[Git][security-tracker-team/security-tracker][master] Associate some NFUs for FlatPress with flatpress' itp'ed bug
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 25 06:47:40 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6cb20243 by Salvatore Bonaccorso at 2025-02-25T07:47:08+01:00
Associate some NFUs for FlatPress with flatpress' itp'ed bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41339,15 +41339,15 @@ CVE-2024-44017 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2024-43795 (OpenC3 COSMOS provides the functionality needed to send commands to an ...)
NOT-FOR-US: OpenC3 COSMOS
CVE-2024-41290 (FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to sto ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2024-35294 (An unauthenticated remote attacker may use the devices traffic capture ...)
NOT-FOR-US: Schneider
CVE-2024-35293 (An unauthenticated remote attacker may use a missing authentication fo ...)
NOT-FOR-US: Schneider
CVE-2024-33210 (A cross-site scripting (XSS) vulnerability has been identified in Flat ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2024-33209 (FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacke ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2024-24122 (A remote code execution vulnerability in the project management of Wan ...)
NOT-FOR-US: Wanxing Technology's Yitu project
CVE-2024-24116 (An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows ...)
@@ -41579,7 +41579,7 @@ CVE-2024-41673 (Decidim is a participatory democracy framework. The version cont
CVE-2024-41276 (A vulnerability in Kaiten version 57.131.12 and earlier allows attacke ...)
NOT-FOR-US: Kaiten
CVE-2024-31835 (Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 all ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2024-30132 (HCL Nomad server on Domino did not configure certain HTTP Security hea ...)
NOT-FOR-US: HCL
CVE-2024-25661 (In Infinera TNMS (Transcend Network Management System) 19.10.3, cleart ...)
@@ -42131,9 +42131,9 @@ CVE-2024-33368 (An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote
CVE-2024-28948 (Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulne ...)
NOT-FOR-US: Advantech
CVE-2024-25412 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows at ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2024-25411 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows at ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2024-22170 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
NOT-FOR-US: Western Digital My Cloud ddns-start on Linux
CVE-2024-46868 (In the Linux kernel, the following vulnerability has been resolved: f ...)
@@ -163658,11 +163658,11 @@ CVE-2023-1150 (Uncontrolled resource consumption in Series WAGO 750-3x/-8x produ
CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1147 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1146 (Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblo ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1145 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are ...)
NOT-FOR-US: Delta Electronics
CVE-2023-1144 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...)
@@ -164037,13 +164037,13 @@ CVE-2023-1108 (A flaw was found in undertow. This issue makes achieving a denial
NOTE: https://issues.redhat.com/browse/UNDERTOW-2239
NOTE: https://github.com/undertow-io/undertow/pull/1453
CVE-2023-1107 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1106 (Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressb ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1105 (External Control of File Name or Path in GitHub repository flatpressbl ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1103
REJECTED
CVE-2023-1102
@@ -166815,7 +166815,7 @@ CVE-2023-26295 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) co
CVE-2023-26294 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
NOT-FOR-US: HP
CVE-2023-0947 (Path Traversal in GitHub repository flatpressblog/flatpress prior to 1 ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS Management S ...)
NOT-FOR-US: SourceCodester Best POS Management System
CVE-2023-0945 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -179428,11 +179428,11 @@ CVE-2023-22451 (Kiwi TCMS is an open source test management system. In version 1
CVE-2022-4823 (A vulnerability, which was classified as problematic, was found in InS ...)
NOT-FOR-US: InSTEDD Nuntium
CVE-2022-4822 (A vulnerability, which was classified as problematic, has been found i ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4821 (A vulnerability classified as problematic was found in FlatPress. This ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4820 (A vulnerability classified as problematic has been found in FlatPress. ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4819 (A vulnerability was found in HotCRP. It has been rated as problematic. ...)
NOT-FOR-US: HotCRP
CVE-2022-4818 (A vulnerability was found in Talend Open Studio for MDM. It has been d ...)
@@ -180198,7 +180198,7 @@ CVE-2022-4757 (The List Pages Shortcode WordPress plugin before 1.7.6 does not v
CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not validat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic. ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4754 (The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not validate and ...)
@@ -180212,7 +180212,7 @@ CVE-2022-4750 (The WP Responsive Testimonials Slider And Widget WordPress plugin
CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4747 (The Post Category Image With Grid and Slider WordPress plugin before 1 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS openmrs ...)
@@ -181830,9 +181830,9 @@ CVE-2021-4251 (A vulnerability classified as problematic was found in as. This v
CVE-2021-4250 (A vulnerability classified as problematic has been found in cgriego ac ...)
NOT-FOR-US: ActiveAttr
CVE-2022-4606 (PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2022-4605 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2022-4604 (A vulnerability classified as problematic was found in wp-english-wp-a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4603 (A vulnerability classified as problematic has been found in ppp. Affec ...)
@@ -207366,9 +207366,9 @@ CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload
CVE-2022-40049 (SQL injection vulnerability in sourcecodester Theme Park Ticketing Sys ...)
NOT-FOR-US: Theme Park Ticketing System
CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected cross-site scri ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2022-40046
RESERVED
CVE-2022-40045
@@ -251894,7 +251894,7 @@ CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Lin
CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...)
NOT-FOR-US: Burden
CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...)
- pluxml <removed> (bug #1008264)
[buster] - pluxml <end-of-life> (EOL in buster LTS)
@@ -278266,7 +278266,7 @@ CVE-2021-41434 (A stored Cross-Site Scripting (XSS) vulnerability exists in vers
CVE-2021-41433 (SQL Injection vulnerability exists in version 1.0 of the Resumes Manag ...)
NOT-FOR-US: Resumes Management and Job Application Website application
CVE-2021-41432 (A stored cross-site scripting (XSS) vulnerability exists in FlatPress ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2021-41431
RESERVED
CVE-2021-41430
@@ -335007,7 +335007,7 @@ CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection
CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35241 (FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2020-35240 (FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Con ...)
NOT-FOR-US: FluxBB
CVE-2020-35239 (A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The Cs ...)
@@ -357268,7 +357268,7 @@ CVE-2020-22763
CVE-2020-22762
RESERVED
CVE-2020-22761 (Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via t ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2020-22760
RESERVED
CVE-2020-22759
@@ -743835,7 +743835,7 @@ CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie
CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce befo ...)
NOT-FOR-US: cpCommerce
CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...)
NOT-FOR-US: CA Service Desk
CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb2024358257faed4b9aac73d95de88f7ac1e05
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb2024358257faed4b9aac73d95de88f7ac1e05
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250225/252eaaa7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list