Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
398982e4 by Salvatore Bonaccorso at 2024-06-04T20:36:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2024-4274 (The Essential Real Estate plugin for WordPress
is vulnerable to u
CVE-2024-4273 (The Essential Real Estate plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4253 (A command injection vulnerability exists in the
gradio-app/gradio repo ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2024-4180 (The Events Calendar WordPress plugin before 6.4.0.1 does not
properly ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4057 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin
before 3. ...)
@@ -231,35 +231,35 @@ CVE-2024-23665 (Multiple improper authorization
vulnerabilities [CWE-285] in For
CVE-2024-23664 (A URL redirection to untrusted site ('open redirect') in
Fortinet Fort ...)
NOT-FOR-US: FortiGuard
CVE-2024-23363 (Transient DOS while processing an improperly formatted Fine
Time Measu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-23360 (Memory corruption while creating a LPAC client as LPAC engine
was allo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-21478 (transient DOS when setting up a fence callback to free a KGSL
memory e ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-0336 (Improper Access Control vulnerability in EMTA Grup PDKS allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: EMTA Grup PDKS
CVE-2023-52162 (Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build
221019) is ...)
- TODO: check
+ NOT-FOR-US: Mercusys MW325R EU V3
CVE-2023-51219 (A deep link validation issue in KakaoTalk 10.4.3 allowed a
remote adve ...)
- TODO: check
+ NOT-FOR-US: KakaoTalk
CVE-2023-43556 (Memory corruption in Hypervisor when platform information
mentioned is ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43555 (Information disclosure in Video while parsing mp2 clip with
invalid se ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43551 (Cryptographic issue while performing attach with a LTE
network, a rogu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43545 (Memory corruption when more scan frequency list or channels
are sent f ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43544 (Memory corruption when IPC callback handle is used after it
has been r ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43543 (Memory corruption in Audio during a playback or a recording
due to rac ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43542 (Memory corruption while copying a keyblob`s material when the
key mate ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43538 (Memory corruption in TZ Secure OS while Tunnel Invoke Manager
initiali ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2023-43537 (Information disclosure while handling T2LM Action Frame in
WLAN Host.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-36104 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: Apache OFBiz
CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application
Security Gat ...)
@@ -1292,11 +1292,11 @@ CVE-2024-28826 (Improper restriction of local upload
and download paths in check
CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS
vulnerability. Th ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2024-25977 (The application does not change the session token when using
the login ...)
- TODO: check
+ NOT-FOR-US: HAWKI
CVE-2024-25976 (When LDAP authentication is activated in the configuration it
is possi ...)
- TODO: check
+ NOT-FOR-US: HAWKI
CVE-2024-25975 (The application implements an up- and downvote function which
alters a ...)
- TODO: check
+ NOT-FOR-US: HAWKI
CVE-2023-46297 (An issue was discovered on Mercusys MW325R EU V3
MW325R(EU)_V3_1.11.0 ...)
NOT-FOR-US: Mercusys MW325R EU
CVE-2023-42005 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak
for Data ...)
@@ -1528,7 +1528,7 @@ CVE-2024-23601 (A code injection vulnerability exists in
the scan_lib.bin functi
CVE-2024-23315 (A read-what-where vulnerability exists in the Programming
Software Con ...)
NOT-FOR-US: AutomationDirect
CVE-2024-22590 (The TLS engine in Kwik commit 745fd4e2 does not track the
current stat ...)
- TODO: check
+ NOT-FOR-US: Kwik
CVE-2024-22187 (A write-what-where vulnerability exists in the Programming
Software Co ...)
NOT-FOR-US: AutomationDirect
CVE-2024-22181 (An out-of-bounds write vulnerability exists in the readNODE
functional ...)
@@ -88852,11 +88852,11 @@ CVE-2023-28496 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-28495 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop
WP Shor ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28494 (Missing Authorization vulnerability in CodePeople Contact Form
Email a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: Wordpress theme
CVE-2023-28492 (Missing Authorization vulnerability in CodePeople CP Multi
View Event ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Estatik ...)
@@ -92460,7 +92460,7 @@ CVE-2023-27462 (A vulnerability has been identified in
RUGGEDCOM CROSSBOW (All v
CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo
Plugins When ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27460 (Missing Authorization vulnerability in CodePeople, paypaldev
CP Contac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest
User Regi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream
WpStream p ...)
@@ -92506,7 +92506,7 @@ CVE-2023-27439 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen
Yurchenko WP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27437 (Missing Authorization vulnerability in Event Espresso Event
Espresso 4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27436 (Cross-Site Request Forgery (CSRF) vulnerability in Louis
Reingold Eleg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed
Siddiqui ...)
@@ -94793,11 +94793,11 @@ CVE-2023-26525 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech
Quiz An ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26523 (Missing Authorization vulnerability in CodePeople Calculated
Fields Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26522
RESERVED
CVE-2023-26521 (Missing Authorization vulnerability in CodePeople Search in
Place allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26520
RESERVED
CVE-2023-26519 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
@@ -101637,7 +101637,7 @@ CVE-2023-24375
CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24373 (External Control of Assumed-Immutable Web Parameter
vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in USB ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write
past the ...)
@@ -103404,13 +103404,13 @@ CVE-2023-23740
CVE-2023-23739
RESERVED
CVE-2023-23738 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23737 (Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP
Broken Lin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23736
RESERVED
CVE-2023-23735 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Davi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Joel ...)
@@ -103420,7 +103420,7 @@ CVE-2023-23732 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme
WishSuite ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23730 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23729
RESERVED
CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Winwa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398982e4d4fc22a59691bc0c00a25b75dfa8c94c
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/398982e4d4fc22a59691bc0c00a25b75dfa8c94c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
