[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 26 20:55:15 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80f0fbcd by Salvatore Bonaccorso at 2024-03-26T21:54:29+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
 CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page Generat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team WholesaleX.This  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability in WebTo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 a ...)
 	TODO: check
 CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena Simulat ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions Server ...)
-	TODO: check
+	NOT-FOR-US: Devolutions Server
 CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions Server 202 ...)
-	TODO: check
+	NOT-FOR-US: Devolutions Server
 CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio Player.This issue ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calli ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2900 (A vulnerability, which was classified as critical, was found in Tenda  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2899 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7 15.03.06 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda AC7 15. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been declar ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and classified as c ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and classified ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2891 (A vulnerability, which was classified as critical, was found in Tenda  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-2802
 	REJECTED
 CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control   ...)
@@ -59,17 +59,17 @@ CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting & cr
 CVE-2024-29881 (TinyMCE is an open source rich text editor.  A cross-site scripting (X ...)
 	TODO: check
 CVE-2024-29833 (The image upload component allows SVG files and the regular expression ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox action of ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg action o ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg action o ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg action of ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before al ...)
 	TODO: check
 CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which  ...)
@@ -77,39 +77,39 @@ CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration,
 CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site scripting (XSS ...)
 	TODO: check
 CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management Platform. Any c ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2024-28442 (Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows ...)
-	TODO: check
+	NOT-FOR-US: Yealink
 CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file search p ...)
-	TODO: check
+	NOT-FOR-US: EasyRange
 CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00.  ...)
-	TODO: check
+	NOT-FOR-US: 0ch BBS Script
 CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is en ...)
-	TODO: check
+	NOT-FOR-US: AdTran NetVanta devices
 CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11, which ma ...)
-	TODO: check
+	NOT-FOR-US: ffBull
 CVE-2024-28034 (Cross-site scripting vulnerability exists in Mini Thread Version 3.33\ ...)
-	TODO: check
+	NOT-FOR-US: Mini Thread Version
 CVE-2024-28033 (OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, ...)
-	TODO: check
+	NOT-FOR-US: WebProxy
 CVE-2024-26018 (Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitra ...)
-	TODO: check
+	NOT-FOR-US: TvRock
 CVE-2024-25958 (Dell Grab for Windows, versions up to and including 5.0.4, contain Wea ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-25957 (Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-25956 (Dell Grab for Windows, versions 5.0.4 and below, contains an improper  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-24805 (Missing Authorization vulnerability in Deepak anand WP Dummy Content G ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24799 (Missing Authorization vulnerability in WooCommerce WooCommerce Box Off ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24719 (Missing Authorization vulnerability in Uriahs Victor Location Picker a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24718 (Missing Authorization vulnerability in PropertyHive.This issue affects ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24711 (Missing Authorization vulnerability in weDevs WooCommerce Conversion T ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be c ...)
 	TODO: check
 CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This issue ...)
@@ -117,45 +117,45 @@ CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This
 CVE-2024-23482 (The ZScaler service is susceptible to a local privilege escalation vul ...)
 	TODO: check
 CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could be exploi ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-22156 (Missing Authorization vulnerability in SNP Digital SalesKing.This issu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-21920 (A memory buffer vulnerability in Rockwell Automation Arena Simulation  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-21919 (An uninitialized pointer in Rockwell Automation Arena Simulation softw ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-21918 (A memory buffer vulnerability in Rockwell Automation Arena Simulation  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-21913 (A heap-based memory buffer overflow vulnerability in Rockwell Automati ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell Automation Arena ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote C ...)
 	TODO: check
 CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the XML pa ...)
-	TODO: check
+	NOT-FOR-US: LangChain
 CVE-2024-1313 (It is possible for a user in a different organization from the owner o ...)
 	TODO: check
 CVE-2023-7251 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6091 (Unrestricted Upload of File with Dangerous Type vulnerability in mndps ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-52214 (Missing Authorization vulnerability in voidCoders Void Contact Form 7  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50895 (In Janitza GridVis through 9.0.66, exposed dangerous methods in the de ...)
-	TODO: check
+	NOT-FOR-US: Janitza GridVis
 CVE-2023-50894 (In Janitza GridVis through 9.0.66, use of hard-coded credentials in th ...)
-	TODO: check
+	NOT-FOR-US: Janitza GridVis
 CVE-2023-49838 (Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya the ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-47150 (IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-45771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-44989 (Insertion of Sensitive Information into Log File vulnerability in GShe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41973 (ZSATray passes the previousInstallerName as a config parameter to Tray ...)
 	TODO: check
 CVE-2023-41972 (In some rare cases, there is a password type validation missing in Rev ...)
@@ -165,11 +165,11 @@ CVE-2023-41969 (An arbitrary file deletion in ZSATrayManager where it protects t
 CVE-2023-41696
 	REJECTED
 CVE-2023-33855 (Under certain conditions, RSA operations performed by IBM Common Crypt ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-33322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-2887
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -66300,7 +66300,7 @@ CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily
 CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27630 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -66884,7 +66884,7 @@ CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugin
 CVE-2023-27460
 	RESERVED
 CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest User Regi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains A ...)
@@ -66922,7 +66922,7 @@ CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of s
 CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27440 (Unrestricted Upload of File with Dangerous Type vulnerability in OnThe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP  ...)
@@ -70882,7 +70882,7 @@ CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Commun
 CVE-2023-25966
 	RESERVED
 CVE-2023-25965 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...)
@@ -76970,7 +76970,7 @@ CVE-2023-23993 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.C
 CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23990
 	RESERVED
 CVE-2023-23989
@@ -78011,7 +78011,7 @@ CVE-2023-23658
 CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23656 (Unrestricted Upload of File with Dangerous Type vulnerability in MainW ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23655
 	RESERVED
 CVE-2023-23654 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spar ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f0fbcd592da26a28861ea7a68ed5c37d0aa3ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f0fbcd592da26a28861ea7a68ed5c37d0aa3ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240326/2a8602dc/attachment.htm>

More information about the debian-security-tracker-commits mailing list