Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5b28e94c by Salvatore Bonaccorso at 2024-03-07T21:36:04+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2024-2245 (Cross-Site Scripting vulnerability in moziloCMS version 2.0. By
sendin ...)
- TODO: check
+ NOT-FOR-US: moziloCMS
CVE-2024-2241 (Improper access control in the user interface in Devolutions
Workspace ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2024-2136 (The WPKoi Templates for Elementor plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2128 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia,
Embed You ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2127 (The Page Builder: Pagelayer \u2013 Drag and Drop website
builder plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28230 (In JetBrains YouTrack before 2024.1.25893 attaching/detaching
workflow ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2024-28229 (In JetBrains YouTrack before 2024.1.25893 user without
appropriate per ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2024-28228 (In JetBrains YouTrack before 2024.1.25893 creation comments on
behalf ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2024-27733 (File Upload vulnerability in Byzro Network Smart s42
Management Platfo ...)
- TODO: check
+ NOT-FOR-US: Byzro Network Smart s42 Management Platform
CVE-2024-22752 (Insecure permissions issue in EaseUS MobiMover 6.0.5 Build
21620 allow ...)
- TODO: check
+ NOT-FOR-US: EaseUS MobiMover
CVE-2024-22256 (VMware Cloud Director contains a partial information
disclosure vulner ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2024-1931 (NLnet Labs Unbound version 1.18.0 up to and including version
1.19.1 c ...)
TODO: check
CVE-2024-1773 (The PDF Invoices and Packing Slips For WooCommerce plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1725 (A flaw was found in the kubevirt-csi component of OpenShift
Virtualiza ...)
TODO: check
CVE-2024-1534 (The Booster for WooCommerce plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1442 (A user with the permissions to create a data source can use
Grafana AP ...)
TODO: check
CVE-2024-1382 (The Restaurant Reservations plugin for WordPress is vulnerable
to Loca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1351 (Under certain configurations of --tlsCAFile and tls.CAFile,
MongoDB Se ...)
TODO: check
CVE-2024-1170 (The Post Form \u2013 Registration Form \u2013 Profile Form for
User Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1169 (The Post Form \u2013 Registration Form \u2013 Profile Form for
User Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0917 (remote code execution in paddlepaddle/paddle 2.6.0)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2024-0818 (Arbitrary File Overwrite Via Path Traversal in
paddlepaddle/paddle bef ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2024-0203 (The Digits plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48725 (A stack-based buffer overflow vulnerability exists in the JSON
Parsing ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2023-47691 (Missing Authorization vulnerability in Podlove Podlove Web
Player.This ...)
TODO: check
CVE-2023-42662 (JFrog Artifactory versions 7.59 and above, but below 7.59.18,
7.63.18, ...)
@@ -81,13 +81,13 @@ CVE-2024-28212 (nGrinder before 3.5.9 uses old version of
SnakeYAML, which could
CVE-2024-28211 (nGrinder before 3.5.9 allows connection to malicious JMX/RMI
server by ...)
NOT-FOR-US: nGrinder
CVE-2024-28111 (Canarytokens helps track activity and actions on a network.
Canarytoke ...)
- TODO: check
+ NOT-FOR-US: Canarytokens
CVE-2024-28110 (Go SDK for CloudEvents is the official CloudEvents SDK to
integrate ap ...)
TODO: check
CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using
python-cryp ...)
TODO: check
CVE-2024-28101 (The Apollo Router is a graph router written in Rust to run a
federated ...)
- TODO: check
+ NOT-FOR-US: Apollo Router
CVE-2024-28097 (Calendar functionality in Schoolbox application before
version 23.1.3 ...)
NOT-FOR-US: Schoolbox application
CVE-2024-28096 (Class functionality in Schoolbox application before version
23.1.3 is ...)
@@ -107,13 +107,13 @@ CVE-2024-27933 (Deno is a JavaScript, TypeScript, and
WebAssembly runtime. In ve
CVE-2024-27932 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Starting in ...)
NOT-FOR-US: Deno
CVE-2024-27927 (RSSHub is an open source RSS feed generator. Prior to version
1.0.0-ma ...)
- TODO: check
+ NOT-FOR-US: RSSHub
CVE-2024-27926 (RSSHub is an open source RSS feed generator. Starting in
version 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: RSSHub
CVE-2024-27923 (Grav is a content management system (CMS). Prior to version
1.7.43, us ...)
NOT-FOR-US: Grav CMS
CVE-2024-27922 (TOMP Bare Server implements the TompHTTP bare server. A
vulnerability ...)
- TODO: check
+ NOT-FOR-US: TOMP Bare Server
CVE-2024-27918 (Coder allows oragnizations to provision remote development
environment ...)
TODO: check
CVE-2024-26566 (An issue in Cute Http File Server v.3.1 allows a remote
attacker to es ...)
@@ -131,9 +131,9 @@ CVE-2024-1506 (The Prime Slider \u2013 Addons For Elementor
plugin for WordPress
CVE-2024-1500 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1460 (MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory
Leak vul ...)
- TODO: check
+ NOT-FOR-US: MSI Afterburner
CVE-2024-1443 (MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of
Service vuln ...)
- TODO: check
+ NOT-FOR-US: MSI Afterburner
CVE-2024-1419 (The The Plus Addons for Elementor plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-1377 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
@@ -141,9 +141,9 @@ CVE-2024-1377 (The Happy Addons for Elementor plugin for
WordPress is vulnerable
CVE-2024-1366 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-0817 (Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2024-0815 (Command injection in paddle.utils.download._wget_download
(bypass filt ...)
- TODO: check
+ NOT-FOR-US: PaddlePaddle
CVE-2023-51395 (The vulnerability described by CVE-2023-0972 has been
additionally dis ...)
NOT-FOR-US: Silicon Labs
CVE-2023-51281 (Cross Site Scripting vulnerability in Customer Support System
v.1.0 al ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b28e94ce3442720cd9526cb77b300e9415db70a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b28e94ce3442720cd9526cb77b300e9415db70a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
