[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed, 21 Feb 2024 02:29:03 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e55d5bf4 by Salvatore Bonaccorso at 2024-02-21T11:27:19+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,39 +19,39 @@ CVE-2024-25601 (Stored cross-site scripting (XSS) 
vulnerability in Expando modul
 CVE-2024-25428 (SQL Injection vulnerability in MRCMS v3.1.2 allows attackers 
to run ar ...)
        NOT-FOR-US: MRCMS
 CVE-2024-25152 (Stored cross-site scripting (XSS) vulnerability in Message 
Board widge ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2024-25151 (The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and 
older u ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2024-25147 (Cross-site scripting (XSS) vulnerability in 
HtmlUtil.escapeJsLink in L ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2024-25141 (When sslwas enabled for Mongo Hook, default settings included 
"allow_i ...)
        NOT-FOR-US: Apache Airflow Mongo Provider
 CVE-2024-24876 (Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts 
Admin M ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24872 (Cross-Site Request Forgery (CSRF) vulnerability in Themify 
Themify Bui ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24849 (Cross-Site Request Forgery (CSRF) vulnerability in Mark 
Stockton Quick ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24843 (Cross-Site Request Forgery (CSRF) vulnerability in PowerPack 
Addons fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24837 (Cross-Site Request Forgery (CSRF) vulnerability in 
Fr\xe9d\xe9ric GILL ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24802 (Cross-Site Request Forgery (CSRF) vulnerability in John Tendik 
JTRT Re ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24798 (Cross-Site Request Forgery (CSRF) vulnerability in SoniNow 
Team Debug. ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-23830 (MantisBT is an open source issue tracker. Prior to version 
2.26.1, an  ...)
        - mantis <removed>
 CVE-2024-23758 (An issue discovered in Unisys Stealth 5.3.062.0 allows 
attackers to vi ...)
-       TODO: check
+       NOT-FOR-US: Unisys
 CVE-2024-22235 (VMware Aria Operations contains a local privilege escalation 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2024-1631 (Impact: The library offers a function to generate an ed25519 
key pair  ...)
        TODO: check
 CVE-2024-1562 (The WooCommerce Google Sheet Connector plugin for WordPress is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1501 (The Database Reset plugin for WordPress is vulnerable to 
Cross-Site Re ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1108 (The Plugin Groups plugin for WordPress is vulnerable to 
unauthorized m ...)
        TODO: check
 CVE-2024-1081 (The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for 
WordPress is  ...)
@@ -376,81 +376,81 @@ CVE-2024-1546 (When storing and re-accessing data on a 
networking channel, the l
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1546
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1546
 CVE-2024-1519 (The Paid Membership Plugin, Ecommerce, User Registration Form, 
Login F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1496 (The Featured Image from URL (FIFU) plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1492 (The WPify Woo Czech plugin for WordPress is vulnerable to 
unauthorized ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1475 (The Coming Soon Maintenance Mode plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1472 (The WP Maintenance plugin for WordPress is vulnerable to 
Information E ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1470 (Authorization Bypass Through User-Controlled Key vulnerability 
in NetI ...)
-       TODO: check
+       NOT-FOR-US: Microfocus
 CVE-2024-1448 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1447 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored 
Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1445 (The Page scroll to id plugin for WordPress is vulnerable to 
Stored Cro ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1425 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, 
Wistia V ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1411 (The PowerPack Addons for Elementor plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1408 (The Paid Membership Plugin, Ecommerce, User Registration Form, 
Login F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1390 (The Paid Membership Subscriptions \u2013 Effortless 
Memberships, Recur ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1389 (The Paid Membership Subscriptions \u2013 Effortless 
Memberships, Recur ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1349 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, 
Wistia V ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1340 (The Login Lockdown \u2013 Protect Login Form plugin for 
WordPress is v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1339 (The ImageRecycle pdf & image compression plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1338 (The ImageRecycle pdf & image compression plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1337 (The SKT Page Builder plugin for WordPress is vulnerable to 
unauthorize ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1336 (The ImageRecycle pdf & image compression plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1335 (The ImageRecycle pdf & image compression plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1334 (The ImageRecycle pdf & image compression plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1322 (The Directorist \u2013 WordPress Business Directory Plugin with 
Classi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1318 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, 
News & ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1317 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, 
News & ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1294 (The Sunshine Photo Cart: Free Client Galleries for 
Photographers plugi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1288 (The Schema & Structured Data for WP & AMP plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1282 (The Email Encoder \u2013 Protect Email Addresses and Phone 
Numbers plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1277 (The Ocean Extra plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1276 (The Essential Addons for Elementor \u2013 Best Elementor 
Templates, Wi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1242 (The Premium Addons for Elementor plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1236 (The Essential Addons for Elementor \u2013 Best Elementor 
Templates, Wi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1235 (The Elementor Addons by Livemesh plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1218 (The Contact Form builder with drag & drop for WordPress \u2013 
Kali Fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1217 (The Contact Form builder with drag & drop for WordPress \u2013 
Kali Fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1206 (The WP Recipe Maker plugin for WordPress is vulnerable to SQL 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1172 (The Essential Addons for Elementor \u2013 Best Elementor 
Templates, Wi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1171 (The Essential Addons for Elementor \u2013 Best Elementor 
Templates, Wi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1156 (Incorrect directory permissions for the shared NI RabbitMQ 
service may ...)
        TODO: check
 CVE-2024-1155 (Incorrect permissions in the installation directories for 
shared Syste ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e55d5bf46324f4ff8d307f646c4c38c22c42f7f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e55d5bf46324f4ff8d307f646c4c38c22c42f7f6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to