[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 25 20:55:06 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f3b9ece by Salvatore Bonaccorso at 2024-03-25T21:54:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,29 +25,29 @@ CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code is evaluated as part o
NOTE: https://list.orgmode.org/87o7b3eczr.fsf@bzg.fr/T/#t
NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9
CVE-2024-2865 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Mergen Software Quality Management System
CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...)
- TODO: check
+ NOT-FOR-US: Vehicle Monitoring platform system CMSV6
CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...)
TODO: check
CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...)
- TODO: check
+ NOT-FOR-US: Lepton CMS
CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...)
TODO: check
CVE-2024-28850 (WP Crontrol controls the cron events on WordPress websites. WP Crontr ...)
- TODO: check
+ NOT-FOR-US: WP Crontrol
CVE-2024-28435 (The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file u ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2024-28434 (The CRM platform Twenty is vulnerable to stored cross site scripting v ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2024-28393 (SQL injection vulnerability in scalapay v.1.2.41 and before allows a r ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28387 (An issue in axonaut v.3.1.23 and before allows a remote attacker to ob ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remo ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the web. Code ...)
TODO: check
CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX ...)
@@ -59,27 +59,27 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web.
CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...)
TODO: check
CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28106 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28105 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-27300 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-27299 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-25964 (Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-25175 (An issue in Kickdler before v1.107.0 allows attackers to provide an XS ...)
- TODO: check
+ NOT-FOR-US: Kickdler
CVE-2024-25002 (Command Injection in the diagnostics interface of the Bosch Network Sy ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2023-48296 (OroPlatform is a PHP Business Application Platform (BAP). Navigation ...)
- TODO: check
+ NOT-FOR-US: OroPlatform
CVE-2023-45824 (OroPlatform is a PHP Business Application Platform (BAP). A logged in ...)
- TODO: check
+ NOT-FOR-US: OroPlatform
CVE-2021-47180 (In the Linux kernel, the following vulnerability has been resolved: N ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
@@ -330,9 +330,9 @@ CVE-2023-37886 (Missing Authorization vulnerability in InspiryThemes RealHomes.T
CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...)
NOT-FOR-US: WordPress theme
CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News, HashThem ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has been classi ...)
- TODO: check
+ NOT-FOR-US: AwesomestCode LiveBot
CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and ...)
NOT-FOR-US: cyberaz0r WebRAT
CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc]
@@ -66013,7 +66013,7 @@ CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDe
CVE-2023-27609
RESERVED
CVE-2023-27608 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27607 (Missing Authorization vulnerability in WP Swings Points and Rewards fo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...)
@@ -73550,7 +73550,7 @@ CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ct
CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25039 (Missing Authorization vulnerability in CodePeople Google Maps CP.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25037
@@ -80969,7 +80969,7 @@ CVE-2023-22701
CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...)
NOT-FOR-US: PixelYourSite
CVE-2023-22699 (Missing Authorization vulnerability in MainWP MainWP Wordfence Extensi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22697
@@ -91064,7 +91064,7 @@ CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8 fir
CVE-2022-45852
RESERVED
CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis Dashboard f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45850
RESERVED
CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
@@ -92715,7 +92715,7 @@ CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnera
CVE-2022-45357 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45356 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45354 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -92723,13 +92723,13 @@ CVE-2022-45354 (Exposure of Sensitive Information to an Unauthorized Actor vulne
CVE-2022-45353 (Broken Access Control inBetheme theme <= 26.6.1 on WordPress.)
NOT-FOR-US: WordPress theme
CVE-2022-45352 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45351 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45350 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45349 (Missing Authorization vulnerability in Muffingroup Betheme.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45348 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as databas ...)
@@ -95739,7 +95739,7 @@ CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44626 (Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44625 (Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password parameters coul ...)
@@ -106082,7 +106082,7 @@ CVE-2022-38141 (Missing Authorization vulnerability in Zorem Sales Report Email
CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38057 (Missing Authorization vulnerability in ThemeHunk Advance WordPress Sea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38055
RESERVED
CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Li ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3b9ecebe7e7eab3e6f6cb589ad2b18107c6dcf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3b9ecebe7e7eab3e6f6cb589ad2b18107c6dcf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240325/699d634c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list