[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 18 10:49:02 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c915f71 by Salvatore Bonaccorso at 2024-05-18T11:48:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,15 +23,15 @@ CVE-2024-3810 (The Salient Shortcodes plugin for WordPress is vulnerable to Loca
 CVE-2024-3714 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-35313 (In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length ...)
-	TODO: check
+	NOT-FOR-US: Tor Arti
 CVE-2024-35312 (In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 ...)
-	TODO: check
+	NOT-FOR-US: Tor Arti
 CVE-2024-2782 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2772 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2771 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23583 (An attacker could potentially intercept credentials via the task manag ...)
 	TODO: check
 CVE-2024-23556 (SSL/TLS Renegotiation functionality potentially leading to DoS attack  ...)
@@ -498,121 +498,121 @@ CVE-2024-35173 (Missing Authorization vulnerability in PluginEver Serial Numbers
 CVE-2024-34997 (joblib v1.4.2 was discovered to contain a deserialization vulnerabilit ...)
 	TODO: check
 CVE-2024-34982 (An arbitrary file upload vulnerability in the component /include/file. ...)
-	TODO: check
+	NOT-FOR-US: lylme_spage
 CVE-2024-34959 (DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_d ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-34919 (An arbitrary file upload vulnerability in the component \modstudent\co ...)
-	TODO: check
+	NOT-FOR-US: Pisay Online E-Learning System
 CVE-2024-34809 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Empow ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-34807 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34806 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Cle ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34756 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34755 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34434 (Incorrect Authorization vulnerability in realmag777 WordPress Meta Dat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34370 (Improper Privilege Management vulnerability in WPFactory EAN for WooCo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34241 (A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1. ...)
-	TODO: check
+	NOT-FOR-US: Rocketsoft Rocket LMS
 CVE-2024-34058 (The WebTop package for NethServer 7 and 8 allows stored XSS (for examp ...)
 	TODO: check
 CVE-2024-33917 (Authentication Bypass by Spoofing vulnerability in webtechideas WTI Li ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33644 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33569 (Improper Privilege Management vulnerability in Darren Cooney Instant I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33567 (Improper Privilege Management vulnerability in UkrSolution Barcode Sca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33552 (Improper Privilege Management vulnerability in 8theme XStore Core allo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33550 (Improper Privilege Management vulnerability in JR King/Eran Schoellhor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33549 (Improper Privilege Management vulnerability in AA-Team WZone allows Pr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32960 (Improper Privilege Management vulnerability in Booking Ultra Pro allow ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32959 (Improper Privilege Management vulnerability in Sirv allows Privilege E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32830 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32827 (Authentication Bypass by Spoofing vulnerability in RafflePress Giveawa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32809 (Unrestricted Upload of File with Dangerous Type vulnerability in JumpD ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32802 (Missing Authorization vulnerability in WordPlus BP Better Messages all ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32790 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32786 (Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elem ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32774 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32720 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32708 (Authentication Bypass by Spoofing vulnerability in helderk Maintenance ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32692 (Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Boo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32685 (Client-Side Enforcement of Server-Side Security vulnerability in Wpmet ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32680 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32523 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32521 (Client-Side Enforcement of Server-Side Security vulnerability in Highf ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32512 (Client-Side Enforcement of Server-Side Security vulnerability in weFor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32511 (Improper Privilege Management vulnerability in Astoundify Simple Regis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32507 (Improper Privilege Management vulnerability in Hamid Alinia \u2013 ide ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32131 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31974 (The com.solarized.firedown (aka Solarized FireDown Browser & Downloade ...)
-	TODO: check
+	NOT-FOR-US: com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application for Android
 CVE-2024-31341 (Insufficient Verification of Data Authenticity vulnerability in Cozmos ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31300 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31295 (Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31290 (Improper Privilege Management vulnerability in CodeRevolution Demo My  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31281 (Missing Authorization vulnerability in Andy Moyle Church Admin church- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31237 (Improper Privilege Management vulnerability in WP Sharks s2Member Pro  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31232 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31231 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30542 (Improper Privilege Management vulnerability in Wholesale WholesaleX al ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30540 (Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30527 (Improper Validation of Specified Quantity in Input vulnerability in Ti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30522 (Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30509 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30480 (Authentication Bypass by Spoofing vulnerability in Pippin Williamson C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30479 (Authentication Bypass by Spoofing vulnerability in LionScripts IP Bloc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27971 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27955 (Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27954 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27436 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.7.12-1
 	[bookworm] - linux 6.1.85-1
@@ -795,19 +795,19 @@ CVE-2024-27402 (In the Linux kernel, the following vulnerability has been resolv
 	[bookworm] - linux 6.1.82-1
 	NOTE: https://git.kernel.org/linus/7d2a894d7f487dcb894df023e9d3014cf5b93fe5 (6.8-rc6)
 CVE-2024-25906 (Authentication Bypass by Spoofing vulnerability in WP Happy Coders Com ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25595 (Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24934 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24882 (Improper Privilege Management vulnerability in Masteriyo LMS allows Pr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24874 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24873 (: Improper Control of Interaction Frequency vulnerability in CodePeopl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24869 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24715 (Improper Validation of Specified Quantity in Input vulnerability in Th ...)
 	TODO: check
 CVE-2024-23522 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
@@ -1549,9 +1549,9 @@ CVE-2024-35299 (In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol com
 CVE-2024-35187 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...)
 	NOT-FOR-US: Stalwart Mail Server
 CVE-2024-35185 (Minder is a software supply chain security platform. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Minder by Stacklok
 CVE-2024-35184 (Paperless-ngx is a document management system that transforms physical ...)
-	TODO: check
+	NOT-FOR-US: Paperless-ngx
 CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git authenti ...)
 	TODO: check
 CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...)
@@ -1567,7 +1567,7 @@ CVE-2024-34905 (FlyFish v3.0.0 was discovered to contain a buffer overflow via t
 CVE-2024-34808 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: Samuel Marshall JCH Optimize
 CVE-2024-34805 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34760 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee Order Exp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c915f71ef34dddb2e2a77c5cf83797a9441451e

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c915f71ef34dddb2e2a77c5cf83797a9441451e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240518/26adde49/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list