Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c915f71 by Salvatore Bonaccorso at 2024-05-18T11:48:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,15 +23,15 @@ CVE-2024-3810 (The Salient Shortcodes plugin for WordPress
is vulnerable to Loca
CVE-2024-3714 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2024-35313 (In Tor Arti before 1.2.3, circuits sometimes incorrectly have
a length ...)
- TODO: check
+ NOT-FOR-US: Tor Arti
CVE-2024-35312 (In Tor Arti before 1.2.3, STUB circuits incorrectly have a
length of 2 ...)
- TODO: check
+ NOT-FOR-US: Tor Arti
CVE-2024-2782 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and
Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2772 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and
Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2771 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and
Drag & D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23583 (An attacker could potentially intercept credentials via the
task manag ...)
TODO: check
CVE-2024-23556 (SSL/TLS Renegotiation functionality potentially leading to DoS
attack ...)
@@ -498,121 +498,121 @@ CVE-2024-35173 (Missing Authorization vulnerability in
PluginEver Serial Numbers
CVE-2024-34997 (joblib v1.4.2 was discovered to contain a deserialization
vulnerabilit ...)
TODO: check
CVE-2024-34982 (An arbitrary file upload vulnerability in the component
/include/file. ...)
- TODO: check
+ NOT-FOR-US: lylme_spage
CVE-2024-34959 (DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS)
via sys_d ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2024-34919 (An arbitrary file upload vulnerability in the component
\modstudent\co ...)
- TODO: check
+ NOT-FOR-US: Pisay Online E-Learning System
CVE-2024-34809 (Cross-Site Request Forgery (CSRF) vulnerability in Extend
Themes Empow ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-34807 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard
Fast Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34806 (Cross-Site Request Forgery (CSRF) vulnerability in Creative
Motion Cle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34756 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks
Integrati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34755 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks
Integrati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34434 (Incorrect Authorization vulnerability in realmag777 WordPress
Meta Dat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34370 (Improper Privilege Management vulnerability in WPFactory EAN
for WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34241 (A cross-site scripting (XSS) vulnerability in Rocketsoft
Rocket LMS 1. ...)
- TODO: check
+ NOT-FOR-US: Rocketsoft Rocket LMS
CVE-2024-34058 (The WebTop package for NethServer 7 and 8 allows stored XSS
(for examp ...)
TODO: check
CVE-2024-33917 (Authentication Bypass by Spoofing vulnerability in
webtechideas WTI Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33644 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33569 (Improper Privilege Management vulnerability in Darren Cooney
Instant I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33567 (Improper Privilege Management vulnerability in UkrSolution
Barcode Sca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33552 (Improper Privilege Management vulnerability in 8theme XStore
Core allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33550 (Improper Privilege Management vulnerability in JR King/Eran
Schoellhor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33549 (Improper Privilege Management vulnerability in AA-Team WZone
allows Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32960 (Improper Privilege Management vulnerability in Booking Ultra
Pro allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32959 (Improper Privilege Management vulnerability in Sirv allows
Privilege E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32830 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32827 (Authentication Bypass by Spoofing vulnerability in RafflePress
Giveawa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32809 (Unrestricted Upload of File with Dangerous Type vulnerability
in JumpD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32802 (Missing Authorization vulnerability in WordPlus BP Better
Messages all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32790 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32786 (Authentication Bypass by Spoofing vulnerability in WP Royal
Royal Elem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32774 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32720 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32708 (Authentication Bypass by Spoofing vulnerability in helderk
Maintenance ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32692 (Missing Authorization vulnerability in QuanticaLabs Chauffeur
Taxi Boo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32685 (Client-Side Enforcement of Server-Side Security vulnerability
in Wpmet ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32680 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32523 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32521 (Client-Side Enforcement of Server-Side Security vulnerability
in Highf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32512 (Client-Side Enforcement of Server-Side Security vulnerability
in weFor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32511 (Improper Privilege Management vulnerability in Astoundify
Simple Regis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32507 (Improper Privilege Management vulnerability in Hamid Alinia
\u2013 ide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32131 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31974 (The com.solarized.firedown (aka Solarized FireDown Browser &
Downloade ...)
- TODO: check
+ NOT-FOR-US: com.solarized.firedown (aka Solarized FireDown Browser &
Downloader) application for Android
CVE-2024-31341 (Insufficient Verification of Data Authenticity vulnerability
in Cozmos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31300 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31295 (Guessable CAPTCHA vulnerability in BestWebSoft Captcha by
BestWebSoft ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31290 (Improper Privilege Management vulnerability in CodeRevolution
Demo My ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31281 (Missing Authorization vulnerability in Andy Moyle Church Admin
church- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31237 (Improper Privilege Management vulnerability in WP Sharks
s2Member Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31232 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31231 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30542 (Improper Privilege Management vulnerability in Wholesale
WholesaleX al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30540 (Guessable CAPTCHA vulnerability in Guido VS Contact Form
allows Functi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30527 (Improper Validation of Specified Quantity in Input
vulnerability in Ti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30522 (Authentication Bypass by Spoofing vulnerability in Stefano
Lissa & The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30509 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30480 (Authentication Bypass by Spoofing vulnerability in Pippin
Williamson C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30479 (Authentication Bypass by Spoofing vulnerability in LionScripts
IP Bloc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27971 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27955 (Cross-Site Request Forgery (CSRF) vulnerability in WP
Automatic Automa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27954 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-27436 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.7.12-1
[bookworm] - linux 6.1.85-1
@@ -795,19 +795,19 @@ CVE-2024-27402 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.82-1
NOTE:
https://git.kernel.org/linus/7d2a894d7f487dcb894df023e9d3014cf5b93fe5 (6.8-rc6)
CVE-2024-25906 (Authentication Bypass by Spoofing vulnerability in WP Happy
Coders Com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-25595 (Authentication Bypass by Spoofing vulnerability in WPMU DEV
Defender S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24934 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24882 (Improper Privilege Management vulnerability in Masteriyo LMS
allows Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24874 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24873 (: Improper Control of Interaction Frequency vulnerability in
CodePeopl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24869 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24715 (Improper Validation of Specified Quantity in Input
vulnerability in Th ...)
TODO: check
CVE-2024-23522 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
@@ -1549,9 +1549,9 @@ CVE-2024-35299 (In JetBrains YouTrack before 2024.1.29548
the SMTPS protocol com
CVE-2024-35187 (Stalwart Mail Server is an open-source mail server. Prior to
version 0 ...)
NOT-FOR-US: Stalwart Mail Server
CVE-2024-35185 (Minder is a software supply chain security platform. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Minder by Stacklok
CVE-2024-35184 (Paperless-ngx is a document management system that transforms
physical ...)
- TODO: check
+ NOT-FOR-US: Paperless-ngx
CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git
authenti ...)
TODO: check
CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6
has a den ...)
@@ -1567,7 +1567,7 @@ CVE-2024-34905 (FlyFish v3.0.0 was discovered to contain
a buffer overflow via t
CVE-2024-34808 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: Samuel Marshall JCH Optimize
CVE-2024-34805 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-34760 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee
Order Exp ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c915f71ef34dddb2e2a77c5cf83797a9441451e
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c915f71ef34dddb2e2a77c5cf83797a9441451e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
