Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e34b99e by Salvatore Bonaccorso at 2024-03-25T09:53:45+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,53 +1,53 @@
CVE-2024-2863 (This vulnerability allows remote attackers to traverse paths
via file ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2024-2862 (This vulnerability allows remote attackers to reset the
password of an ...)
- TODO: check
+ NOT-FOR-US: LG
CVE-2024-29216 (Exposed IOCTL with insufficient access control issue exists in
cg6kwin ...)
- TODO: check
+ NOT-FOR-US: cg6kwin2k.sys
CVE-2024-29194 (OneUptime is a solution for monitoring and managing online
services. T ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2024-29188 (WiX toolset lets developers create installers for Windows
Installer, t ...)
TODO: check
CVE-2024-29187 (WiX toolset lets developers create installers for Windows
Installer, t ...)
TODO: check
CVE-2024-29071 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of
week creden ...)
- TODO: check
+ NOT-FOR-US: HGW BL1500HM
CVE-2024-29034 (CarrierWave is a solution for file uploads for Rails, Sinatra
and othe ...)
TODO: check
CVE-2024-29009 (Cross-site request forgery (CSRF) vulnerability in
easy-popup-show all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28041 (HGW BL1500HM Ver 002.001.013 and earlier allows a
network-adjacent una ...)
- TODO: check
+ NOT-FOR-US: HGW BL1500HM
CVE-2024-24899 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: openEuler aops-zeus
CVE-2024-24897 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: openEuler A-Tune-Collector
CVE-2024-24892 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: openEuler migration-tools
CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: openEuler gala-gopher
CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of
week creden ...)
- TODO: check
+ NOT-FOR-US: HGW BL1500HM
CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable
to Prot ...)
TODO: check
CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not
have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not
validate pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1232 (The CM Download Manager WordPress plugin before 2.9.0 does not
have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1231 (The CM Download Manager WordPress plugin before 2.9.0 does not
have C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37886 (Missing Authorization vulnerability in InspiryThemes
RealHomes.This is ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes
RealHomes.This is ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News,
HashThem ...)
TODO: check
CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has
been classi ...)
TODO: check
CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to
20191222 and ...)
- TODO: check
+ NOT-FOR-US: cyberaz0r WebRAT
CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc]
- ruby3.2 <unfixed>
- ruby3.1 <unfixed>
@@ -56691,7 +56691,7 @@ CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Alexey G ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30480 (Missing Authorization vulnerability in Sparkle WP
Educenter.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-30479
RESERVED
CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant
Newslette ...)
@@ -119788,7 +119788,7 @@ CVE-2018-25045 (Django REST framework (aka
django-rest-framework) before 3.9.1 a
- djangorestframework 3.10.2-1
NOTE:
https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8
(3.9.1)
CVE-2022-36407 (Insertion of Sensitive Information into Log File vulnerability
in Hita ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus
Better Mes ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36386 (Authenticated Arbitrary Code Execution vulnerability in Soflyy
Import ...)
@@ -200168,7 +200168,7 @@ CVE-2021-33634 (iSulad uses the lcr+lxc runtime
(default) to run malicious image
CVE-2021-33633 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
NOT-FOR-US: openEuler aops-ceres
CVE-2021-33632 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in ope ...)
- TODO: check
+ NOT-FOR-US: openEuler iSulad
CVE-2021-33631 (Integer Overflow or Wraparound vulnerability in openEuler
kernel on Li ...)
- linux 6.1.4-1
[bullseye] - linux 5.10.178-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e34b99e23752511db4494622896c7e2d953ac27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e34b99e23752511db4494622896c7e2d953ac27
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
