[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 08 Jan 2024 12:53:25 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
758770c3 by Salvatore Bonaccorso at 2024-01-08T21:52:56+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,103 +23,103 @@ CVE-2024-0321 (Stack-based Buffer Overflow in GitHub 
repository gpac/gpac prior
        NOTE: https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769/
        NOTE: 
https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a
 CVE-2024-0308 (A vulnerability was found in Inis up to 2.0.1. It has been 
rated as cr ...)
-       TODO: check
+       NOT-FOR-US: Inis
 CVE-2024-0307 (A vulnerability was found in Kashipara Dynamic Lab Management 
System u ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Dynamic Lab Management System
 CVE-2024-0306 (A vulnerability was found in Kashipara Dynamic Lab Management 
System u ...)
-       TODO: check
+       NOT-FOR-US: Kashipara Dynamic Lab Management System
 CVE-2024-0305 (A vulnerability was found in Guangzhou Yingke Electronic 
Technology Nc ...)
-       TODO: check
+       NOT-FOR-US: Guangzhou Yingke Electronic Technology Ncast
 CVE-2023-7224 (OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local 
users  ...)
-       TODO: check
+       NOT-FOR-US: OpenVPN Connect
 CVE-2023-6921 (Blind SQL Injection vulnerability in PrestaShow Google 
Integrator (Pre ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-6845 (The CommentTweets WordPress plugin through 0.6 does not have 
CSRF chec ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6750 (The Clone WordPress plugin before 2.4.3 uses buffer files to 
store in- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6631 (PowerSYSTEM Center versions 2020 Update 16 and prior contain a 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: PowerSYSTEM Center
 CVE-2023-6627 (The WP Go Maps (formerly WP Google Maps) WordPress plugin 
before 9.0.2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6555 (The Email Subscription Popup WordPress plugin before 1.2.20 
does not s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6552 (Lack of "current" GET parameter validation during the action of 
changi ...)
        TODO: check
 CVE-2023-6532 (The WP Blogs' Planetarium WordPress plugin through 1.0 does not 
have C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6529 (The WP VR WordPress plugin before 8.3.15 does not authorisation 
and CS ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6528 (The Slider Revolution WordPress plugin before 6.6.19 does not 
prevent  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6505 (The Migrate WordPress Website & Backups WordPress plugin before 
1.9.3  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6383 (The Debug Log Manager WordPress plugin before 2.3.0 contains a 
Directo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6161 (The WP Crowdfunding WordPress plugin before 2.1.9 does not 
sanitise an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6141 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not apply ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6140 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not preve ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6139 (The Essential Real Estate WordPress plugin before 4.4.0 does 
not apply ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6042 (Any unauthenticated user may send e-mail from the site with any 
title  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5957 (The Ni Purchase Order(PO) For WooCommerce WordPress plugin 
through 1.2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5911 (The WP Custom Cursors | WordPress Cursor Plugin WordPress 
plugin throu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5235 (The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does 
not li ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5091 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel 
Driver allo ...)
        TODO: check
 CVE-2023-52271 (The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud 
allows low-pr ...)
        TODO: check
 CVE-2023-52225 (Deserialization of Untrusted Data vulnerability in Tagbox 
Tagbox \u201 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52222 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic 
WooComme ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52219 (Deserialization of Untrusted Data vulnerability in Gecka Gecka 
Terms T ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52218 (Deserialization of Untrusted Data vulnerability in Anton Bond 
Woocomme ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52216 (Cross-Site Request Forgery (CSRF) vulnerability in Yevhen 
Kotelnytskyi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52215 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52213 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52208 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52207 (Deserialization of Untrusted Data vulnerability in SVNLabs 
Softwares H ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52206 (Deserialization of Untrusted Data vulnerability in Live 
Composer Team  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52205 (Deserialization of Untrusted Data vulnerability in SVNLabs 
Softwares H ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52204 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52203 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52201 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52200 (Cross-Site Request Forgery (CSRF), Deserialization of 
Untrusted Data v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52190 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51701 (fastify-reply-from is a Fastify plugin to forward the current 
HTTP req ...)
        TODO: check
 CVE-2023-51508 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51246 (A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 
3.3.16 exi ...)
-       TODO: check
+       NOT-FOR-US: GetSimple CMS
 CVE-2023-50982 (Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of 
executab ...)
        TODO: check
 CVE-2023-47890 (pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.)
        TODO: check
 CVE-2023-47211 (A directory traversal vulnerability exists in the uploadMib 
functional ...)
-       TODO: check
+       NOT-FOR-US: ManageEngine OpManager
 CVE-2023-41710 (User-defined script code could be stored for a upsell related 
shop URL ...)
        TODO: check
 CVE-2023-39444 (Multiple out-of-bounds write vulnerabilities exist in the LXT2 
parsing ...)
@@ -327,7 +327,7 @@ CVE-2024-0288 (A vulnerability classified as critical has 
been found in Kashipar
 CVE-2024-0287 (A vulnerability was found in Kashipara Food Management System 
1.0. It  ...)
        NOT-FOR-US: Kashipara Food Management System
 CVE-2023-7215 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: Chanzhaoyu chatgpt-web
 CVE-2023-50948 (IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded 
credent ...)
        NOT-FOR-US: IBM
 CVE-2023-47140 (IBM CICS Transaction Gateway 9.3 could allow a user to 
transfer or vie ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/758770c3f57ba2d5cef9c39449ce3d0f536e9742

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/758770c3f57ba2d5cef9c39449ce3d0f536e9742
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to