flaskcode package through 0.0.8 for Pyt ...)
TODO: check
CVE-2023-51805 (SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows ...)
- TODO: check
+ NOT-FOR-US: TDuckCLoud tduck-platform
CVE-2023-51804 (An issue in rymcu forest v.0.02 allows a remote attacker to obtain sen ...)
- TODO: check
+ NOT-FOR-US: rymcu forest
CVE-2023-51698 (Atril is a simple multi-page document viewer. Atril is vulnerable to a ...)
TODO: check
CVE-2023-51071 (An access control issue in QStar Archive Solutions Release RELEASE_3-0 ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51070 (An access control issue in QStar Archive Solutions Release RELEASE_3-0 ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51068 (An authenticated reflected cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51067 (An unauthenticated reflected cross-site scripting (XSS) vulnerability ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51066 (An authenticated remote code execution vulnerability in QStar Archive ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51065 (Incorrect access control in QStar Archive Solutions Release RELEASE_3- ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51064 (QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discov ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51063 (QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discov ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51062 (An unauthenticated log file read in the component log-smblog-save of Q ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-50072 (A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM ver ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2023-49801 (Lif Auth Server is a server for validating logins, managing informatio ...)
- TODO: check
+ NOT-FOR-US: Lif Auth Server
CVE-2023-49647 (Improper access control in Zoom Desktop Client for Windows, Zoom VDI C ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-49099 (Discourse is a platform for community discussion. Under very specific ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-49098 (Discourse-reactions is a plugin that allows user to add their reaction ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2023-48297 (Discourse is a platform for community discussion. The message serializ ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-48166 (A directory traversal vulnerability in the SOAP Server integrated in A ...)
- TODO: check
+ NOT-FOR-US: Unify
CVE-2023-46943 (An issue was discovered in NPM's package @evershop/evershop before ver ...)
TODO: check
CVE-2023-46942 (Lack of authentication in NPM's package @evershop/evershop before vers ...)
TODO: check
CVE-2023-42463 (Wazuh is a free and open source platform used for threat prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2023-33472 (An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and bef ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2022-4962 (A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as prob ...)
- TODO: check
+ NOT-FOR-US: Apollo
CVE-2023-50290
- lucene-solr <not-affected> (Vulnerable code not yet present)
CVE-2023-46749
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0091edd03b70f39f9cf65fb8736c3900e84a3753
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0091edd03b70f39f9cf65fb8736c3900e84a3753
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240113/3ce6738d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list