[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 17 20:58:06 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
efc55e54 by Salvatore Bonaccorso at 2024-01-17T21:57:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2024-22715 (Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: Stupid Simple CMS
CVE-2024-22714 (Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Stupid Simple CMS
CVE-2024-20287 (A vulnerability in the web-based management interface of the Cisco WAP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20277 (A vulnerability in the web-based management interface of Cisco Thousan ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20272 (A vulnerability in the web-based management interface of Cisco Unity C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20270 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20251 (A vulnerability in the web-based management interface of Cisco Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-0647 (A vulnerability, which was classified as problematic, was found in Spa ...)
- TODO: check
+ NOT-FOR-US: Sparksuite SimpleMDE
CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux kernel\u2019 ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.69-1
@@ -22,9 +22,9 @@ CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux kernel\
CVE-2024-0645 (Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.53 ...)
TODO: check
CVE-2024-0643 (Unrestricted upload of dangerous file types in the C21 Live Encoder an ...)
- TODO: check
+ NOT-FOR-US: C21 Live encoder and Live Mosaic
CVE-2024-0642 (Inadequate access control in the C21 Live Encoder and Live Mosaic prod ...)
- TODO: check
+ NOT-FOR-US: C21 Live encoder and Live Mosaic
CVE-2024-0641 (A denial of service vulnerability was found in tipc_crypto_key_revoke ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
@@ -38,21 +38,21 @@ CVE-2024-0639 (A denial of service vulnerability due to a deadlock was found in
[buster] - linux 4.19.304-1
NOTE: https://git.kernel.org/linus/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a (6.5-rc1)
CVE-2024-0396 (In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.1 ...)
- TODO: check
+ NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-7031 (Insecure Direct Object Reference vulnerabilities were discovered in th ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2023-5041 (The Track The Click WordPress plugin before 0.3.12 does not properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5006 (The WP Discord Invite WordPress plugin before 2.5.1 does not protect s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50950 (IBM QRadar SIEM 7.5 could disclose sensitive email information in resp ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-44077 (Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles s ...)
- TODO: check
+ NOT-FOR-US: Studio Network Solutions ShareBrowser
CVE-2023-34379 (Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4434 (The Social Warfare plugin for WordPress is vulnerable to Remote Code E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-20968
- mysql-8.0 8.0.35-1
CVE-2024-20984
@@ -61128,7 +61128,7 @@ CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simp ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23896 (Missing Authorization vulnerability in MyThemeShop URL Shortener by My ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23895
RESERVED
CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -61156,7 +61156,7 @@ CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin David ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23882 (Missing Authorization vulnerability in Brainstorm Force Ultimate Addon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -82889,7 +82889,7 @@ CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software c
CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2023-20271 (A vulnerability in the web-based management interface of Cisco Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20270 (A vulnerability in the interaction between the Server Message Block (S ...)
NOT-FOR-US: Cisco
CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
@@ -82911,13 +82911,13 @@ CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN Mana
CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could a ...)
NOT-FOR-US: Cisco
CVE-2023-20260 (A vulnerability in the application CLI of Cisco Prime Infrastructure a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...)
NOT-FOR-US: Cisco
CVE-2023-20258 (A vulnerability in the web-based management interface of Cisco Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20257 (A vulnerability in the web-based management interface of Cisco Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...)
NOT-FOR-US: Cisco
CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco Meeting S ...)
@@ -84765,7 +84765,7 @@ CVE-2022-43436 (The File Upload function of EasyTest has insufficient filtering
CVE-2022-42888 (Unauth. Privilege Escalation vulnerability inARMember premium plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42884 (Missing Authorization vulnerability in ThemeinProgress WIP Custom Logi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
@@ -84799,7 +84799,7 @@ CVE-2022-41995
CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format parsin ...)
NOT-FOR-US: PowerISO
CVE-2022-41990 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Ta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...)
@@ -84817,11 +84817,11 @@ CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for W
CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41790 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soleda ...)
NOT-FOR-US: WordPress theme
CVE-2022-41786 (Missing Authorization vulnerability in WP Job Portal WP Job Portal \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin < ...)
@@ -84829,7 +84829,7 @@ CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite pl
CVE-2022-41698
RESERVED
CVE-2022-41695 (Missing Authorization vulnerability in SedLex Traffic Manager.This iss ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt P\ ...)
@@ -84837,7 +84837,7 @@ CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Vi
CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41619 (Missing Authorization vulnerability in SedLex Image Zoom.This issue af ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affil ...)
@@ -90222,7 +90222,7 @@ CVE-2022-40975
CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...)
NOT-FOR-US: Buffalo
CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40700
RESERVED
CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr \u2013 ...)
@@ -90240,7 +90240,7 @@ CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Bett
CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inXylus The ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40203 (Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pric ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= ...)
@@ -90254,7 +90254,7 @@ CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability inCRM Perks F
CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38141 (Missing Authorization vulnerability in Zorem Sales Report Email for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38057
@@ -90262,7 +90262,7 @@ CVE-2022-38057
CVE-2022-38055
RESERVED
CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability inOceanwp sticky heade ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc55e54b145f4dc85069b92ec1a146283ee30b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc55e54b145f4dc85069b92ec1a146283ee30b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240117/4d9150a2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list