Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f3b9ece by Salvatore Bonaccorso at 2024-03-25T21:54:38+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,29 +25,29 @@ CVE-2024-30202 (In Emacs before 29.3, arbitrary Lisp code
is evaluated as part o
NOTE: https://list.orgmode.org/[email protected]/T/#t
NOTE:
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9
CVE-2024-2865 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Mergen Software Quality Management System
CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring
platform syst ...)
- TODO: check
+ NOT-FOR-US: Vehicle Monitoring platform system CMSV6
CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote
attacker ...)
TODO: check
CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote
authentica ...)
- TODO: check
+ NOT-FOR-US: Lepton CMS
CVE-2024-29025 (Netty is an asynchronous event-driven network application
framework fo ...)
TODO: check
CVE-2024-28850 (WP Crontrol controls the cron events on WordPress websites.
WP Crontr ...)
- TODO: check
+ NOT-FOR-US: WP Crontrol
CVE-2024-28435 (The CRM platform Twenty version 0.3.0 is vulnerable to SSRF
via file u ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2024-28434 (The CRM platform Twenty is vulnerable to stored cross site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2024-28393 (SQL injection vulnerability in scalapay v.1.2.41 and before
allows a r ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28387 (An issue in axonaut v.3.1.23 and before allows a remote
attacker to ob ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28386 (An issue in Home-Made.io fastmagsync v.1.7.51 and before
allows a remo ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-28246 (KaTeX is a JavaScript library for TeX math rendering on the
web. Code ...)
TODO: check
CVE-2024-28245 (KaTeX is a JavaScript library for TeX math rendering on the
web. KaTeX ...)
@@ -59,27 +59,27 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX math
rendering on the web.
CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs
supported on W ...)
TODO: check
CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28106 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-28105 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-27300 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-27299 (phpMyFAQ is an open source FAQ web application for PHP 8.1+
and MySQL, ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2024-25964 (Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert
timing ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2024-25175 (An issue in Kickdler before v1.107.0 allows attackers to
provide an XS ...)
- TODO: check
+ NOT-FOR-US: Kickdler
CVE-2024-25002 (Command Injection in the diagnostics interface of the Bosch
Network Sy ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2023-48296 (OroPlatform is a PHP Business Application Platform (BAP).
Navigation ...)
- TODO: check
+ NOT-FOR-US: OroPlatform
CVE-2023-45824 (OroPlatform is a PHP Business Application Platform (BAP). A
logged in ...)
- TODO: check
+ NOT-FOR-US: OroPlatform
CVE-2021-47180 (In the Linux kernel, the following vulnerability has been
resolved: N ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.46-1
@@ -330,9 +330,9 @@ CVE-2023-37886 (Missing Authorization vulnerability in
InspiryThemes RealHomes.T
CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes
RealHomes.This is ...)
NOT-FOR-US: WordPress theme
CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News,
HashThem ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has
been classi ...)
- TODO: check
+ NOT-FOR-US: AwesomestCode LiveBot
CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to
20191222 and ...)
NOT-FOR-US: cyberaz0r WebRAT
CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc]
@@ -66013,7 +66013,7 @@ CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi)
vulnerability in TransbankDe
CVE-2023-27609
RESERVED
CVE-2023-27608 (Missing Authorization vulnerability in WP Swings Points and
Rewards fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27607 (Missing Authorization vulnerability in WP Swings Points and
Rewards fo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad
Hossain WP R ...)
@@ -73550,7 +73550,7 @@ CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ct
CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25039 (Missing Authorization vulnerability in CodePeople Google Maps
CP.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For
the visu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25037
@@ -80969,7 +80969,7 @@ CVE-2023-22701
CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in
PixelYourSite Pixel ...)
NOT-FOR-US: PixelYourSite
CVE-2023-22699 (Missing Authorization vulnerability in MainWP MainWP Wordfence
Extensi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Jason ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22697
@@ -91064,7 +91064,7 @@ CVE-2022-45853 (The privilege escalation vulnerability
in the Zyxel GS1900-8 fir
CVE-2022-45852
RESERVED
CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis
Dashboard f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45850
RESERVED
CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
@@ -92715,7 +92715,7 @@ CVE-2022-45358 (Auth. (subscriber+) Reflected
Cross-Site Scripting (XSS) vulnera
CVE-2022-45357 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45356 (Missing Authorization vulnerability in Muffingroup
Betheme.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress
WP Pipe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45354 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
@@ -92723,13 +92723,13 @@ CVE-2022-45354 (Exposure of Sensitive Information to
an Unauthorized Actor vulne
CVE-2022-45353 (Broken Access Control inBetheme theme <= 26.6.1 on WordPress.)
NOT-FOR-US: WordPress theme
CVE-2022-45352 (Missing Authorization vulnerability in Muffingroup
Betheme.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45351 (Missing Authorization vulnerability in Muffingroup
Betheme.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45350 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45349 (Missing Authorization vulnerability in Muffingroup
Betheme.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2022-45348 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as
databas ...)
@@ -95739,7 +95739,7 @@ CVE-2022-44628 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole
Simple S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44626 (Missing Authorization vulnerability in Squirrly SEO Plugin by
Squirrly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44625 (Auth. (admin+) Stored Cross-Site Scripting') vulnerability in
Zephilou ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password
parameters coul ...)
@@ -106082,7 +106082,7 @@ CVE-2022-38141 (Missing Authorization vulnerability
in Zorem Sales Report Email
CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social
Login WP plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38057 (Missing Authorization vulnerability in ThemeHunk Advance
WordPress Sea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-38055
RESERVED
CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG
Tags Li ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3b9ecebe7e7eab3e6f6cb589ad2b18107c6dcf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f3b9ecebe7e7eab3e6f6cb589ad2b18107c6dcf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
