Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: efc55e54 by Salvatore Bonaccorso at 2024-01-17T21:57:38+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,19 +1,19 @@ CVE-2024-22715 (Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Reque ...) - TODO: check + NOT-FOR-US: Stupid Simple CMS CVE-2024-22714 (Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: Stupid Simple CMS CVE-2024-20287 (A vulnerability in the web-based management interface of the Cisco WAP ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20277 (A vulnerability in the web-based management interface of Cisco Thousan ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20272 (A vulnerability in the web-based management interface of Cisco Unity C ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20270 (A vulnerability in the web-based management interface of Cisco BroadWo ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20251 (A vulnerability in the web-based management interface of Cisco Identit ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-0647 (A vulnerability, which was classified as problematic, was found in Spa ...) - TODO: check + NOT-FOR-US: Sparksuite SimpleMDE CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux kernel\u2019 ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 @@ -22,9 +22,9 @@ CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux kernel\ CVE-2024-0645 (Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.53 ...) TODO: check CVE-2024-0643 (Unrestricted upload of dangerous file types in the C21 Live Encoder an ...) - TODO: check + NOT-FOR-US: C21 Live encoder and Live Mosaic CVE-2024-0642 (Inadequate access control in the C21 Live Encoder and Live Mosaic prod ...) - TODO: check + NOT-FOR-US: C21 Live encoder and Live Mosaic CVE-2024-0641 (A denial of service vulnerability was found in tipc_crypto_key_revoke ...) - linux 6.5.8-1 [bookworm] - linux 6.1.64-1 @@ -38,21 +38,21 @@ CVE-2024-0639 (A denial of service vulnerability due to a deadlock was found in [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a (6.5-rc1) CVE-2024-0396 (In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.1 ...) - TODO: check + NOT-FOR-US: Progress MOVEit Transfer CVE-2023-7031 (Insecure Direct Object Reference vulnerabilities were discovered in th ...) - TODO: check + NOT-FOR-US: Avaya CVE-2023-5041 (The Track The Click WordPress plugin before 0.3.12 does not properly s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5006 (The WP Discord Invite WordPress plugin before 2.5.1 does not protect s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50950 (IBM QRadar SIEM 7.5 could disclose sensitive email information in resp ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-44077 (Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles s ...) - TODO: check + NOT-FOR-US: Studio Network Solutions ShareBrowser CVE-2023-34379 (Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-4434 (The Social Warfare plugin for WordPress is vulnerable to Remote Code E ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-20968 - mysql-8.0 8.0.35-1 CVE-2024-20984 @@ -61128,7 +61128,7 @@ CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simp ...) NOT-FOR-US: WordPress plugin CVE-2023-23896 (Missing Authorization vulnerability in MyThemeShop URL Shortener by My ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23895 RESERVED CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -61156,7 +61156,7 @@ CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin David ...) NOT-FOR-US: WordPress plugin CVE-2023-23882 (Missing Authorization vulnerability in Brainstorm Force Ultimate Addon ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...) NOT-FOR-US: WordPress plugin CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -82889,7 +82889,7 @@ CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software c CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2023-20271 (A vulnerability in the web-based management interface of Cisco Prime I ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20270 (A vulnerability in the interaction between the Server Message Block (S ...) NOT-FOR-US: Cisco CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...) @@ -82911,13 +82911,13 @@ CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN Mana CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could a ...) NOT-FOR-US: Cisco CVE-2023-20260 (A vulnerability in the application CLI of Cisco Prime Infrastructure a ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...) NOT-FOR-US: Cisco CVE-2023-20258 (A vulnerability in the web-based management interface of Cisco Prime I ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20257 (A vulnerability in the web-based management interface of Cisco Prime I ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...) NOT-FOR-US: Cisco CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco Meeting S ...) @@ -84765,7 +84765,7 @@ CVE-2022-43436 (The File Upload function of EasyTest has insufficient filtering CVE-2022-42888 (Unauth. Privilege Escalation vulnerability inARMember premium plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-42884 (Missing Authorization vulnerability in ThemeinProgress WIP Custom Logi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And ...) NOT-FOR-US: WordPress plugin CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) @@ -84799,7 +84799,7 @@ CVE-2022-41995 CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format parsin ...) NOT-FOR-US: PowerISO CVE-2022-41990 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Ta ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...) NOT-FOR-US: WordPress plugin CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...) @@ -84817,11 +84817,11 @@ CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for W CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-41790 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soleda ...) NOT-FOR-US: WordPress theme CVE-2022-41786 (Missing Authorization vulnerability in WP Job Portal WP Job Portal \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Gall ...) NOT-FOR-US: WordPress plugin CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin < ...) @@ -84829,7 +84829,7 @@ CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite pl CVE-2022-41698 RESERVED CVE-2022-41695 (Missing Authorization vulnerability in SedLex Traffic Manager.This iss ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt P\ ...) @@ -84837,7 +84837,7 @@ CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Vi CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on Wor ...) NOT-FOR-US: WordPress plugin CVE-2022-41619 (Missing Authorization vulnerability in SedLex Image Zoom.This issue af ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...) NOT-FOR-US: WordPress plugin CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affil ...) @@ -90222,7 +90222,7 @@ CVE-2022-40975 CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...) NOT-FOR-US: Buffalo CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-40700 RESERVED CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr \u2013 ...) @@ -90240,7 +90240,7 @@ CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Bett CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inXylus The ...) NOT-FOR-US: WordPress plugin CVE-2022-40203 (Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pric ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...) NOT-FOR-US: WordPress plugin CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= ...) @@ -90254,7 +90254,7 @@ CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability inCRM Perks F CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-38141 (Missing Authorization vulnerability in Zorem Sales Report Email for Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...) NOT-FOR-US: WordPress plugin CVE-2022-38057 @@ -90262,7 +90262,7 @@ CVE-2022-38057 CVE-2022-38055 RESERVED CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Li ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: WordPress plugin CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability inOceanwp sticky heade ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc55e54b145f4dc85069b92ec1a146283ee30b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc55e54b145f4dc85069b92ec1a146283ee30b0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits