[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 28 Feb 2024 12:59:08 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
852b8d65 by Salvatore Bonaccorso at 2024-02-28T21:58:03+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -43,117 +43,117 @@ CVE-2024-25831 (F-logic DataCube3 Version 1.0 is affected 
by a reflected cross-s
 CVE-2024-25830 (F-logic DataCube3 v1.0 is vulnerable to Incorrect Access 
Control due t ...)
        NOT-FOR-US: F-logic DataCube3
 CVE-2024-25435 (A cross-site scripting (XSS) vulnerability in Md1health 
Md1patient v2. ...)
-       TODO: check
+       NOT-FOR-US: Md1health Md1patient
 CVE-2024-25202 (Cross Site Scripting vulnerability in Phpgurukul User 
Registration & L ...)
-       TODO: check
+       NOT-FOR-US: Phpgurukul User Registration & Login and User Management 
System
 CVE-2024-25170 (An issue in Mezzanine v6.0.0 allows attackers to bypass access 
control ...)
-       TODO: check
+       NOT-FOR-US: Mezzanine
 CVE-2024-25169 (An issue in Mezzanine v6.0.0 allows attackers to bypass access 
control ...)
-       TODO: check
+       NOT-FOR-US: Mezzanine
 CVE-2024-25128 (Flask-AppBuilder is an application development framework, 
built on top ...)
        TODO: check
 CVE-2024-24868 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24708 (Cross-Site Request Forgery (CSRF) vulnerability in W3speedster 
W3SPEED ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24705 (Cross-Site Request Forgery (CSRF) vulnerability in Octa Code 
Accessibi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24702 (Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz 
& Andy S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24701 (Cross-Site Request Forgery (CSRF) vulnerability in Native Grid 
LLC A n ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-24148 (A memory leak issue discovered in parseSWF_FREECHARACTER in 
libming v0 ...)
        TODO: check
 CVE-2024-23519 (Cross-Site Request Forgery (CSRF) vulnerability in M&S 
Consulting Emai ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-22459 (Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 
3.7.0.6, and 3 ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-21749 (Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 
click d ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-20344 (A vulnerability in system resource management in Cisco UCS 
6400 and 65 ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20321 (A vulnerability in the External Border Gateway Protocol (eBGP) 
impleme ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20294 (A vulnerability in the Link Layer Discovery Protocol (LLDP) 
feature of ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20291 (A vulnerability in the access control list (ACL) programming 
for port  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20267 (A vulnerability with the handling of MPLS traffic for Cisco 
NX-OS Soft ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-1965 (Server-Side Request Forgery vulnerability in Haivision's 
Aviwest Manag ...)
-       TODO: check
+       NOT-FOR-US: Haivision's Aviwest Manager and Aviwest Steamhub
 CVE-2024-1954 (The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin 
for Wor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1861 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop 
User Enum ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1860 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop 
User Enum ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1847 (Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds 
Read, Out ...)
-       TODO: check
+       NOT-FOR-US: Solidworks
 CVE-2024-1808 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1791 (The CodeMirror Blocks plugin for WordPress is vulnerable to 
Stored Cro ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1719 (The Easy PayPal & Stripe Buy Now Button plugin for WordPress is 
vulner ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1636 (Potential Cross-Site Scripting (XSS) in the page editing area.)
-       TODO: check
+       NOT-FOR-US: sitefinity-cms
 CVE-2024-1632 (Low-privileged users with access to the Sitefinity backend may 
obtain  ...)
-       TODO: check
+       NOT-FOR-US: sitefinity-cms
 CVE-2024-1566 (The Redirects plugin for WordPress is vulnerable to 
unauthorized modif ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1516 (The WP eCommerce plugin for WordPress is vulnerable to 
unauthorized ar ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1514 (The WP eCommerce plugin for WordPress is vulnerable to 
time-based blin ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1476 (The Under Construction / Maintenance Mode from Acurax plugin 
for WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1368 (The Page Duplicator plugin for WordPress is vulnerable to 
unauthorized ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1136 (The Coming Soon Page & Maintenance Mode plugin for WordPress is 
vulner ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0975 (The WordPress Access Control plugin for WordPress is vulnerable 
to Sen ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0786 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & 
more Via  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0768 (The Envo's Elementor Templates & Widgets for WooCommerce plugin 
for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0767 (The Envo's Elementor Templates & Widgets for WooCommerce plugin 
for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0766 (The Envo's Elementor Templates & Widgets for WooCommerce plugin 
for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0682 (The Page Restrict plugin for WordPress is vulnerable to 
information di ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0680 (The WP Private Content Plus plugin for WordPress is vulnerable 
to info ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0560 (A vulnerability was found in 3Scale, when used with Keycloak 15 
(or RH ...)
-       TODO: check
+       NOT-FOR-US: Red Hat 3scale API gateway
 CVE-2024-0433 (The Gestpay for WooCommerce plugin for WordPress is vulnerable 
to Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0432 (The Gestpay for WooCommerce plugin for WordPress is vulnerable 
to Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0431 (The Gestpay for WooCommerce plugin for WordPress is vulnerable 
to Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6922 (The Under Construction / Maintenance Mode from Acurax plugin 
for WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6917 (A vulnerability has been identified in the Performance Co-Pilot 
(PCP)  ...)
        TODO: check
 CVE-2023-52226 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced 
Flamingo.T ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52223 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite 
MailerLi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-52048 (RuoYi v4.7.8 was discovered to contain a cross-site scripting 
(XSS) vu ...)
        TODO: check
 CVE-2023-52047 (Dedecms v5.7.112 was discovered to contain a Cross-Site 
Request Forger ...)
-       TODO: check
+       NOT-FOR-US: Dedecms
 CVE-2023-51692 (Missing Authorization vulnerability in CusRev Customer Reviews 
for Woo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51683 (Cross-Site Request Forgery (CSRF) vulnerability in Scott 
Paterson Easy ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51681 (Cross-Site Request Forgery (CSRF) vulnerability in Duplicator 
Duplicat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51533 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid 
Ecommerce Ecw ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25065 (Possible path traversal in Apache OFBiz allowing 
authentication bypass ...)
        NOT-FOR-US: Apache OFBiz
 CVE-2024-23946 (Possible path traversal in Apache OFBiz allowing file 
inclusion. Users ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/852b8d6524878edf4cd7be9b0663e8eeccd04797

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/852b8d6524878edf4cd7be9b0663e8eeccd04797
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to