[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 21 20:28:20 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11611325 by Salvatore Bonaccorso at 2024-03-21T21:27:47+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,53 +1,53 @@
CVE-2024-2742 (Operating system command injection vulnerability in Planet IGS-4215-16 ...)
- TODO: check
+ NOT-FOR-US: Planet IGS-4215-16T2S
CVE-2024-2741 (Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T ...)
- TODO: check
+ NOT-FOR-US: Planet IGS-4215-16T2S
CVE-2024-2740 (Information exposure vulnerability in Planet IGS-4215-16T2S, affecting ...)
- TODO: check
+ NOT-FOR-US: Planet IGS-4215-16T2S
CVE-2024-2580 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2579 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2494 (A flaw was found in the RPC library APIs of libvirt. The RPC server de ...)
TODO: check
CVE-2024-2465 (Open redirection vulnerability in CDeX applicationallows to redirect u ...)
- TODO: check
+ NOT-FOR-US: CDeX
CVE-2024-2464 (This issue occurs during password recovery, where a difference in mess ...)
- TODO: check
+ NOT-FOR-US: CDeX
CVE-2024-2463 (Weak password recovery mechanism in CDeX application allows to retriev ...)
- TODO: check
+ NOT-FOR-US: CDeX
CVE-2024-29937 (NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and Free ...)
TODO: check
CVE-2024-29916 (The dormakaba Saflok system before the November 2023 software update a ...)
- TODO: check
+ NOT-FOR-US: dormakaba Saflok system
CVE-2024-29880 (In JetBrains TeamCity before 2023.11 users with access to the agent ma ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2024-29879 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29878 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29877 (Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through / ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29876 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/in ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29875 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29874 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29873 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29872 (SQL injection vulnerability in Sentrifugo 3.2, through/sentrifugo/inde ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29871 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29870 (SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/ind ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2024-29866 (Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Inco ...)
- TODO: check
+ NOT-FOR-US: Datalust Seq
CVE-2024-29732 (A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewe ...)
- TODO: check
+ NOT-FOR-US: SCAN_VISIO eDocument Suite Web Viewer of Abast
CVE-2024-29374 (A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3. ...)
TODO: check
CVE-2024-29244 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discover ...)
@@ -57,77 +57,77 @@ CVE-2024-29243 (Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was di
CVE-2024-29180 (Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware ...)
TODO: check
CVE-2024-29019 (ESPHome is a system to control microcontrollers remotely through Home ...)
- TODO: check
+ NOT-FOR-US: ESPHome
CVE-2024-28402 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-27995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27994 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27993 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27992 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27991 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27990 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27985 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27970 (Missing Authorization vulnerability in BogdanFix WP SendFox.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27969 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27968 (Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27967 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27966 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27965 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27964 (Unrestricted Upload of File with Dangerous Type vulnerability in Gesun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27963 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27962 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27956 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27683 (D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buff ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-27277 (The private key for the IBM Storage Protect Plus Server 10.1.0 through ...)
NOT-FOR-US: IBM
CVE-2024-27190 (Missing Authorization vulnerability in Jean-David Daviet Download Medi ...)
- TODO: check
+ NOT-FOR-US: Jean-David Daviet Download Media
CVE-2024-25935 (Missing Authorization vulnerability in Metagauss RegistrationMagic.Thi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25922 (Missing Authorization vulnerability in Peach Payments Peach Payments G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25912 (Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25908 (Missing Authorization vulnerability in JoomUnited WP Media folder.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25907 (Missing Authorization vulnerability in JoomUnited WP Media folder.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24883 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24850 (Missing Authorization vulnerability in Mark Stockton Quicksand Post Fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1727 (To prevent malicious 3rd party websites from making requests to Gradio ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2023-51672 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...)
- TODO: check
+ NOT-FOR-US: FunnelKit
CVE-2023-51142 (An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioTime
CVE-2023-51141 (An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker ...)
- TODO: check
+ NOT-FOR-US: ZKTeco BioTime
CVE-2023-49837 (Uncontrolled Resource Consumption vulnerability in David Artiss Code E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47715 (IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an ...)
NOT-FOR-US: IBM
CVE-2024-26643 (In the Linux kernel, the following vulnerability has been resolved: n ...)
@@ -239,11 +239,11 @@ CVE-2024-1148 (Weak access control in OpenText PVCS Version Manager allows poten
CVE-2024-1147 (Weak access control in OpenText PVCS Version Manager allows potential ...)
NOT-FOR-US: OpenText
CVE-2023-48903 (Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpre ...)
- TODO: check
+ NOT-FOR-US: tramyardg autoexpress
CVE-2023-48902 (An issue was discovered in tramyardg autoexpress version 1.3.0, allows ...)
- TODO: check
+ NOT-FOR-US: tramyardg autoexpress
CVE-2023-48901 (A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, ...)
- TODO: check
+ NOT-FOR-US: tramyardg autoexpress
CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...)
@@ -65289,7 +65289,7 @@ CVE-2023-27609
CVE-2023-27608
RESERVED
CVE-2023-27607 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -83494,7 +83494,7 @@ CVE-2022-47606 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47604 (Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -94995,7 +94995,7 @@ CVE-2022-44635 (Apache Fineract allowed an authenticated user to perform remote
CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W \u2013 Import ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44633 (Missing Authorization vulnerability in YITH YITH WooCommerce Gift Card ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deni ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1ap ...)
@@ -95254,7 +95254,7 @@ CVE-2022-44597
CVE-2022-44596
RESERVED
CVE-2022-44595 (Improper Authentication vulnerability in Melapress WP 2FA allows Authe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44593
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/116113250b1374f0bb3a338702b0844b8ba8b218
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/116113250b1374f0bb3a338702b0844b8ba8b218
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240321/5e66ed20/attachment.htm>
More information about the debian-security-tracker-commits
mailing list