Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23af76fd by Salvatore Bonaccorso at 2024-04-10T08:37:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -239,7 +239,7 @@ CVE-2024-2027 (The Real Media Library: Media Library Folder
& File Manager plugi
CVE-2024-2026 (The Passster plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2018 (The WP Activity Log Premium plugin for WordPress is vulnerable
to SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-29993 (Azure CycleCloud Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-29992 (Azure Identity Library for .NET Information Disclosure
Vulnerability)
@@ -582,167 +582,167 @@ CVE-2024-20669 (Secure Boot Security Feature Bypass
Vulnerability)
CVE-2024-20665 (BitLocker Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-1999 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder
Features pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1991 (The RegistrationMagic \u2013 Custom Registration Forms, User
Registrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1990 (The RegistrationMagic \u2013 Custom Registration Forms, User
Registrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1984 (The Graphene theme for WordPress is vulnerable to unauthorized
access ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-1974 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1960 (The ShopLentor \u2013 WooCommerce Builder for Elementor &
Gutenberg +1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1948 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1934 (The WP Compress \u2013 Image Optimizer plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1904 (The MasterStudy LMS plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1893 (The Easy Property Listings plugin for WordPress is vulnerable
to time- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1852 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1850 (The AI Post Generator | AutoWriter plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1813 (The Simple Job Board plugin for WordPress is vulnerable to PHP
Object ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1812 (The Everest Forms plugin for WordPress is vulnerable to
Server-Side Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1794 (The Forminator plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1792 (The CMB2 plugin for WordPress is vulnerable to PHP Object
Injection in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1790 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1774 (The Customily Product Personalizer plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1641 (The Accordion plugin for WordPress is vulnerable to
unauthorized acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1637 (The 360 Javascript Viewer plugin for WordPress is vulnerable to
unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1587 (The Newsmatic theme for WordPress is vulnerable to Sensitive
Informati ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-1571 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1498 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1466 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1465 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1464 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1463 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1461 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1458 (The Elementor Addons by Livemesh plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1424 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1412 (The Memberpress plugin for WordPress is vulnerable to Reflected
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1387 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1352 (The Classified Listing \u2013 Classified ads & Business
Directory Plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1315 (The Classified Listing \u2013 Classified ads & Business
Directory Plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1308 (The WooCommerce Cloak Affiliate Links plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1289 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0952 (The WP ERP | Complete HR solution with recruitment & job
listings | Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0899 (The s2Member \u2013 Best Membership Plugin for All Kinds of
Membership ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0873 (The Watu Quiz plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0872 (The Watu Quiz plugin for WordPress is vulnerable to Sensitive
Informat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0826 (The Qi Addons For Elementor plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0662 (The FancyBox for WordPress plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0626 (The WooCommerce Clover Payment Gateway plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0598 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder
Features pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0588 (The Paid Memberships Pro \u2013 Content Restriction, User
Registration ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0376 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7046 (The WP Encryption \u2013 One Click Free SSL Certificate & SSL /
HTTPS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6999 (The Pods \u2013 Custom Content Types and Fields plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6993 (The Custom post types, Custom Fields & more plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6967 (The Pods \u2013 Custom Content Types and Fields plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6965 (The Pods \u2013 Custom Content Types and Fields plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6964 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder
Features pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6799 (The WP Reset \u2013 Most Advanced WordPress Reset Tool plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6777 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6695 (The Beaver Themer plugin for WordPress is vulnerable to
Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6694 (The Beaver Themer plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6486 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6320 (A command injection vulnerability exists in the
com.webos.service.conn ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2023-6319 (A command injection vulnerability exists in the
getAudioMetadatamethod ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2023-6318 (A command injection vulnerability exists in the
processAnalyticsReport ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2023-6317 (A prompt bypass exists in the secondscreen.gateway service
running on ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2023-50821 (A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All
version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-49913 (A stack-based buffer overflow vulnerability exists in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49912 (A stack-based buffer overflow vulnerability exists in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49911 (A stack-based buffer overflow vulnerability exists in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49910 (A stack-based buffer overflow vulnerability exists in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49909 (A stack-based buffer overflow vulnerability exists in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49908 (A stack-based buffer overflow vulnerability exists in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49907 (A stack-based buffer overflow vulnerability exists in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49906 (A stack-based buffer overflow vulnerability exists in the web
interfac ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49134 (A command execution vulnerability exists in the tddpd
enable_test_mode ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49133 (A command execution vulnerability exists in the tddpd
enable_test_mode ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-49074 (A denial of service vulnerability exists in the TDDP
functionality of ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-48784 (Ause of externally-controlled format string vulnerability
[CWE-134] in ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-48724 (A memory corruption vulnerability exists in the web interface
function ...)
- TODO: check
+ NOT-FOR-US: Tp-Link
CVE-2023-47542 (A improper neutralization of special elements used in a
template engin ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-47541 (An improper limitation of a pathname to a restricted directory
('path ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-47540 (An improper neutralization of special elements used in an os
command ( ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-45590 (An improper control of generation of code ('code injection')
in Fortin ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy
7.4.0, 7 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2022-4965 (The Invitation Code Content Restriction Plugin from
CreativeMinds plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2201 [Native Branch History Injection]
- linux <unfixed>
- xen <unfixed>
@@ -847,13 +847,13 @@ CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to
contain a NullPointerExcep
CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a
NullPointerException via ...)
- libjfreechart-java <unfixed>
CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does
not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss
EAP, wher ...)
TODO: check
CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI,
where a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA ChatRTX
CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI,
where a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA ChatRTX
CVE-2024-25743
- linux <unfixed>
NOTE:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html
@@ -947,7 +947,7 @@ CVE-2024-27895 (Vulnerability of permission control in the
window module. Succes
CVE-2024-26574 (Insecure Permissions vulnerability in Wondershare Filmora
v.13.0.51 al ...)
NOT-FOR-US: Wondershare Filmora
CVE-2024-24279 (An issue in secdiskapp 1.5.1 (management program for NewQ
Fingerprint ...)
- TODO: check
+ NOT-FOR-US: secdiskapp
CVE-2024-23192 (RSS feeds that contain malicious data- attributes could be
abused to i ...)
NOT-FOR-US: Open-Xchange
CVE-2024-23191 (Upsell advertisement information of an account can be
manipulated to e ...)
@@ -72478,9 +72478,9 @@ CVE-2023-1085
CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- gitlab 15.10.8+ds1-2
CVE-2023-1083 (An unauthenticated remote attacker who is aware of aMQTT topic
name c ...)
- TODO: check
+ NOT-FOR-US: Welotec
CVE-2023-1082 (An remote attacker with low privileges can perform a command
injection ...)
- TODO: check
+ NOT-FOR-US: Welotec
CVE-2023-27296 (Deserialization of Untrusted Data vulnerability in Apache
Software Fou ...)
NOT-FOR-US: Apache InLong
CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure
to requi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23af76fd71890567745cf29448fef58a03f7bf73
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23af76fd71890567745cf29448fef58a03f7bf73
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
