[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 29 21:52:03 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ded99e0f by Salvatore Bonaccorso at 2024-03-29T22:51:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -201,43 +201,43 @@ CVE-2024-30247 (NextcloudPi is a ready to use image for Virtual Machines, Raspbe
CVE-2024-30246 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2024-2970 (The News Wall plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2969 (The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2968 (The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2964 (The Pocket News Generator plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2963 (The Pocket News Generator plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2936 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2848 (The Responsive theme for WordPress is vulnerable to unauthorized modif ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2844 (The Easy Appointments plugin for WordPress is vulnerable to unauthoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2842 (The Easy Appointments plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2841 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2476 (The OceanWP theme for WordPress is vulnerable to unauthorized access o ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2475 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2411 (The MasterStudy LMS plugin for WordPress is vulnerable to Local File I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2409 (The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2280 (The Better Elementor Addons plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2250 (The 130+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2116 (The Christmas Greetings plugin for WordPress is vulnerable to Reflecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2113 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2108 (The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29904 (CodeIgniter is a PHP full-stack web framework A vulnerability was foun ...)
- codeigniter <itp> (bug #471583)
CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authentication an ...)
@@ -245,45 +245,45 @@ CVE-2024-29901 (The AuthKit library for Next.js provides helpers for authenticat
CVE-2024-29900 (Electron Packager bundles Electron-based application source code with ...)
TODO: check
CVE-2024-29893 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-29890 (DataLens is a business intelligence and data visualization system. A s ...)
- TODO: check
+ NOT-FOR-US: DataLens
CVE-2024-29686 (Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1. ...)
- TODO: check
+ NOT-FOR-US: Winter CMS
CVE-2024-29667 (SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 ...)
- TODO: check
+ NOT-FOR-US: Tongtianxing
CVE-2024-29640 (An issue in aliyundrive-webdav v.2.3.3 and before allows a remote atta ...)
TODO: check
CVE-2024-29489 (Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:23 ...)
TODO: check
CVE-2024-29316 (NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-pr ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2024-29202 (JumpServer is an open source bastion host and an operation and mainten ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2024-29201 (JumpServer is an open source bastion host and an operation and mainten ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2024-29024 (JumpServer is an open source bastion host and an operation and mainten ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2024-29020 (JumpServer is an open source bastion host and an operation and mainten ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2024-28960 (An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28. ...)
TODO: check
CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus monitoring syste ...)
TODO: check
CVE-2024-28714 (SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 al ...)
- TODO: check
+ NOT-FOR-US: CRMEB_Java e-commerce system
CVE-2024-28456 (Cross Site Scripting vulnerability in Campcodes Online Marriage Regist ...)
- TODO: check
+ NOT-FOR-US: Campcodes Online Marriage Registration System
CVE-2024-28405 (SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code install ...)
- TODO: check
+ NOT-FOR-US: SEMCMS
CVE-2024-27619 (Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. ...)
- TODO: check
+ NOT-FOR-US: Dlink
CVE-2024-25944 (Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversa ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-24407 (SQL Injection vulnerability in Best Courier management system v.1.0 al ...)
- TODO: check
+ NOT-FOR-US: Best Courier management system
CVE-2024-23727 (The YI Smart Kami Vision com.kamivision.yismart application through 1. ...)
- TODO: check
+ NOT-FOR-US: YI Smart Kami Vision com.kamivision.yismart application
CVE-2024-23539 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Apache Fineract
CVE-2024-23538 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -293,36 +293,36 @@ CVE-2024-23537 (Improper Privilege Management vulnerability in Apache Fineract.T
CVE-2024-23449 (An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs wh ...)
TODO: check
CVE-2024-1872 (The Button plugin for WordPress is vulnerable to PHP Object Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1858 (The Lightbox slider \u2013 Responsive Lightbox Gallery plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1729 (Th password check condition is vulnerable to timing attack to guess th ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-0956 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0913 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0609 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0608 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6191 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Egehan Security WebPDKS
CVE-2023-6047 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Algoritim E-commerce Software
CVE-2023-52629 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.5.6-1
NOTE: https://git.kernel.org/linus/246f80a0b17f8f582b2c0996db02998239057c65 (6.6-rc1)
CVE-2023-50969 (Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to b ...)
- TODO: check
+ NOT-FOR-US: Thales Imperva SecureSphere WAF
CVE-2023-49234 (An XML external entity (XXE) vulnerability was found in Stilog Visual ...)
- TODO: check
+ NOT-FOR-US: Stilog Visual Planning
CVE-2023-49232 (An authentication bypass vulnerability was found in Stilog Visual Plan ...)
- TODO: check
+ NOT-FOR-US: Stilog Visual Planning
CVE-2023-49231 (An authentication bypass vulnerability was found in Stilog Visual Plan ...)
- TODO: check
+ NOT-FOR-US: Stilog Visual Planning
CVE-2023-33528 (halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2024-3094 (Malicious code was discovered in the upstream tarballs of xz, starting ...)
{DSA-5649-1}
- xz-utils 5.6.1+really5.4.5-1
@@ -483,7 +483,7 @@ CVE-2023-45706 (An administrative user of WebReports may perform a Cross Site Sc
CVE-2023-45705 (An administrative user of WebReports may perform a Server Side Request ...)
NOT-FOR-US: HCL
CVE-2023-42974 (A race condition was addressed with improved state handling. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-42962 (This issue was addressed with improved checks This issue is fixed in i ...)
NOT-FOR-US: Apple
CVE-2023-42947 (A path handling issue was addressed with improved validation. This iss ...)
@@ -1494,11 +1494,11 @@ CVE-2023-45771 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2023-44989 (Insertion of Sensitive Information into Log File vulnerability in GShe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-41973 (ZSATray passes the previousInstallerName as a config parameter to Tray ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2023-41972 (In some rare cases, there is a password type validation missing in Rev ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2023-41969 (An arbitrary file deletion in ZSATrayManager where it protects the tem ...)
- TODO: check
+ NOT-FOR-US: Zscaler
CVE-2023-41696
REJECTED
CVE-2023-33855 (Under certain conditions, RSA operations performed by IBM Common Crypt ...)
@@ -74516,7 +74516,7 @@ CVE-2023-25343
CVE-2023-25342
RESERVED
CVE-2023-25341 (A Directory Traversal vulnerability in ladle dev server 2.5.1 and earl ...)
- TODO: check
+ NOT-FOR-US: ladle dev server
CVE-2023-25340
RESERVED
CVE-2023-25339
@@ -79423,7 +79423,7 @@ CVE-2023-23651 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP
CVE-2023-23650 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23649 (Deserialization of Untrusted Data vulnerability in MainWP MainWP Links ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23648
RESERVED
CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
@@ -88697,7 +88697,7 @@ CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Sli
CVE-2022-47154 (Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47153 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47151
@@ -208903,7 +208903,7 @@ CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through
CVE-2021-31157
RESERVED
CVE-2021-31156 (Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader ...)
- TODO: check
+ NOT-FOR-US: Allied Telesis AT-S115 devices
CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...)
- rust-pleaser 0.4.1-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded99e0fe062915a9c7c1f2bbd0b91b9d43635ec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded99e0fe062915a9c7c1f2bbd0b91b9d43635ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240329/070dca85/attachment.htm>
More information about the debian-security-tracker-commits
mailing list