[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 4 19:37:36 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
398982e4 by Salvatore Bonaccorso at 2024-06-04T20:36:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2024-4274 (The Essential Real Estate plugin for WordPress is vulnerable to u
CVE-2024-4273 (The Essential Real Estate plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4253 (A command injection vulnerability exists in the gradio-app/gradio repo ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-4180 (The Events Calendar WordPress plugin before 6.4.0.1 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4057 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3. ...)
@@ -231,35 +231,35 @@ CVE-2024-23665 (Multiple improper authorization vulnerabilities [CWE-285] in For
CVE-2024-23664 (A URL redirection to untrusted site ('open redirect') in Fortinet Fort ...)
NOT-FOR-US: FortiGuard
CVE-2024-23363 (Transient DOS while processing an improperly formatted Fine Time Measu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine was allo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21478 (transient DOS when setting up a fence callback to free a KGSL memory e ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-0336 (Improper Access Control vulnerability in EMTA Grup PDKS allows Exploit ...)
- TODO: check
+ NOT-FOR-US: EMTA Grup PDKS
CVE-2023-52162 (Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is ...)
- TODO: check
+ NOT-FOR-US: Mercusys MW325R EU V3
CVE-2023-51219 (A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adve ...)
- TODO: check
+ NOT-FOR-US: KakaoTalk
CVE-2023-43556 (Memory corruption in Hypervisor when platform information mentioned is ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43555 (Information disclosure in Video while parsing mp2 clip with invalid se ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43551 (Cryptographic issue while performing attach with a LTE network, a rogu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43545 (Memory corruption when more scan frequency list or channels are sent f ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43544 (Memory corruption when IPC callback handle is used after it has been r ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43543 (Memory corruption in Audio during a playback or a recording due to rac ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43542 (Memory corruption while copying a keyblob`s material when the key mate ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43538 (Memory corruption in TZ Secure OS while Tunnel Invoke Manager initiali ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43537 (Information disclosure while handling T2LM Action Frame in WLAN Host.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-36104 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Apache OFBiz
CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
@@ -1292,11 +1292,11 @@ CVE-2024-28826 (Improper restriction of local upload and download paths in check
CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. Th ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2024-25977 (The application does not change the session token when using the login ...)
- TODO: check
+ NOT-FOR-US: HAWKI
CVE-2024-25976 (When LDAP authentication is activated in the configuration it is possi ...)
- TODO: check
+ NOT-FOR-US: HAWKI
CVE-2024-25975 (The application implements an up- and downvote function which alters a ...)
- TODO: check
+ NOT-FOR-US: HAWKI
CVE-2023-46297 (An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 ...)
NOT-FOR-US: Mercusys MW325R EU
CVE-2023-42005 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data ...)
@@ -1528,7 +1528,7 @@ CVE-2024-23601 (A code injection vulnerability exists in the scan_lib.bin functi
CVE-2024-23315 (A read-what-where vulnerability exists in the Programming Software Con ...)
NOT-FOR-US: AutomationDirect
CVE-2024-22590 (The TLS engine in Kwik commit 745fd4e2 does not track the current stat ...)
- TODO: check
+ NOT-FOR-US: Kwik
CVE-2024-22187 (A write-what-where vulnerability exists in the Programming Software Co ...)
NOT-FOR-US: AutomationDirect
CVE-2024-22181 (An out-of-bounds write vulnerability exists in the readNODE functional ...)
@@ -88852,11 +88852,11 @@ CVE-2023-28496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-28495 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shor ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28494 (Missing Authorization vulnerability in CodePeople Contact Form Email a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: Wordpress theme
CVE-2023-28492 (Missing Authorization vulnerability in CodePeople CP Multi View Event ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...)
@@ -92460,7 +92460,7 @@ CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All v
CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27460 (Missing Authorization vulnerability in CodePeople, paypaldev CP Contac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest User Regi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...)
@@ -92506,7 +92506,7 @@ CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27437 (Missing Authorization vulnerability in Event Espresso Event Espresso 4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27436 (Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Eleg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui ...)
@@ -94793,11 +94793,11 @@ CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26523 (Missing Authorization vulnerability in CodePeople Calculated Fields Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26522
RESERVED
CVE-2023-26521 (Missing Authorization vulnerability in CodePeople Search in Place allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26520
RESERVED
CVE-2023-26519 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
@@ -101637,7 +101637,7 @@ CVE-2023-24375
CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24373 (External Control of Assumed-Immutable Web Parameter vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the ...)
@@ -103404,13 +103404,13 @@ CVE-2023-23740
CVE-2023-23739
RESERVED
CVE-2023-23738 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23737 (Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Lin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23736
RESERVED
CVE-2023-23735 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...)
@@ -103420,7 +103420,7 @@ CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23730 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23729
RESERVED
CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398982e4d4fc22a59691bc0c00a25b75dfa8c94c
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398982e4d4fc22a59691bc0c00a25b75dfa8c94c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240604/e8e99ceb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list