Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6cb20243 by Salvatore Bonaccorso at 2025-02-25T07:47:08+01:00
Associate some NFUs for FlatPress with flatpress' itp'ed bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41339,15 +41339,15 @@ CVE-2024-44017 (Improper Limitation of a Pathname to
a Restricted Directory ('Pa
CVE-2024-43795 (OpenC3 COSMOS provides the functionality needed to send
commands to an ...)
NOT-FOR-US: OpenC3 COSMOS
CVE-2024-41290 (FlatPress CMS v1.3.1 1.3 was discovered to use insecure
methods to sto ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2024-35294 (An unauthenticated remote attacker may use the devices traffic
capture ...)
NOT-FOR-US: Schneider
CVE-2024-35293 (An unauthenticated remote attacker may use a missing
authentication fo ...)
NOT-FOR-US: Schneider
CVE-2024-33210 (A cross-site scripting (XSS) vulnerability has been identified
in Flat ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2024-33209 (FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An
attacke ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2024-24122 (A remote code execution vulnerability in the project
management of Wan ...)
NOT-FOR-US: Wanxing Technology's Yitu project
CVE-2024-24116 (An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2
Release(9736) allows ...)
@@ -41579,7 +41579,7 @@ CVE-2024-41673 (Decidim is a participatory democracy
framework. The version cont
CVE-2024-41276 (A vulnerability in Kaiten version 57.131.12 and earlier allows
attacke ...)
NOT-FOR-US: Kaiten
CVE-2024-31835 (Cross Site Scripting vulnerability in flatpress CMS Flatpress
v1.3 all ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2024-30132 (HCL Nomad server on Domino did not configure certain HTTP
Security hea ...)
NOT-FOR-US: HCL
CVE-2024-25661 (In Infinera TNMS (Transcend Network Management System)
19.10.3, cleart ...)
@@ -42131,9 +42131,9 @@ CVE-2024-33368 (An issue in Plasmoapp RPShare Fabric
mod v.1.0.0 allows a remote
CVE-2024-28948 (Advantech ADAM-5630 contains a cross-site request forgery
(CSRF) vulne ...)
NOT-FOR-US: Advantech
CVE-2024-25412 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3
allows at ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2024-25411 (A cross-site scripting (XSS) vulnerability in Flatpress v1.3
allows at ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2024-22170 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
NOT-FOR-US: Western Digital My Cloud ddns-start on Linux
CVE-2024-46868 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
@@ -163658,11 +163658,11 @@ CVE-2023-1150 (Uncontrolled resource consumption in
Series WAGO 750-3x/-8x produ
CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in
GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository
flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1147 (Cross-site Scripting (XSS) - Stored in GitHub repository
flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1146 (Cross-site Scripting (XSS) - Generic in GitHub repository
flatpressblo ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1145 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 are ...)
NOT-FOR-US: Delta Electronics
CVE-2023-1144 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
@@ -164037,13 +164037,13 @@ CVE-2023-1108 (A flaw was found in undertow. This
issue makes achieving a denial
NOTE: https://issues.redhat.com/browse/UNDERTOW-2239
NOTE: https://github.com/undertow-io/undertow/pull/1453
CVE-2023-1107 (Cross-site Scripting (XSS) - Stored in GitHub repository
flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1106 (Cross-site Scripting (XSS) - Reflected in GitHub repository
flatpressb ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1105 (External Control of File Name or Path in GitHub repository
flatpressbl ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository
flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-1103
REJECTED
CVE-2023-1102
@@ -166815,7 +166815,7 @@ CVE-2023-26295 (Previous versions of HP Device
Manager (prior to HPDM 5.0.10) co
CVE-2023-26294 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
NOT-FOR-US: HP
CVE-2023-0947 (Path Traversal in GitHub repository flatpressblog/flatpress
prior to 1 ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS
Management S ...)
NOT-FOR-US: SourceCodester Best POS Management System
CVE-2023-0945 (A vulnerability, which was classified as problematic, was found
in Sou ...)
@@ -179428,11 +179428,11 @@ CVE-2023-22451 (Kiwi TCMS is an open source test
management system. In version 1
CVE-2022-4823 (A vulnerability, which was classified as problematic, was found
in InS ...)
NOT-FOR-US: InSTEDD Nuntium
CVE-2022-4822 (A vulnerability, which was classified as problematic, has been
found i ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4821 (A vulnerability classified as problematic was found in
FlatPress. This ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4820 (A vulnerability classified as problematic has been found in
FlatPress. ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4819 (A vulnerability was found in HotCRP. It has been rated as
problematic. ...)
