[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 17 11:14:49 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1d29dde by Salvatore Bonaccorso at 2024-05-17T12:14:17+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
 CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3580 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3551 (The Penci Soledad Data Migrator plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3231 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3134 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35110 (A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulner ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2024-34757 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34752 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34575 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34567 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33556 (Unrestricted Upload of File with Dangerous Type vulnerability in 8them ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32800 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31351 (Unrestricted Upload of File with Dangerous Type vulnerability in Copym ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30060 (Azure Monitor Agent Elevation of Privilege Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-2744 (The NextGEN Gallery  WordPress plugin before 3.59.1 does not sanitise  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2697 (The socialdriver-framework WordPress plugin before 2024.0.0 does not v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2619 (The Elementor Header & Footer Builder for WordPress is vulnerable to H ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24981 (Improper input validation in PfrSmiUpdateFw driver in UEFI firmware fo ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2024-23980 (Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware ...)
 	TODO: check
 CVE-2024-23487 (Improper input validation in UserAuthenticationSmm driver in UEFI firm ...)
@@ -391,7 +391,7 @@ CVE-2024-4326 (A vulnerability in parisneo/lollms-webui versions up to 9.3 allow
 CVE-2024-4322 (A path traversal vulnerability exists in the parisneo/lollms-webui app ...)
 	TODO: check
 CVE-2024-4321 (A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/c ...)
-	TODO: check
+	NOT-FOR-US: gaizhenbiao/chuanhuchatgpt application
 CVE-2024-4318 (The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Inj ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4288 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
@@ -409,41 +409,41 @@ CVE-2024-4181 (A command injection vulnerability exists in the RunGptLLM class o
 CVE-2024-4078 (A vulnerability in the parisneo/lollms, specifically in the `/unInstal ...)
 	TODO: check
 CVE-2024-3887 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3851 (A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imart ...)
-	TODO: check
+	NOT-FOR-US: imartinez/privategpt
 CVE-2024-3848 (A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2024-3750 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3644 (The Newsletter Popup WordPress plugin through 1.2 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3643 (The Newsletter Popup WordPress plugin through 1.2 does not have CSRF c ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3642 (The Newsletter Popup WordPress plugin through 1.2 does not have CSRF c ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3641 (The Newsletter Popup WordPress plugin through 1.2 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3640 (An unquoted executable path exists in the Rockwell AutomationFactoryTa ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-3435 (A path traversal vulnerability exists in the 'save_settings' endpoint  ...)
 	TODO: check
 CVE-2024-3403 (imartinez/privategpt version 0.2.0 is vulnerable to a local file inclu ...)
-	TODO: check
+	NOT-FOR-US: imartinez/privategpt
 CVE-2024-3286 (A buffer overflow vulnerability was identified in some Lenovo printers ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-3126 (A command injection vulnerability exists in the 'run_xtts_api_server'  ...)
 	TODO: check
 CVE-2024-35302 (In JetBrains TeamCity before 2023.11 stored XSS during restore from ba ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-35301 (In JetBrains TeamCity before 2024.03.1 commit status publisher didn't  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-35300 (In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2024-35299 (In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communica ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-35187 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...)
-	TODO: check
+	NOT-FOR-US: Stalwart Mail Server
 CVE-2024-35185 (Minder is a software supply chain security platform. Prior to version  ...)
 	TODO: check
 CVE-2024-35184 (Paperless-ngx is a document management system that transforms physical ...)
@@ -453,71 +453,71 @@ CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git au
 CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...)
 	TODO: check
 CVE-2024-35039 (idccms V1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-34958 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-34957 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-34905 (FlyFish v3.0.0 was discovered to contain a buffer overflow via the pas ...)
-	TODO: check
+	NOT-FOR-US: FlyFish
 CVE-2024-34808 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Samuel Marshall JCH Optimize
 CVE-2024-34805 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2024-34760 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee Order Exp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34582 (Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPa ...)
-	TODO: check
+	NOT-FOR-US: Sunhillo SureLine
 CVE-2024-34273 (njwt up to v0.4.0 was discovered to contain a prototype pollution in t ...)
 	TODO: check
 CVE-2024-31226 (Sunshine is a self-hosted game stream host for Moonlight. Users who ra ...)
