Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dae61f40 by Salvatore Bonaccorso at 2024-04-26T15:47:16+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,19 +12,19 @@ CVE-2024-3890 (The Happy Addons for Elementor plugin for
WordPress is vulnerable
CVE-2024-3678 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3265 (The Advanced Search WordPress plugin through 1.1.6 does not
properly e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3188 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress
plugin b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3075 (The MM-email2image WordPress plugin through 0.2.5 does not
validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3060 (The ENL Newsletter WordPress plugin through 1.0.1 does not
sanitize an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3059 (The ENL Newsletter WordPress plugin through 1.0.1 does not have
CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3058 (The ENL Newsletter WordPress plugin through 1.0.1 does not have
CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3048 (The Bannerlid WordPress plugin through 1.1.0 does not escape
generated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33673 (An issue was discovered in Veritas Backup Exec before 22.2
HotFix 9173 ...)
NOT-FOR-US: Veritas
CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The
Multi-Th ...)
@@ -32,9 +32,9 @@ CVE-2024-33672 (An issue was discovered in Veritas NetBackup
before 10.4. The Mu
CVE-2024-33671 (An issue was discovered in Veritas Backup Exec before 22.2
HotFix 9173 ...)
NOT-FOR-US: Veritas
CVE-2024-33670 (Passbolt API before 4.6.2 allows HTML injection in a URL
parameter, re ...)
- TODO: check
+ NOT-FOR-US: Passbolt API
CVE-2024-33669 (An issue was discovered in Passbolt Browser Extension before
4.6.2. It ...)
- TODO: check
+ NOT-FOR-US: Passbolt Browser Extension
CVE-2024-33668 (An issue was discovered in Zammad before 6.3.0. The Zammad
Upload Cach ...)
TODO: check
CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An
authenticated agent ...)
@@ -48,21 +48,21 @@ CVE-2024-33664 (python-jose through 3.3.0 allows attackers
to cause a denial of
CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH
ECDSA k ...)
TODO: check
CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is
not index. ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew
Fries MF Gi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33650 (Cross-Site Request Forgery (CSRF) vulnerability in Cryout
Creations Se ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33642 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33639 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33638 (Cross-Site Request Forgery (CSRF) vulnerability in Brijesh
Kothari Sma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based
One-Time-Pass ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2024-32651 (changedetection.io is an open source web page change
detection, websit ...)
TODO: check
CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer
relate ...)
@@ -72,33 +72,33 @@ CVE-2024-32404 (Server-Side Template Injection (SSTI)
vulnerability in inducer r
CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation
violation, whic ...)
TODO: check
CVE-2024-31610 (File Upload vulnerability in the function for employees to
upload avat ...)
- TODO: check
+ NOT-FOR-US: Code-Projects Simple School Management System
CVE-2024-31609 (Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10
allows attac ...)
- TODO: check
+ NOT-FOR-US: BOSSCMS
CVE-2024-2920 (The WP-Members Membership Plugin plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2908 (The Call Now Button WordPress plugin before 1.4.7 does not
sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2837 (The WP Chat App WordPress plugin before 3.6.4 does not sanitise
and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2603 (The Salon booking system WordPress plugin through 9.6.5 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2439 (The Salon booking system WordPress plugin through 9.6.5 does
not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2429 (The Salon booking system WordPress plugin through 9.6.5 does
not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2310 (The WP Google Review Slider WordPress plugin before 13.6 does
not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2159 (The Social Sharing Plugin WordPress plugin before 3.3.61 does
not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22633 (Setor Informatica Sistema Inteligente para Laboratorios
(S.I.L.) 388 w ...)
- TODO: check
+ NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios
(S.I.L.)
CVE-2024-22632 (Setor Informatica Sistema Inteligente para Laboratorios
(S.I.L.) 388 w ...)
- TODO: check
+ NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios
(S.I.L.)
CVE-2024-0916 (Unauthenticatedfile upload allows remote code execution. This
issue af ...)
TODO: check
CVE-2024-0905 (The Fancy Product Designer WordPress plugin before 6.1.8 does
not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6116 (Team ENVY, a Security Research TEAM has found a flaw that
allows for a ...)
TODO: check
CVE-2023-6096 (Vladimir Kononovich, a Security Researcher has found a flaw
that using ...)
@@ -241,7 +241,7 @@ CVE-2024-22391 (A heap-based buffer overflow vulnerability
exists in the LookupT
CVE-2024-22373 (An out-of-bounds write vulnerability exists in the
JPEG2000Codec::Deco ...)
TODO: check
CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1347 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- gitlab <unfixed>
CVE-2023-52220 (Missing Authorization vulnerability in MonsterInsights Google
Analytic ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dae61f409f2e771cd2416a40ec6ea96feb4a02c6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dae61f409f2e771cd2416a40ec6ea96feb4a02c6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
