Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1008259e by Salvatore Bonaccorso at 2024-06-02T08:36:55+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2024-5348 (The Elements For Elementor plugin for WordPress is vulnerable
to Local ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4148 (A Regular Expression Denial of Service (ReDoS) vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: lunary-ai/lunary
CVE-2024-3821 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables &
Table C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3820 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables &
Table C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3200 (The wpForo Forum plugin for WordPress is vulnerable to SQL
Injection v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare
Uploadca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
- plasma-workspace 4:5.27.11.1-1
NOTE: https://kde.org/info/security/advisory-20240531-1.txt
@@ -57,11 +57,11 @@ CVE-2024-2933 (The Page Builder Gutenberg Blocks \u2013
CoBlocks plugin for Word
CVE-2024-2506 (The Popup Builder \u2013 Create highly converting, mobile
friendly mar ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2295 (The Contact Form Manager plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1324 (The QQWorld Auto Save Images plugin for WordPress is vulnerable
to una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6382 (The Master Slider \u2013 Responsive Touch Slider plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5565 (The Vanna library uses a prompt function to present the user
with visu ...)
TODO: check
CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local
maliciou ...)
@@ -146,29 +146,29 @@ CVE-2024-29822 (An unspecified SQL Injection
vulnerability in Core server of Iva
CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a
local attack ...)
NOT-FOR-US: Debezium Community debezium-ui
CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is
vulnera ...)
- TODO: check
+ NOT-FOR-US: Rejetto HTTP File Server
CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess,
all versio ...)
TODO: check
CVE-2024-22338 (IBM Security Verify Access OIDC Provider 22.09 through 23.03
could dis ...)
NOT-FOR-US: IBM
CVE-2024-22060 (An unrestricted file upload vulnerability in web component of
Ivanti N ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-22059 (A SQL injection vulnerability in web component of Ivanti
Neurons for I ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-22058 (A buffer overflow allows a low privilege user on the local
machine tha ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-1980
REJECTED
CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch
Ally Co ...)
- TODO: check
+ NOT-FOR-US: Baxter Welch Ally Connex Spot Monitor
CVE-2023-7073 (The Auto Featured Image (Auto Post Thumbnail) plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46810 (A local privilege escalation vulnerability in Ivanti Secure
Access Cli ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-38551 (A CRLF Injection vulnerability in Ivanti Connect Secure (9.x,
22.x) al ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2023-38042 (A local privilege escalation vulnerability in Ivanti Secure
Access Cli ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks
affecting ve ...)
NOT-FOR-US: Astrotalks
CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting
version 10/ ...)
@@ -204,7 +204,7 @@ CVE-2024-32850 (Improper neutralization of special elements
used in a command ('
CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management
\u2013 ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and
Unifier Cast ...)
- TODO: check
+ NOT-FOR-US: Unifier and Unifier Cast
CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where
an Atta ...)
TODO: check
CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to
125.0.642 ...)
@@ -343,15 +343,15 @@ CVE-2024-32029
CVE-2024-2657 (The Font Farsi plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2422 (LenelS2 NetBox access control and event monitoring system was
discover ...)
- TODO: check
+ NOT-FOR-US: LenelS2 NetBox
CVE-2024-2421 (LenelS2 NetBox access control and event monitoring system was
discover ...)
- TODO: check
+ NOT-FOR-US: LenelS2 NetBox
CVE-2024-2420 (LenelS2 NetBox access control and event monitoring system was
discover ...)
- TODO: check
+ NOT-FOR-US: LenelS2 NetBox
CVE-2024-2089 (The Remote Content Shortcode plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1100 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Vadi Corporate Information Systems DIGIKENT GIS
CVE-2024-36959 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.8.11-1
NOTE:
https://git.kernel.org/linus/a0cedbcc8852d6c77b00634b81e41f17f29d9404 (6.9-rc7)
@@ -82907,7 +82907,7 @@ CVE-2023-30316
CVE-2023-30315
RESERVED
CVE-2023-30314 (An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1
routers a ...)
- TODO: check
+ NOT-FOR-US: 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers
CVE-2023-30313 (An issue discovered in Wavlink QUANTUM D2G routers allows
attackers to ...)
NOT-FOR-US: Wavlink QUANTUM D2G routers
CVE-2023-30312 (An issue discovered in routers running Openwrt 18.06, 19.07,
21.02, 22 ...)
@@ -178415,9 +178415,9 @@ CVE-2022-25040
CVE-2022-25039
RESERVED
CVE-2022-25038 (wanEditor v4.7.11 was discovered to contain a cross-site
scripting (XS ...)
- TODO: check
+ NOT-FOR-US: wanEditor
CVE-2022-25037 (An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5
was discov ...)
- TODO: check
+ NOT-FOR-US: wanEditor
CVE-2022-25036
RESERVED
CVE-2022-25035
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1008259e86f8774b09a2a19529f8ae7da717f7a7
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1008259e86f8774b09a2a19529f8ae7da717f7a7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