-	TODO: check
+	NOT-FOR-US: Sunshine
 CVE-2024-30314 (Dreamweaver Desktop versions 21.3 and earlier are affected by an Impro ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30309 (Substance3D - Painter versions 9.1.2 and earlier Answer: are affected  ...)
-	TODO: check
+	NOT-FOR-US: Substance3D
 CVE-2024-30308 (Substance3D - Painter versions 9.1.2 and earlier Answer: are affected  ...)
-	TODO: check
+	NOT-FOR-US: Substance3D
 CVE-2024-30307 (Substance3D - Painter versions 9.1.2 and earlier are affected by an ou ...)
-	TODO: check
+	NOT-FOR-US: Substance3D
 CVE-2024-30298 (Animate versions 24.0.2, 23.0.5 and earlier Answer: are affected by an ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30297 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of- ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30296 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of- ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30295 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Poi ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30294 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-bas ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30293 (Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-ba ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30292 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30291 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30290 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30289 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30288 (Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30287 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affec ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30286 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affec ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30283 (Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affec ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30282 (Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of- ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30281 (Substance3D - Designer versions 13.1.1 and earlier Answer: are affecte ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30275 (Adobe Aero Desktop versions 23.4 and earlier are affected by a Use Aft ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-30274 (Substance3D - Painter versions 9.1.2 and earlier are affected by an ou ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-2366 (A remote code execution vulnerability exists in the parisneo/lollms-we ...)
 	TODO: check
 CVE-2024-2361 (A vulnerability in the parisneo/lollms-webui allows for arbitrary file ...)
@@ -525,11 +525,11 @@ CVE-2024-2361 (A vulnerability in the parisneo/lollms-webui allows for arbitrary
 CVE-2024-2358 (A path traversal vulnerability in the '/apply_settings' endpoint of pa ...)
 	TODO: check
 CVE-2024-27260 (IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-27244 (Insufficient verification of data authenticity in the installer for Zo ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-27243 (Buffer overflow in some Zoom Workplace Apps and SDK\u2019s may allow a ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2024-20793 (Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-o ...)
 	TODO: check
 CVE-2024-20792 (Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use Af ...)
@@ -579,25 +579,25 @@ CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (
 CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI for Win ...)
 	NOT-FOR-US: Telerik
 CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in OpenText ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3487 (Broken Authentication vulnerability discovered in OpenText\u2122 iMana ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3486 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3485 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This can le ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) Transform ...)
 	NOT-FOR-US: Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints
 CVE-2024-3318 (A file path traversal vulnerability was identified in the DelimitedFil ...)
@@ -605,7 +605,7 @@ CVE-2024-3318 (A file path traversal vulnerability was identified in the Delimit
 CVE-2024-3317 (An improper access control was identified in the Identity Security Clo ...)
 	NOT-FOR-US: Identity Security Cloud (ISC) message server API
 CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal Installer i ...)
-	TODO: check
+	NOT-FOR-US: TIBCO Hawk
 CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...)
 	NOT-FOR-US: Stalwart Mail Server
 CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv- ...)
@@ -651,7 +651,7 @@ CVE-2024-32047 (Hard-coded credentials for the  CyberPower PowerPanel test serve
 CVE-2024-32042 (The key used to encrypt passwords stored in the database can be found  ...)
 	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31856 (An attacker with certain MQTT permissions can create malicious message ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical certific ...)
 	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31409 (Certain MQTT wildcards are not blocked on the  CyberPower PowerPanel   ...)
@@ -673,7 +673,7 @@ CVE-2024-28087 (In Bonitasoft runtime Community edition, the lack of dynamic per
 CVE-2024-28042 (SUBNET Solutions Inc. has identified vulnerabilities in third-party co ...)
 	TODO: check
 CVE-2024-27593 (A stored cross-site scripting (XSS) vulnerability in the Filter functi ...)
-	TODO: check
+	NOT-FOR-US: Eramba
 CVE-2024-27353 (A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde  ...)
 	NOT-FOR-US: Insyde
 CVE-2024-25079 (A memory corruption vulnerability in HddPassword in Insyde InsydeH2O k ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1d29dde547bdbb70e866b9d8ea4ca6ec9623d6e

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1d29dde547bdbb70e866b9d8ea4ca6ec9623d6e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240517/8ea929db/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list