Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6463876a by Salvatore Bonaccorso at 2024-08-17T10:29:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2024-7886 (A vulnerability has been found in Scooter Software Beyond
Compare up t ...)
- TODO: check
+ NOT-FOR-US: Scooter Software Beyond Compare
CVE-2024-6500 (The InPost for WooCommerce plugin and InPost PL plugin for
WordPress a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6459 (The News Element Elementor Blog Magazine WordPress plugin
before 1.0.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43395 (CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from
the popu ...)
- TODO: check
+ NOT-FOR-US: CraftOS-PC
CVE-2023-4730 (The LadiApp plugn for WordPress is vulnerable to unauthorized
modifica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4717
REJECTED
CVE-2023-4604 (The Slideshow, Image Slider by 2J plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4507 (The Admission AppManager plugin for WordPress is vulnerable to
Reflect ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4027 (The Radio Player plugin for WordPress is vulnerable to
unauthorized mo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4025 (The Radio Player plugin for WordPress is vulnerable to
unauthorized mo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4024 (The Radio Player plugin for WordPress is vulnerable to
unauthorized mo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7885
- undertow <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2305290
@@ -102,7 +102,7 @@ CVE-2024-42463 (Authorization Bypass Through
User-Controlled Key vulnerability i
CVE-2024-42462 (Improper Authentication vulnerability in upKeeper Solutions
product up ...)
NOT-FOR-US: upKeeper
CVE-2024-2175 (An insecure permissions vulnerability was reported inLenovo
Display Co ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2024-25837 (A stored cross-site scripting (XSS) vulnerability in October
CMS Blogh ...)
NOT-FOR-US: October CMS Bloghub Plugin
CVE-2024-25008 (Ericsson RAN Compute and Site Controller 6610 contains a
vulnerability ...)
@@ -190,7 +190,7 @@ CVE-2024-34727 (In sdpu_compare_uuid_with_attr of
sdp_utils.cc, there is a possi
CVE-2024-31333 (In _MMU_AllocLevel of mmu_common.c, there is a possible
arbitrary code ...)
NOT-FOR-US: Android
CVE-2023-7049 (The Custom Field For WP Job Manager plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43374 (The UNIX editor Vim prior to version 9.1.0678 has a
use-after-free err ...)
- vim <unfixed> (unimportant)
NOTE: Crash in CLI tool, no security impact
@@ -106989,7 +106989,7 @@ CVE-2023-1605 (Denial of Service in GitHub repository
radareorg/radare2 prior to
NOTE: https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2
NOTE:
https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f
CVE-2023-1604 (The Short URL plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1603 (Permission bypass when importing or synchronizing entriesin
User vault ...)
NOT-FOR-US: Devolutions
CVE-2023-1602 (The Short URL plugin for WordPress is vulnerable to stored
Cross-Site ...)
@@ -130805,7 +130805,7 @@ CVE-2022-4534
CVE-2022-4533
RESERVED
CVE-2022-4532 (The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-4531
REJECTED
CVE-2022-4530
@@ -149393,7 +149393,7 @@ CVE-2022-3401 (The Bricks theme for WordPress is
vulnerable to remote code execu
CVE-2022-3400 (The Bricks theme for WordPress is vulnerable to authorization
bypass d ...)
NOT-FOR-US: Bricks theme for WordPress
CVE-2022-3399 (The Cookie Notice & Compliance for GDPR / CCPA plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3398 (OMRON CX-Programmer 9.78 and prior is vulnerable to an
Out-of-Bounds W ...)
NOT-FOR-US: OMRON CX-Programmer
CVE-2022-3397 (OMRON CX-Programmer 9.78 and prior is vulnerable to an
Out-of-Bounds W ...)
@@ -180454,7 +180454,7 @@ CVE-2022-1753 (A vulnerability, which was classified
as critical, was found in W
CVE-2022-1752 (Unrestricted Upload of File with Dangerous Type in GitHub
repository p ...)
NOT-FOR-US: Trudesk
CVE-2022-1751 (The Skitter Slideshow plugin for WordPress is vulnerable to
Server-Sid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1750 (The Sticky Popup plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: Sticky Popup plugin for WordPress
CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to
Cross-Site Requ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6463876a2abaa1b7d3fc58b80b39865ace7c9e81
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6463876a2abaa1b7d3fc58b80b39865ace7c9e81
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
