Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0091edd0 by Salvatore Bonaccorso at 2024-01-13T09:28:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,103 +4,103 @@ CVE-2024-23301 (Relax-and-Recover (aka ReaR) through 2.7
creates a world-readabl
NOTE: https://github.com/rear/rear/pull/3123
NOTE:
https://github.com/rear/rear/commit/89b61793d80bc2cb2abe47a7d0549466fb087d16
CVE-2024-22209 (Open edX Platform is a service-oriented platform for authoring
and del ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2024-22206 (Clerk helps developers build user management. Unauthorized
access or p ...)
TODO: check
CVE-2024-22142 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Cozmoslabs Profile Builder Pro
CVE-2024-22137 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: MailMunch Constant Contact Forms
CVE-2024-21655 (Discourse is a platform for community discussion. For fields
that are ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2024-21654 (Rubygems.org is the Ruby community's gem hosting service.
Rubygems.org ...)
- TODO: check
+ NOT-FOR-US: Rubygems.org gem hosting service
CVE-2024-21640 (Chromium Embedded Framework (CEF) is a simple framework for
embedding ...)
TODO: check
CVE-2024-21639 (CEF (Chromium Embedded Framework ) is a simple framework for
embedding ...)
TODO: check
CVE-2024-0480 (A vulnerability was found in Taokeyun up to 1.0.5. It has been
declare ...)
- TODO: check
+ NOT-FOR-US: Taokeyun
CVE-2024-0479 (A vulnerability was found in Taokeyun up to 1.0.5. It has been
classif ...)
- TODO: check
+ NOT-FOR-US: Taokeyun
CVE-2024-0478 (A vulnerability was found in code-projects Fighting Cock
Information S ...)
- TODO: check
+ NOT-FOR-US: code-projects Fighting Cock Information System
CVE-2024-0477 (A vulnerability has been found in code-projects Fighting Cock
Informat ...)
- TODO: check
+ NOT-FOR-US: code-projects Fighting Cock Information System
CVE-2024-0476 (A vulnerability, which was classified as problematic, was found
in Blo ...)
- TODO: check
+ NOT-FOR-US: Blood Bank & Donor Management
CVE-2024-0475 (A vulnerability, which was classified as critical, has been
found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Dormitory Management System
CVE-2024-0474 (A vulnerability classified as critical was found in
code-projects Dorm ...)
- TODO: check
+ NOT-FOR-US: code-projects Dormitory Management System
CVE-2024-0473 (A vulnerability classified as critical has been found in
code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects Dormitory Management System
CVE-2024-0472 (A vulnerability was found in code-projects Dormitory Management
System ...)
- TODO: check
+ NOT-FOR-US: code-projects Dormitory Management System
CVE-2024-0471 (A vulnerability was found in code-projects Human Resource
Integrated S ...)
- TODO: check
+ NOT-FOR-US: code-projects Human Resource Integrated System
CVE-2024-0470 (A vulnerability was found in code-projects Human Resource
Integrated S ...)
- TODO: check
+ NOT-FOR-US: code-projects Human Resource Integrated System
CVE-2024-0469 (A vulnerability was found in code-projects Human Resource
Integrated S ...)
- TODO: check
+ NOT-FOR-US: code-projects Human Resource Integrated System
CVE-2024-0468 (A vulnerability has been found in code-projects Fighting Cock
Informat ...)
- TODO: check
+ NOT-FOR-US: code-projects Fighting Cock Information System
CVE-2024-0251 (The Advanced Woo Search plugin for WordPress is vulnerable to
Reflecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0230 (A session management issue was addressed with improved checks.
This is ...)
- TODO: check
+ NOT-FOR-US: Magic Keyboard Firmware Update
CVE-2023-52289 (An issue was discovered in the flaskcode package through 0.0.8
for Pyt ...)
TODO: check
CVE-2023-52288 (An issue was discovered in the flaskcode package through 0.0.8
for Pyt ...)
TODO: check
CVE-2023-51805 (SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0
allows ...)
- TODO: check
+ NOT-FOR-US: TDuckCLoud tduck-platform
CVE-2023-51804 (An issue in rymcu forest v.0.02 allows a remote attacker to
obtain sen ...)
- TODO: check
+ NOT-FOR-US: rymcu forest
CVE-2023-51698 (Atril is a simple multi-page document viewer. Atril is
vulnerable to a ...)
TODO: check
CVE-2023-51071 (An access control issue in QStar Archive Solutions Release
RELEASE_3-0 ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51070 (An access control issue in QStar Archive Solutions Release
RELEASE_3-0 ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51068 (An authenticated reflected cross-site scripting (XSS)
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51067 (An unauthenticated reflected cross-site scripting (XSS)
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51066 (An authenticated remote code execution vulnerability in QStar
Archive ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51065 (Incorrect access control in QStar Archive Solutions Release
RELEASE_3- ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51064 (QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0
was discov ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51063 (QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0
was discov ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-51062 (An unauthenticated log file read in the component
log-smblog-save of Q ...)
- TODO: check
+ NOT-FOR-US: QStar Archive Solutions Release
CVE-2023-50072 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
OpenKM ver ...)
- TODO: check
+ NOT-FOR-US: OpenKM
CVE-2023-49801 (Lif Auth Server is a server for validating logins, managing
informatio ...)
- TODO: check
+ NOT-FOR-US: Lif Auth Server
CVE-2023-49647 (Improper access control in Zoom Desktop Client for Windows,
Zoom VDI C ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2023-49099 (Discourse is a platform for community discussion. Under very
specific ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-49098 (Discourse-reactions is a plugin that allows user to add their
reaction ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2023-48297 (Discourse is a platform for community discussion. The message
serializ ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-48166 (A directory traversal vulnerability in the SOAP Server
integrated in A ...)
- TODO: check
+ NOT-FOR-US: Unify
CVE-2023-46943 (An issue was discovered in NPM's package @evershop/evershop
before ver ...)
TODO: check
CVE-2023-46942 (Lack of authentication in NPM's package @evershop/evershop
before vers ...)
TODO: check
CVE-2023-42463 (Wazuh is a free and open source platform used for threat
prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2023-33472 (An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606
and bef ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2022-4962 (A vulnerability was found in Apollo 2.0.0/2.0.1 and classified
as prob ...)
- TODO: check
+ NOT-FOR-US: Apollo
CVE-2023-50290
- lucene-solr <not-affected> (Vulnerable code not yet present)
CVE-2023-46749
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0091edd03b70f39f9cf65fb8736c3900e84a3753
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0091edd03b70f39f9cf65fb8736c3900e84a3753
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
