[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 18 10:49:02 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c915f71 by Salvatore Bonaccorso at 2024-05-18T11:48:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,15 +23,15 @@ CVE-2024-3810 (The Salient Shortcodes plugin for WordPress is vulnerable to Loca
CVE-2024-3714 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2024-35313 (In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length ...)
- TODO: check
+ NOT-FOR-US: Tor Arti
CVE-2024-35312 (In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 ...)
- TODO: check
+ NOT-FOR-US: Tor Arti
CVE-2024-2782 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2772 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2771 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23583 (An attacker could potentially intercept credentials via the task manag ...)
TODO: check
CVE-2024-23556 (SSL/TLS Renegotiation functionality potentially leading to DoS attack ...)
@@ -498,121 +498,121 @@ CVE-2024-35173 (Missing Authorization vulnerability in PluginEver Serial Numbers
CVE-2024-34997 (joblib v1.4.2 was discovered to contain a deserialization vulnerabilit ...)
TODO: check
CVE-2024-34982 (An arbitrary file upload vulnerability in the component /include/file. ...)
- TODO: check
+ NOT-FOR-US: lylme_spage
CVE-2024-34959 (DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_d ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-34919 (An arbitrary file upload vulnerability in the component \modstudent\co ...)
- TODO: check
+ NOT-FOR-US: Pisay Online E-Learning System
CVE-2024-34809 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Empow ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-34807 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34806 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Cle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34756 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34755 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34434 (Incorrect Authorization vulnerability in realmag777 WordPress Meta Dat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34370 (Improper Privilege Management vulnerability in WPFactory EAN for WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34241 (A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1. ...)
- TODO: check
+ NOT-FOR-US: Rocketsoft Rocket LMS
CVE-2024-34058 (The WebTop package for NethServer 7 and 8 allows stored XSS (for examp ...)
TODO: check
CVE-2024-33917 (Authentication Bypass by Spoofing vulnerability in webtechideas WTI Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33644 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33569 (Improper Privilege Management vulnerability in Darren Cooney Instant I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33567 (Improper Privilege Management vulnerability in UkrSolution Barcode Sca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33552 (Improper Privilege Management vulnerability in 8theme XStore Core allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33550 (Improper Privilege Management vulnerability in JR King/Eran Schoellhor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33549 (Improper Privilege Management vulnerability in AA-Team WZone allows Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32960 (Improper Privilege Management vulnerability in Booking Ultra Pro allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32959 (Improper Privilege Management vulnerability in Sirv allows Privilege E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32830 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32827 (Authentication Bypass by Spoofing vulnerability in RafflePress Giveawa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32809 (Unrestricted Upload of File with Dangerous Type vulnerability in JumpD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32802 (Missing Authorization vulnerability in WordPlus BP Better Messages all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32790 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32786 (Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32774 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32720 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32708 (Authentication Bypass by Spoofing vulnerability in helderk Maintenance ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32692 (Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Boo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32685 (Client-Side Enforcement of Server-Side Security vulnerability in Wpmet ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32680 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32523 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32521 (Client-Side Enforcement of Server-Side Security vulnerability in Highf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32512 (Client-Side Enforcement of Server-Side Security vulnerability in weFor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32511 (Improper Privilege Management vulnerability in Astoundify Simple Regis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32507 (Improper Privilege Management vulnerability in Hamid Alinia \u2013 ide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32131 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31974 (The com.solarized.firedown (aka Solarized FireDown Browser & Downloade ...)
- TODO: check
+ NOT-FOR-US: com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application for Android
CVE-2024-31341 (Insufficient Verification of Data Authenticity vulnerability in Cozmos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31300 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31295 (Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31290 (Improper Privilege Management vulnerability in CodeRevolution Demo My ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31281 (Missing Authorization vulnerability in Andy Moyle Church Admin church- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31237 (Improper Privilege Management vulnerability in WP Sharks s2Member Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31232 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31231 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30542 (Improper Privilege Management vulnerability in Wholesale WholesaleX al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30540 (Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30527 (Improper Validation of Specified Quantity in Input vulnerability in Ti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30522 (Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30509 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30480 (Authentication Bypass by Spoofing vulnerability in Pippin Williamson C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30479 (Authentication Bypass by Spoofing vulnerability in LionScripts IP Bloc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27971 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27955 (Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27954 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27436 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
@@ -795,19 +795,19 @@ CVE-2024-27402 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux 6.1.82-1
NOTE: https://git.kernel.org/linus/7d2a894d7f487dcb894df023e9d3014cf5b93fe5 (6.8-rc6)
CVE-2024-25906 (Authentication Bypass by Spoofing vulnerability in WP Happy Coders Com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25595 (Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24934 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24882 (Improper Privilege Management vulnerability in Masteriyo LMS allows Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24874 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24873 (: Improper Control of Interaction Frequency vulnerability in CodePeopl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24869 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24715 (Improper Validation of Specified Quantity in Input vulnerability in Th ...)
TODO: check
CVE-2024-23522 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
@@ -1549,9 +1549,9 @@ CVE-2024-35299 (In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol com
CVE-2024-35187 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...)
NOT-FOR-US: Stalwart Mail Server
CVE-2024-35185 (Minder is a software supply chain security platform. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Minder by Stacklok
CVE-2024-35184 (Paperless-ngx is a document management system that transforms physical ...)
- TODO: check
+ NOT-FOR-US: Paperless-ngx
CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git authenti ...)
TODO: check
CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...)
@@ -1567,7 +1567,7 @@ CVE-2024-34905 (FlyFish v3.0.0 was discovered to contain a buffer overflow via t
CVE-2024-34808 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Samuel Marshall JCH Optimize
CVE-2024-34805 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34760 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee Order Exp ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c915f71ef34dddb2e2a77c5cf83797a9441451e
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c915f71ef34dddb2e2a77c5cf83797a9441451e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240518/26adde49/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list