[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 1 16:17:07 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0d182553 by Salvatore Bonaccorso at 2024-06-01T17:16:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,9 +39,9 @@ CVE-2024-34002 (In a shared hosting environment that has been misconfigured to a
CVE-2024-34001 (Actions in the admin preset tool did not include the necessary token t ...)
- moodle <removed>
CVE-2024-2933 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2506 (The Popup Builder \u2013 Create highly converting, mobile friendly mar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2295 (The Contact Form Manager plugin for WordPress is vulnerable to Stored ...)
TODO: check
CVE-2024-1324 (The QQWorld Auto Save Images plugin for WordPress is vulnerable to una ...)
@@ -84,7 +84,7 @@ CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation te
CVE-2024-36108 (casgate is an Open Source Identity and Access Management system. In af ...)
TODO: check
CVE-2024-35196 (Sentry is a developer-first error tracking and performance monitoring ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...)
NOT-FOR-US: IBM
CVE-2024-35140 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a ...)
@@ -108,29 +108,29 @@ CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-
CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote ...)
TODO: check
CVE-2024-29848 (An unrestricted file upload vulnerability in web component of Ivanti A ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29830 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29829 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29828 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29827 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29826 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29825 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29824 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29823 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a local attack ...)
- TODO: check
+ NOT-FOR-US: Debezium Community debezium-ui
CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is vulnera ...)
TODO: check
CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess, all versio ...)
@@ -186,9 +186,9 @@ CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and Unifie
CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building website ...)
TODO: check
CVE-2024-32850 (Improper neutralization of special elements used in a command ('Comman ...)
- TODO: check
+ NOT-FOR-US: SkyBridge
CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifier Cast ...)
TODO: check
CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...)
@@ -269,9 +269,9 @@ CVE-2024-3584 (qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal d
CVE-2024-3583 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3301 (An unsafe .NET object deserialization vulnerability in DELMIA Apriso R ...)
- TODO: check
+ NOT-FOR-US: DELMIA Apriso
CVE-2024-3300 (An unsafe .NET object deserialization vulnerability in DELMIA Apriso R ...)
- TODO: check
+ NOT-FOR-US: DELMIA Apriso
CVE-2024-36118 (MeterSphere is a test management and interface testing tool. In affect ...)
NOT-FOR-US: MeterSphere
CVE-2024-35504 (A cross-site scripting (XSS) vulnerability in the login page of FineSo ...)
@@ -317,17 +317,17 @@ CVE-2024-35349 (A vulnerability has been discovered in Di\xf1o Physics School As
CVE-2024-35345 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...)
NOT-FOR-US: Dino Physics School Assistant
CVE-2024-35228 (Wagtail is an open source content management system built on Django. D ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2024-35189 (Fides is an open-source privacy engineering platform. The Fides webser ...)
- TODO: check
+ NOT-FOR-US: Fides
CVE-2024-34171 (Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer o ...)
- TODO: check
+ NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2024-32877 (Yii 2 is a PHP application framework. During internal penetration test ...)
TODO: check
CVE-2024-32029
REJECTED
CVE-2024-2657 (The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2422 (LenelS2 NetBox access control and event monitoring system was discover ...)
TODO: check
CVE-2024-2421 (LenelS2 NetBox access control and event monitoring system was discover ...)
@@ -769,7 +769,7 @@ CVE-2024-36267 (Path traversal vulnerability exists in Redmine DMSF Plugin versi
CVE-2024-36114 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...)
TODO: check
CVE-2024-35221 (Rubygems.org is the Ruby community's gem hosting service. A Gem publis ...)
- TODO: check
+ NOT-FOR-US: Rubygems.org gem hosting service
CVE-2024-2253 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5185 (The EmbedAI application is susceptible to security issues that enable ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d182553e2b13640d44ba0e25d45aed507b9a1c9
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d182553e2b13640d44ba0e25d45aed507b9a1c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240601/da0561c5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list