Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd70652f by Salvatore Bonaccorso at 2024-03-29T09:10:50+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103,7 +103,7 @@ CVE-2024-29897 (CreateWiki is Miraheze's MediaWiki
extension for requesting & cr
CVE-2024-29896 (Astro-Shield is a library to compute the subresource integrity
hashes ...)
TODO: check
CVE-2024-29882 (SRS is a simple, high-efficiency, real-time video server.
SRS's `/api/ ...)
- TODO: check
+ NOT-FOR-US: SRS video server
CVE-2024-29200 (Kimai is a web-based multi-user time-tracking application. The
permiss ...)
NOT-FOR-US: Kimai
CVE-2024-28713 (An issue in Mblog Blog system v.3.5.0 allows an attacker to
execute ar ...)
@@ -295,29 +295,29 @@ CVE-2024-29100 (Unrestricted Upload of File with
Dangerous Type vulnerability in
CVE-2024-29090 (Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow
AI Engi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28016 (Improper Access Controlvulnerability in NEC Corporation Aterm
WG1800HP ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28015 (Improper Neutralization of Special Elements used in an OS
Command vuln ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28014 (Stack-based Buffer Overflow vulnerability in NEC Corporation
Aterm WG1 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28013 (Use of Insufficiently Random Values vulnerability in NEC
Corporation A ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28012 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28011 (Hidden Functionality vulnerability in NEC Corporation Aterm
WG1800HP4, ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28010 (Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4,
WG1200H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28009 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28008 (Active Debug Code in NEC Corporation Aterm WG1800HP4,
WG1200HS3, WG190 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28007 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28006 (Improper authentication vulnerability in NEC Corporation Aterm
WG1800H ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28005 (Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3,
WG1200HS2 ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2024-28004 (Missing Authorization vulnerability in ExtendThemes Colibri
Page Build ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28003 (Missing Authorization vulnerability in Megamenu Max Mega
Menu.This iss ...)
@@ -337,7 +337,7 @@ CVE-2024-25599 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2024-25354 (RegEx Denial of Service in domain-suffix 1.0.8 allows
attackers to cra ...)
TODO: check
CVE-2024-23500 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP
Gutenbe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22138 (Insertion of Sensitive Information into Log File vulnerability
in Sera ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1770 (The Meta Tag Manager plugin for WordPress is vulnerable to PHP
Object ...)
@@ -474,9 +474,9 @@ CVE-2024-29891 (ZITADEL users can upload their own avatar
image and various imag
CVE-2024-29888 (Saleor is an e-commerce platform that serves high-volume
companies. Wh ...)
NOT-FOR-US: Saleor
CVE-2024-29887 (Serverpod is an app and web server, built for the Flutter and
Dart eco ...)
- TODO: check
+ NOT-FOR-US: Serverpod
CVE-2024-29886 (Serverpod is an app and web server, built for the Flutter and
Dart eco ...)
- TODO: check
+ NOT-FOR-US: Serverpod
CVE-2024-29819 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-29818 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -590,7 +590,7 @@ CVE-2024-28233 (JupyterHub is an open source multi-user
server for Jupyter noteb
CVE-2024-27270 (IBM WebSphere Application Server Liberty 23.0.0.3 through
24.0.0.3 is ...)
NOT-FOR-US: IBM
CVE-2024-27091 (GeoNode is a geospatial content management system, a platform
for the ...)
- TODO: check
+ NOT-FOR-US: GeoNode
CVE-2024-25962 (Dell InsightIQ, version 5.0, contains an improper access
control vulne ...)
NOT-FOR-US: Dell
CVE-2024-23515 (Cross-Site Request Forgery (CSRF) vulnerability in Cincopa
Post Video ...)
@@ -638,7 +638,7 @@ CVE-2024-20265 (A vulnerability in the boot process of
Cisco Access Point (AP) S
CVE-2024-20259 (A vulnerability in the DHCP snooping feature of Cisco IOS XE
Software ...)
NOT-FOR-US: Cisco
CVE-2024-1540 (Previously, it was possible to exfiltrate secrets in Gradio's
CI, but ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2023-6400 (Incorrect Authorization vulnerability in OpenText\u2122
ZENworks Confi ...)
NOT-FOR-US: OpenText
CVE-2023-6173 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -767,7 +767,7 @@ CVE-2024-2210 (The The Plus Addons for Elementor plugin for
WordPress is vulnera
CVE-2024-2209 (A user with administrative privileges can create a compromised
dll fil ...)
NOT-FOR-US: HP
CVE-2024-2206 (The /proxy route allows a user to proxy arbitrary urls
including poten ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-2203 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2139 (The Master Addons for Elementor plugin for WordPress is
vulnerable to ...)
@@ -831,7 +831,7 @@ CVE-2024-28551 (Tenda AC18 V15.03.05.05 has a stack
overflow vulnerability in th
CVE-2024-28545 (Tenda AC18 V15.03.05.05 contains a command injection
vulnerablility in ...)
NOT-FOR-US: Tenda
CVE-2024-28335 (Lektor before 3.3.11 does not sanitize DB path traversal.
Thus, shell ...)
- TODO: check
+ NOT-FOR-US: Lektor CMS
CVE-2024-27521 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to
contain an u ...)
NOT-FOR-US: TOTOLINK
CVE-2024-27188 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -1095,7 +1095,7 @@ CVE-2024-23722 (In Fluent Bit 2.1.8 through 2.2.1, a NULL
pointer dereference ca
CVE-2024-23520 (Missing Authorization vulnerability in AccessAlly
PopupAlly.This issue ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23482 (The ZScaler service is susceptible to a local privilege
escalation vul ...)
- TODO: check
+ NOT-FOR-US: ZScaler
CVE-2024-22436 (A security vulnerability in HPE IceWall Agent products could
be exploi ...)
NOT-FOR-US: HPE
CVE-2024-22356 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23,
12.0.1.0 throug ...)
@@ -1265,7 +1265,7 @@ CVE-2024-29179 (phpMyFAQ is an open source FAQ web
application for PHP 8.1+ and
CVE-2024-29041 (Express.js minimalist web framework for node. Versions of
Express.js p ...)
TODO: check
CVE-2024-28421 (SQL Injection vulnerability in Razor 0.8.0 allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: Cobub Razor
CVE-2024-21914 (A vulnerability exists in the affected product that allows a
malicious ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-1973 (By leveraging the vulnerability, lower-privileged users of
Content Man ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd70652fa164754196313446ad2970671d682234
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd70652fa164754196313446ad2970671d682234
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
