[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 29 08:11:17 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd70652f by Salvatore Bonaccorso at 2024-03-29T09:10:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103,7 +103,7 @@ CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki extension for requesting & cr
CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity hashes ...)
TODO: check
CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server. SRS's `/api/ ...)
- TODO: check
+ NOT-FOR-US: SRS video server
CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The permiss ...)
NOT-FOR-US: Kimai
CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to execute ar ...)
@@ -295,29 +295,29 @@ CVE-2024-29100 (Unrestricted Upload of File with Dangerous Type vulnerability in
CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS Command vuln ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28014 (Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28013 (Use of Insufficiently Random Values vulnerability in NEC Corporation A ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28012 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28011 (Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28010 (Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28009 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28008 (Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG190 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28007 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri Page Build ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega Menu.This iss ...)
@@ -337,7 +337,7 @@ CVE-2024-25599 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to cra ...)
TODO: check
CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability in Sera ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object ...)
@@ -474,9 +474,9 @@ CVE-2024-29891 (ZITADEL users can upload their own avatar image and various imag
CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume companies. Wh ...)
NOT-FOR-US: Saleor
CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and Dart eco ...)
- TODO: check
+ NOT-FOR-US: Serverpod
CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and Dart eco ...)
- TODO: check
+ NOT-FOR-US: Serverpod
CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -590,7 +590,7 @@ CVE-2024-28233 (JupyterHub is an open source multi-user server for Jupyter noteb
CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is ...)
NOT-FOR-US: IBM
CVE-2024-27091 (GeoNode is a geospatial content management system, a platform for the ...)
- TODO: check
+ NOT-FOR-US: GeoNode
CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access control vulne ...)
NOT-FOR-US: Dell
CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video ...)
@@ -638,7 +638,7 @@ CVE-2024-20265 (A vulnerability in the boot process of Cisco Access Point (AP) S
CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE Software ...)
NOT-FOR-US: Cisco
CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's CI, but ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122 ZENworks Confi ...)
NOT-FOR-US: OpenText
CVE-2023-6173 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -767,7 +767,7 @@ CVE-2024-2210 (The The Plus Addons for Elementor plugin for WordPress is vulnera
CVE-2024-2209 (A user with administrative privileges can create a compromised dll fil ...)
NOT-FOR-US: HP
CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls including poten ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is vulnerable to ...)
@@ -831,7 +831,7 @@ CVE-2024-28551 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in th
CVE-2024-28545 (Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in ...)
NOT-FOR-US: Tenda
CVE-2024-28335 (Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell ...)
- TODO: check
+ NOT-FOR-US: Lektor CMS
CVE-2024-27521 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an u ...)
NOT-FOR-US: TOTOLINK
CVE-2024-27188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -1095,7 +1095,7 @@ CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference ca
CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly PopupAlly.This issue ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23482 (The ZScaler service is susceptible to a local privilege escalation vul ...)
- TODO: check
+ NOT-FOR-US: ZScaler
CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could be exploi ...)
NOT-FOR-US: HPE
CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...)
@@ -1265,7 +1265,7 @@ CVE-2024-29179 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and
CVE-2024-29041 (Express.js minimalist web framework for node. Versions of Express.js p ...)
TODO: check
CVE-2024-28421 (SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to ...)
- TODO: check
+ NOT-FOR-US: Cobub Razor
CVE-2024-21914 (A vulnerability exists in the affected product that allows a malicious ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-1973 (By leveraging the vulnerability, lower-privileged users of Content Man ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd70652fa164754196313446ad2970671d682234
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd70652fa164754196313446ad2970671d682234
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240329/f79c4b27/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list