Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
efc55e54 by Salvatore Bonaccorso at 2024-01-17T21:57:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2024-22715 (Stupid Simple CMS <=1.2.4 was discovered to contain a
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: Stupid Simple CMS
CVE-2024-22714 (Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Stupid Simple CMS
CVE-2024-20287 (A vulnerability in the web-based management interface of the
Cisco WAP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20277 (A vulnerability in the web-based management interface of Cisco
Thousan ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20272 (A vulnerability in the web-based management interface of Cisco
Unity C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20270 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-20251 (A vulnerability in the web-based management interface of Cisco
Identit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2024-0647 (A vulnerability, which was classified as problematic, was found
in Spa ...)
- TODO: check
+ NOT-FOR-US: Sparksuite SimpleMDE
CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux
kernel\u2019 ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.69-1
@@ -22,9 +22,9 @@ CVE-2024-0646 (An out-of-bounds memory write flaw was found
in the Linux kernel\
CVE-2024-0645 (Buffer overflow vulnerability in Explorer++ affecting version
1.3.5.53 ...)
TODO: check
CVE-2024-0643 (Unrestricted upload of dangerous file types in the C21 Live
Encoder an ...)
- TODO: check
+ NOT-FOR-US: C21 Live encoder and Live Mosaic
CVE-2024-0642 (Inadequate access control in the C21 Live Encoder and Live
Mosaic prod ...)
- TODO: check
+ NOT-FOR-US: C21 Live encoder and Live Mosaic
CVE-2024-0641 (A denial of service vulnerability was found in
tipc_crypto_key_revoke ...)
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
@@ -38,21 +38,21 @@ CVE-2024-0639 (A denial of service vulnerability due to a
deadlock was found in
[buster] - linux 4.19.304-1
NOTE:
https://git.kernel.org/linus/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a (6.5-rc1)
CVE-2024-0396 (In Progress MOVEit Transfer versions released before 2022.0.10
(14.0.1 ...)
- TODO: check
+ NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-7031 (Insecure Direct Object Reference vulnerabilities were
discovered in th ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2023-5041 (The Track The Click WordPress plugin before 0.3.12 does not
properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5006 (The WP Discord Invite WordPress plugin before 2.5.1 does not
protect s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50950 (IBM QRadar SIEM 7.5 could disclose sensitive email information
in resp ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-44077 (Studio Network Solutions ShareBrowser before 7.0 on macOS
mishandles s ...)
- TODO: check
+ NOT-FOR-US: Studio Network Solutions ShareBrowser
CVE-2023-34379 (Missing Authorization vulnerability in MagneticOne Cart2Cart:
Magento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4434 (The Social Warfare plugin for WordPress is vulnerable to Remote
Code E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-20968
- mysql-8.0 8.0.35-1
CVE-2024-20984
@@ -61128,7 +61128,7 @@ CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette
Plugins Simp ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23896 (Missing Authorization vulnerability in MyThemeShop URL
Shortener by My ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23895
RESERVED
CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -61156,7 +61156,7 @@ CVE-2023-23884 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilityin David ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23882 (Missing Authorization vulnerability in Brainstorm Force
Ultimate Addon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gree ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -82889,7 +82889,7 @@ CVE-2023-20273 (A vulnerability in the web UI feature
of Cisco IOS XE Software c
CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
CVE-2023-20271 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20270 (A vulnerability in the interaction between the Server Message
Block (S ...)
NOT-FOR-US: Cisco
CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco
Adaptive Sec ...)
@@ -82911,13 +82911,13 @@ CVE-2023-20262 (A vulnerability in the SSH service of
Cisco Catalyst SD-WAN Mana
CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager
could a ...)
NOT-FOR-US: Cisco
CVE-2023-20260 (A vulnerability in the application CLI of Cisco Prime
Infrastructure a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified
Communica ...)
NOT-FOR-US: Cisco
CVE-2023-20258 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20257 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of
Cisco Ada ...)
NOT-FOR-US: Cisco
CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco
Meeting S ...)
@@ -84765,7 +84765,7 @@ CVE-2022-43436 (The File Upload function of EasyTest
has insufficient filtering
CVE-2022-42888 (Unauth. Privilege Escalation vulnerability inARMember premium
plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42884 (Missing Authorization vulnerability in ThemeinProgress WIP
Custom Logi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by
Quiz And ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
@@ -84799,7 +84799,7 @@ CVE-2022-41995
CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File
Format parsin ...)
NOT-FOR-US: PowerISO
CVE-2022-41990 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj
Cardoza 3D Ta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in
LearningTimes Badge ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Mantenimien ...)
@@ -84817,11 +84817,11 @@ CVE-2022-41805 (Cross-Site Request Forgery (CSRF)
vulnerability in Booster for W
CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41790 (Missing Authorization vulnerability in CodePeople WP Time
Slots Bookin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability
in Soleda ...)
NOT-FOR-US: WordPress theme
CVE-2022-41786 (Missing Authorization vulnerability in WP Job Portal WP Job
Portal \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability
in Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite
plugin < ...)
@@ -84829,7 +84829,7 @@ CVE-2022-41781 (Broken Access Control vulnerability in
Permalink Manager Lite pl
CVE-2022-41698
RESERVED
CVE-2022-41695 (Missing Authorization vulnerability in SedLex Traffic
Manager.This iss ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour
Booking plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Viszt P\ ...)
@@ -84837,7 +84837,7 @@ CVE-2022-41685 (Multiple Cross-Site Request Forgery
(CSRF) vulnerabilities in Vi
CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <=
7.3.10 on Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41619 (Missing Authorization vulnerability in SedLex Image Zoom.This
issue af ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West
Slideshow ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb
Amazon Affil ...)
@@ -90222,7 +90222,7 @@ CVE-2022-40975
CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo
network device ...)
NOT-FOR-US: Buffalo
CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local
Pickup for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40700
RESERVED
CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr
\u2013 ...)
@@ -90240,7 +90240,7 @@ CVE-2022-40216 (Auth. (subscriber+) Messaging Block
Bypass vulnerability in Bett
CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability
inXylus The ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40203 (Missing Authorization vulnerability in AlgolPlus Advanced
Dynamic Pric ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo
Forum plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls
plugin <= ...)
@@ -90254,7 +90254,7 @@ CVE-2022-38467 (Reflected Cross-Site Scripting (XSS)
vulnerability inCRM Perks F
CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38141 (Missing Authorization vulnerability in Zorem Sales Report
Email for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social
Login WP plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38057
@@ -90262,7 +90262,7 @@ CVE-2022-38057
CVE-2022-38055
RESERVED
CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG
Tags Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability inOceanwp
sticky heade ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc55e54b145f4dc85069b92ec1a146283ee30b0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc55e54b145f4dc85069b92ec1a146283ee30b0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
