Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80f0fbcd by Salvatore Bonaccorso at 2024-03-26T21:54:29+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2024-30235 (Missing Authorization vulnerability in Themeisle Multiple Page
Generat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30234 (Missing Authorization vulnerability in Wholesale Team
WholesaleX.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30233 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30232 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30231 (Unrestricted Upload of File with Dangerous Type vulnerability
in WebTo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2955 (T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to
4.0.13 a ...)
TODO: check
CVE-2024-2951 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss
Registrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2929 (A memory corruption vulnerability in Rockwell Automation Arena
Simulat ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-2921 (Improper access control in PAM vault permissions in Devolutions
Server ...)
- TODO: check
+ NOT-FOR-US: Devolutions Server
CVE-2024-2915 (Improper access control in PAM JIT elevation in Devolutions
Server 202 ...)
- TODO: check
+ NOT-FOR-US: Devolutions Server
CVE-2024-2906 (Missing Authorization vulnerability in SoftLab Radio
Player.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2904 (Cross-Site Request Forgery (CSRF) vulnerability in Extend
Themes Calli ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2902 (A vulnerability was found in Tenda AC7 15.03.06.44 and
classified as c ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2901 (A vulnerability has been found in Tenda AC7 15.03.06.44 and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2900 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2899 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2898 (A vulnerability classified as critical was found in Tenda AC7
15.03.06 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2897 (A vulnerability classified as critical has been found in Tenda
AC7 15. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2896 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
rated ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2895 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
declar ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2894 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
classi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2893 (A vulnerability was found in Tenda AC7 15.03.06.44 and
classified as c ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2892 (A vulnerability has been found in Tenda AC7 15.03.06.44 and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2891 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-2802
REJECTED
CVE-2024-2452 (In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can
control ...)
@@ -59,17 +59,17 @@ CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki
extension for requesting & cr
CVE-2024-29881 (TinyMCE is an open source rich text editor. A cross-site
scripting (X ...)
TODO: check
CVE-2024-29833 (The image upload component allows SVG files and the regular
expression ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox
action of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29810 (The thumb_url parameter of the AJAX call to the editimage_bwg
action o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29809 (The image_url parameter of the AJAX call to the editimage_bwg
action o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29808 (The image_id parameter of the AJAX call to the editimage_bwg
action of ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29684 (DedeCMS v5.7 was discovered to contain a Cross-Site Request
Forgery (C ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and
before al ...)
TODO: check
CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session
Expiration, which ...)
@@ -77,39 +77,39 @@ CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient
Session Expiration,
CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site
scripting (XSS ...)
TODO: check
CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management
Platform. Any c ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2024-28442 (Directory Traversal vulnerability in Yealink VP59
v.91.15.0.118 allows ...)
- TODO: check
+ NOT-FOR-US: Yealink
CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file
search p ...)
- TODO: check
+ NOT-FOR-US: EasyRange
CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script
ver.4.00. ...)
- TODO: check
+ NOT-FOR-US: 0ch BBS Script
CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E
devices is en ...)
- TODO: check
+ NOT-FOR-US: AdTran NetVanta devices
CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11,
which ma ...)
- TODO: check
+ NOT-FOR-US: ffBull
CVE-2024-28034 (Cross-site scripting vulnerability exists in Mini Thread
Version 3.33\ ...)
- TODO: check
+ NOT-FOR-US: Mini Thread Version
CVE-2024-28033 (OS command injection vulnerability exists in WebProxy 1.7.8
and 1.7.9, ...)
- TODO: check
+ NOT-FOR-US: WebProxy
CVE-2024-26018 (Cross-site scripting vulnerability exists in TvRock 0.9t8a. An
arbitra ...)
- TODO: check
+ NOT-FOR-US: TvRock
CVE-2024-25958 (Dell Grab for Windows, versions up to and including 5.0.4,
contain Wea ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-25957 (Dell Grab for Windows, versions 5.0.4 and below, contains a
cleartext ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-25956 (Dell Grab for Windows, versions 5.0.4 and below, contains an
improper ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-24805 (Missing Authorization vulnerability in Deepak anand WP Dummy
Content G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24799 (Missing Authorization vulnerability in WooCommerce WooCommerce
Box Off ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24719 (Missing Authorization vulnerability in Uriahs Victor Location
Picker a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24718 (Missing Authorization vulnerability in PropertyHive.This issue
affects ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24711 (Missing Authorization vulnerability in weDevs WooCommerce
Conversion T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference
can be c ...)
