Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b62f2ac4 by Salvatore Bonaccorso at 2024-04-30T22:44:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,55 +1,55 @@
CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a
Denial of ...)
TODO: check
CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode
user-controlled in ...)
- TODO: check
+ NOT-FOR-US: Adive Framework
CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode
user-controlled in ...)
- TODO: check
+ NOT-FOR-US: Adive Framework
CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its
sub-directories and ...)
- TODO: check
+ NOT-FOR-US: Measuresoft
CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide
enough ...)
TODO: check
CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to
unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the
get_edge() func ...)
TODO: check
CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a
Server-Side Reques ...)
- TODO: check
+ NOT-FOR-US: OneNav
CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the
Advanced Expe ...)
TODO: check
CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before
v.0662e5e allow ...)
- TODO: check
+ NOT-FOR-US: MajorDoMo (aka Major Domestic Module)
CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote
attacker to o ...)
- TODO: check
+ NOT-FOR-US: CSS Exfil Protection
CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote
attacker to o ...)
- TODO: check
+ NOT-FOR-US: CSS Exfil Protection
CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and
before allow ...)
- TODO: check
+ NOT-FOR-US: novel-plus
CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-33332 (An issue discovered in SpringBlade 3.7.1 allows attackers to
obtain se ...)
- TODO: check
+ NOT-FOR-US: SpringBlade
CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android
v.4.5.1 and i ...)
- TODO: check
+ NOT-FOR-US: TVS Motor Company Limited TVS Connet
CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android
v.4.5.1 and i ...)
- TODO: check
+ NOT-FOR-US: TVS Motor Company Limited TVS Connet
CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21
and bef ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields
v.2.2.7 ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and
fixed in v2 ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and
before a ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager
component ...)
TODO: check
CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the
component /pu ...)
- TODO: check
+ NOT-FOR-US: ThinkSAAS
CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the
component /ac ...)
- TODO: check
+ NOT-FOR-US: ThinkSAAS
CVE-2024-2877 (Vault Enterprise, when configured with performance standby
nodes and a ...)
TODO: check
CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to
Server ...)
@@ -61,7 +61,7 @@ CVE-2024-2378 (A vulnerability exists in the
web-authentication component of the
CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response
header web ...)
TODO: check
CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote
attacker to o ...)
- TODO: check
+ NOT-FOR-US: CSS Exfil Protection
CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the
category a ...)
TODO: check
CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote
attacker to ex ...)
@@ -140,7 +140,7 @@ CVE-2024-34044 (The O-RAN E2T I-Release buildPrometheusList
function can have a
CVE-2024-34043 (O-RAN RICAPP kpimon-go I-Release has a segmentation violation
via a ce ...)
NOT-FOR-US: O-RAN
CVE-2024-33522 (In vulnerable versions of Calico (v3.27.2 and below), Calico
Enterpris ...)
- TODO: check
+ NOT-FOR-US: Calico
CVE-2024-33401 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows
a remot ...)
NOT-FOR-US: DedeCMS
CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a
remote at ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62f2ac4682e34b8398a26c1acb62f5c3307d586
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62f2ac4682e34b8398a26c1acb62f5c3307d586
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
