[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 14 08:44:29 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
347e85f0 by Salvatore Bonaccorso at 2024-03-14T09:44:00+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,81 +1,81 @@
CVE-2024-2242 (The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2079 (The WPBakery Page Builder Addons by Livemesh plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28662 (A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 sc ...)
- piwigo <removed>
CVE-2024-28391 (SQL injection vulnerability in FME Modules quickproducttable module fo ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28390 (An issue in Advanced Plugins ultimateimagetool module for PrestaShop b ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28388 (SQL injection vulnerability in SunnyToo stproductcomments module for P ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28251 (Querybook is a Big Data Querying UI, combining collocated table metada ...)
- TODO: check
+ NOT-FOR-US: Querybook
CVE-2024-28193 (your_spotify is an open source, self hosted Spotify tracking dashboard ...)
- TODO: check
+ NOT-FOR-US: your_spotify
CVE-2024-28192 (your_spotify is an open source, self hosted Spotify tracking dashboard ...)
- TODO: check
+ NOT-FOR-US: your_spotify
CVE-2024-28175 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-27703 (Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2024-27102 (Wings is the server control plane for Pterodactyl Panel. This vulnerab ...)
TODO: check
CVE-2024-27097 (A user endpoint didn't perform filtering on an incoming parameter, whi ...)
TODO: check
CVE-2024-25653 (Broken Access Control in the Report functionality of Delinea PAM Secre ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25652 (In Delinea PAM Secret Server 11.4, it is possible for a user (with acc ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25651 (User enumeration can occur in the Authentication REST API in Delinea P ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25650 (Insecure key exchange between Delinea PAM Secret Server 11.4 and the D ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25649 (In Delinea PAM Secret Server 11.4, it is possible for an attacker (wit ...)
- TODO: check
+ NOT-FOR-US: Delinea PAM Secret Server
CVE-2024-25250 (SQL Injection vulnerability in code-projects Agro-School Management Sy ...)
- TODO: check
+ NOT-FOR-US: code-projects Agro-School Management System
CVE-2024-25228 (Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authentic ...)
- TODO: check
+ NOT-FOR-US: Vinchin Backup and Recovery
CVE-2024-24105 (SQL Injection vulnerability in Code-projects Computer Science Time Tab ...)
- TODO: check
+ NOT-FOR-US: Code-projects Computer Science Time Table System
CVE-2024-22398 (An improper Limitation of a Pathname to a Restricted Directory (Path T ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-22397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-22396 (An Integer-based buffer overflow vulnerability in the SonicOS via IPSe ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2024-22167 (A potential DLL hijacking vulnerability in the SanDisk PrivateAccess a ...)
- TODO: check
+ NOT-FOR-US: WesternDigital
CVE-2024-1884 (This is a Server-Side Request Forgery (SSRF) vulnerability in the Pape ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1883 (This is a reflected cross site scripting vulnerability in the PaperCut ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1882 (This vulnerability allows an already authenticated admin user to creat ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1654 (This vulnerability potentially allows unauthorized write operations wh ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1223 (This vulnerability potentially allows unauthorized enumeration of info ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1222 (This allows attackers to use a maliciously formed API request to gain ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2024-1221 (This vulnerability potentially allows files on a PaperCut NG/MF server ...)
- TODO: check
+ NOT-FOR-US: Papercut
CVE-2023-50726 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2023-41505 (An arbitrary file upload vulnerability in the Add Student's Profile Pi ...)
- TODO: check
+ NOT-FOR-US: Student Enrollment In PHP
CVE-2023-41504 (SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows at ...)
- TODO: check
+ NOT-FOR-US: Student Enrollment In PHP
CVE-2023-38536 (HTML injection inOpenText\u2122Exceed Turbo X affecting version 12.5.1 ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2023-38535 (Use of Hard-coded Cryptographic Key vulnerability inOpenText\u2122Exce ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2023-38534 (Improper authentication vulnerability inOpenText\u2122Exceed Turbo X a ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2023-36238 (Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an a ...)
- TODO: check
+ NOT-FOR-US: Bagisto
CVE-2024-2433 (An improper authorization vulnerability in Palo Alto Networks Panorama ...)
NOT-FOR-US: Palo Alto Networks
CVE-2024-2432 (A privilege escalation (PE) vulnerability in the Palo Alto Networks Gl ...)
@@ -396,11 +396,11 @@ CVE-2024-0828 (The Play.ht \u2013 Make Your Blog Posts Accessible With Text to S
CVE-2024-0827 (The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0801 (A denial of service vulnerability exists in Arcserve Unified Data Prot ...)
- TODO: check
+ NOT-FOR-US: Arcserve Unified Data Protection
CVE-2024-0800 (A path traversal vulnerability exists in Arcserve Unified Data Protect ...)
- TODO: check
+ NOT-FOR-US: Arcserve Unified Data Protection
CVE-2024-0799 (An authentication bypass vulnerability exists in Arcserve Unified Data ...)
- TODO: check
+ NOT-FOR-US: Arcserve Unified Data Protection
CVE-2024-0700 (The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0687 (The Restrict User Access \u2013 Ultimate Membership & Content Protecti ...)
@@ -283823,7 +283823,7 @@ CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 9.0
CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG P ...)
NOT-FOR-US: LG PC Suite
CVE-2020-11862 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenText NetIQ Privileged Account Manager
CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...)
NOT-FOR-US: Micro Focus
CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/347e85f0ca9108e7d3fc694a137ee4c8904a465a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/347e85f0ca9108e7d3fc694a137ee4c8904a465a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240314/daf26359/attachment.htm>
More information about the debian-security-tracker-commits
mailing list