TODO: check
CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly
PopupAlly.This issue ...)
@@ -117,45 +117,45 @@ CVE-2024-23520 (Missing Authorization vulnerability in
AccessAlly PopupAlly.This
CVE-2024-23482 (The ZScaler service is susceptible to a local privilege
escalation vul ...)
TODO: check
CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could
be exploi ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23,
12.0.1.0 throug ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22156 (Missing Authorization vulnerability in SNP Digital
SalesKing.This issu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-21920 (A memory buffer vulnerability in Rockwell Automation Arena
Simulation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-21919 (An uninitialized pointer in Rockwell Automation Arena
Simulation softw ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-21918 (A memory buffer vulnerability in Rockwell Automation Arena
Simulation ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-21913 (A heap-based memory buffer overflow vulnerability in Rockwell
Automati ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-21912 (An arbitrary code execution vulnerability in Rockwell
Automation Arena ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-1933 (Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer
Remote C ...)
TODO: check
CVE-2024-1455 (The XMLOutputParser in LangChain uses the etree module from the
XML pa ...)
- TODO: check
+ NOT-FOR-US: LangChain
CVE-2024-1313 (It is possible for a user in a different organization from the
owner o ...)
TODO: check
CVE-2023-7251 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6091 (Unrestricted Upload of File with Dangerous Type vulnerability
in mndps ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-52214 (Missing Authorization vulnerability in voidCoders Void Contact
Form 7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50895 (In Janitza GridVis through 9.0.66, exposed dangerous methods
in the de ...)
- TODO: check
+ NOT-FOR-US: Janitza GridVis
CVE-2023-50894 (In Janitza GridVis through 9.0.66, use of hard-coded
credentials in th ...)
- TODO: check
+ NOT-FOR-US: Janitza GridVis
CVE-2023-49838 (Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme
Clotya the ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-47150 (IBM Common Cryptographic Architecture (CCA) 7.0.0 through
7.5.36 could ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-45771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44989 (Insertion of Sensitive Information into Log File vulnerability
in GShe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41973 (ZSATray passes the previousInstallerName as a config parameter
to Tray ...)
TODO: check
CVE-2023-41972 (In some rare cases, there is a password type validation
missing in Rev ...)
@@ -165,11 +165,11 @@ CVE-2023-41969 (An arbitrary file deletion in
ZSATrayManager where it protects t
CVE-2023-41696
REJECTED
CVE-2023-33855 (Under certain conditions, RSA operations performed by IBM
Common Crypt ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-33322 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2887
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -66300,7 +66300,7 @@ CVE-2023-27632 (Cross-Site Request Forgery (CSRF)
vulnerability in mmrs151 Daily
CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27630 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -66884,7 +66884,7 @@ CVE-2023-27461 (Cross-Site Request Forgery (CSRF)
vulnerability in Yoohoo Plugin
CVE-2023-27460
RESERVED
CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest
User Regi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream
WpStream p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate
Brains A ...)
@@ -66922,7 +66922,7 @@ CVE-2023-27442 (Cross-Site Request Forgery (CSRF)
vulnerability in Teplitsa of s
CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE
New Adman ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27440 (Unrestricted Upload of File with Dangerous Type vulnerability
in OnThe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in gl_S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen
Yurchenko WP ...)
@@ -70882,7 +70882,7 @@ CVE-2023-25967 (Cross-Site Request Forgery (CSRF)
vulnerability in PeepSo Commun
CVE-2023-25966
RESERVED
CVE-2023-25965 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Noah ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Joom ...)
@@ -76970,7 +76970,7 @@ CVE-2023-23993 (Cross-Site Request Forgery (CSRF)
vulnerability in LionScripts.C
CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23990
RESERVED
CVE-2023-23989
@@ -78011,7 +78011,7 @@ CVE-2023-23658
CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23656 (Unrestricted Upload of File with Dangerous Type vulnerability
in MainW ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23655
RESERVED
CVE-2023-23654 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Spar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f0fbcd592da26a28861ea7a68ed5c37d0aa3ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80f0fbcd592da26a28861ea7a68ed5c37d0aa3ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
