Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2e91059f by Salvatore Bonaccorso at 2024-06-21T22:37:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,97 +1,97 @@
CVE-2024-6241 (A vulnerability was found in Pear Admin Boot up to 2.0.2 and
classifie ...)
- TODO: check
+ NOT-FOR-US: Pear Admin Boot
CVE-2024-6240 (Improper privilege management vulnerability in Parallels
Desktop Softw ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2024-6239 (A flaw was found in the Poppler's Pdfinfo utility. This issue
occurs w ...)
TODO: check
CVE-2024-6027 (The Themify \u2013 WooCommerce Product Filter plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5859 (The Online Booking & Scheduling Calendar for WordPress by vcita
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5059 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5058 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3036 (Improper Input Validation vulnerability in ABB 800xA Base. An
attacker ...)
- TODO: check
+ NOT-FOR-US: ABB 800xA Base
CVE-2024-37790
REJECTED
CVE-2024-37675 (Cross Site Scripting vulnerability in Tessi Docubase Document
Manageme ...)
- TODO: check
+ NOT-FOR-US: Tessi Docubase Document Management
CVE-2024-37673 (Cross Site Scripting vulnerability in Tessi Docubase Document
Manageme ...)
- TODO: check
+ NOT-FOR-US: Tessi Docubase Document Management
CVE-2024-37672 (Cross Site Scripting vulnerability in Tessi Docubase Document
Manageme ...)
- TODO: check
+ NOT-FOR-US: Tessi Docubase Document Management
CVE-2024-37671 (Cross Site Scripting vulnerability in Tessi Docubase Document
Manageme ...)
- TODO: check
+ NOT-FOR-US: Tessi Docubase Document Management
CVE-2024-37230 (Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme
Book Lan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37227 (Cross Site Request Forgery (CSRF) vulnerability in Tribulant
Newslette ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37212 (Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo
Ali2Woo Lit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37198 (Cross-Site Request Forgery (CSRF) vulnerability in blazethemes
Digital ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37118 (Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl
Uncanny ...)
- TODO: check
+ NOT-FOR-US: Uncanny Owl Uncanny Automator Pro
CVE-2024-35781 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35779 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35778 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35776 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35774 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35772 (Cross-Site Request Forgery (CSRF) vulnerability in
presscustomizr Huem ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-35771 (Cross-Site Request Forgery (CSRF) vulnerability in
presscustomizr Cust ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-35770 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss
Vimeograp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35769 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35768 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35767 (Unrestricted Upload of File with Dangerous Type vulnerability
in Bogda ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35766 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35764 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35763 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-35762 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35761 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35760 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35759 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35758 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-35757 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-35537 (TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS
v5.0.0 wa ...)
- TODO: check
+ NOT-FOR-US: TVS Motor Company Limited TVS Connect
CVE-2024-31890 (IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity
Utilities for ...)
- TODO: check
+ NOT-FOR-US: IBM X-Force ID:
CVE-2023-51375 (Missing Authorization vulnerability in WPDeveloper
EmbedPress.This iss ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45673 (Joplin is a free, open source note taking and to-do
application. A rem ...)
- TODO: check
+ NOT-FOR-US: Joplin
CVE-2023-45197 (The file upload plugin in Adminer and AdminerEvo allows an
attacker to ...)
TODO: check
CVE-2023-39517 (Joplin is a free, open source note taking and to-do
application. A Cro ...)
- TODO: check
+ NOT-FOR-US: Joplin
CVE-2023-38506 (Joplin is a free, open source note taking and to-do
application. A Cro ...)
- TODO: check
+ NOT-FOR-US: Joplin
CVE-2023-38389 (Incorrect Authorization vulnerability in Artbees JupiterX Core
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37898 (Joplin is a free, open source note taking and to-do
application. A Cro ...)
- TODO: check
+ NOT-FOR-US: Joplin
CVE-2024-39277 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -122840,7 +122840,7 @@ CVE-2022-45805 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft
Photo Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45803 (Missing Authorization vulnerability in Nikolay Strikhar
WordPress Form ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-45802 (Streampark allows any users to upload a jar as application,
but there ...)
NOT-FOR-US: Apache StreamPark
CVE-2022-45801 (Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection
vulnerability. ...)
@@ -127674,7 +127674,7 @@ CVE-2022-44595 (Improper Authentication vulnerability
in Melapress WP 2FA allows
CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Code ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44593 (Use of Less Trusted Source vulnerability in SolidWP Solid
Security all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44592
RESERVED
CVE-2022-44591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Anth ...)
@@ -127686,7 +127686,7 @@ CVE-2022-44589 (Exposure of Sensitive Information to
an Unauthorized Actor vulne
CVE-2022-44588 (Unauth. SQL Injection vulnerability inCryptocurrency Widgets
Pack Plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44587 (Insertion of Sensitive Information into Log File vulnerability
in WP 2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub
Media AM-HiL ...)
NOT-FOR-US: Ayoub Media
CVE-2022-44585 (Cross-Site Request Forgery (CSRF) vulnerability inMagneticlab
S\xe0rlH ...)
@@ -132251,7 +132251,7 @@ CVE-2022-43459 (Cross-Site Request Forgery (CSRF)
vulnerability in Forms by Capt
CVE-2022-43458 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Code ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43453 (Missing Authorization vulnerability in Bill Minozzi WP
Tools.This issu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-43450 (Authorization Bypass Through User-Controlled Key vulnerability
in XWP ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43445
@@ -137774,7 +137774,7 @@ CVE-2022-38063 (Cross-Site Request Forgery (CSRF)
vulnerability in Social Login
CVE-2022-38057 (Missing Authorization vulnerability in ThemeHunk Advance
WordPress Sea ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38055 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG
Tags Li ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e91059f49539e5a76a49da0c67fc2f6352f41e2
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e91059f49539e5a76a49da0c67fc2f6352f41e2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