NOT-FOR-US: HotCRP
CVE-2022-4818 (A vulnerability was found in Talend Open Studio for MDM. It has
been d ...)
@@ -180198,7 +180198,7 @@ CVE-2022-4757 (The List Pages Shortcode WordPress
plugin before 1.7.6 does not v
CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not
validat ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4755 (A vulnerability was found in FlatPress and classified as
problematic. ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4754 (The Easy Social Box / Page Plugin WordPress plugin through
4.1.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not
validate and ...)
@@ -180212,7 +180212,7 @@ CVE-2022-4750 (The WP Responsive Testimonials Slider
And Widget WordPress plugin
CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2
does n ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified
as crit ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2022-4747 (The Post Category Image With Grid and Slider WordPress plugin
before 1 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS
openmrs ...)
@@ -181830,9 +181830,9 @@ CVE-2021-4251 (A vulnerability classified as
problematic was found in as. This v
CVE-2021-4250 (A vulnerability classified as problematic has been found in
cgriego ac ...)
NOT-FOR-US: ActiveAttr
CVE-2022-4606 (PHP Remote File Inclusion in GitHub repository
flatpressblog/flatpress ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2022-4605 (Cross-site Scripting (XSS) - Stored in GitHub repository
flatpressblog ...)
- NOT-FOR-US: flatpressblog
+ - flatpress <itp> (bug #466297)
CVE-2022-4604 (A vulnerability classified as problematic was found in
wp-english-wp-a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4603 (A vulnerability classified as problematic has been found in
ppp. Affec ...)
@@ -207366,9 +207366,9 @@ CVE-2022-40050 (ZFile v4.1.1 was discovered to
contain an arbitrary file upload
CVE-2022-40049 (SQL injection vulnerability in sourcecodester Theme Park
Ticketing Sys ...)
NOT-FOR-US: Theme Park Ticketing System
CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code
execution (RC ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected
cross-site scri ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2022-40046
RESERVED
CVE-2022-40045
@@ -251894,7 +251894,7 @@ CVE-2022-24590 (A stored cross-site scripting (XSS)
vulnerability in the Add Lin
CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site
scripting (X ...)
NOT-FOR-US: Burden
CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site
scripting (XSS ...)
- NOT-FOR-US: Flatpress
+ - flatpress <itp> (bug #466297)
CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the
component cor ...)
- pluxml <removed> (bug #1008264)
[buster] - pluxml <end-of-life> (EOL in buster LTS)
@@ -278266,7 +278266,7 @@ CVE-2021-41434 (A stored Cross-Site Scripting (XSS)
vulnerability exists in vers
CVE-2021-41433 (SQL Injection vulnerability exists in version 1.0 of the
Resumes Manag ...)
NOT-FOR-US: Resumes Management and Job Application Website application
CVE-2021-41432 (A stored cross-site scripting (XSS) vulnerability exists in
FlatPress ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2021-41431
RESERVED
CVE-2021-41430
@@ -335007,7 +335007,7 @@ CVE-2020-35243 (Flamingo (aka FlamingoIM) through
2020-09-29 has a SQL injection
CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL
injection vulne ...)
NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35241 (FlatPress 1.0.3 is affected by cross-site scripting (XSS) in
the Blog ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2020-35240 (FluxBB 1.5.11 is affected by cross-site scripting (XSS in the
Blog Con ...)
NOT-FOR-US: FluxBB
CVE-2020-35239 (A vulnerability exists in CakePHP versions 4.0.x through
4.1.3. The Cs ...)
@@ -357268,7 +357268,7 @@ CVE-2020-22763
CVE-2020-22762
RESERVED
CVE-2020-22761 (Cross Site Request Forgery (CSRF) vulnerability in FlatPress
1.1 via t ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2020-22760
RESERVED
CVE-2020-22759
@@ -743835,7 +743835,7 @@ CVE-2008-4122 (Joomla! 1.5.8 does not set the secure
flag for the session cookie
CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in
cpCommerce befo ...)
NOT-FOR-US: cpCommerce
CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in
FlatPress 0.804 ...)
- NOT-FOR-US: FlatPress
+ - flatpress <itp> (bug #466297)
CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA
Service Desk ...)
NOT-FOR-US: CA Service Desk
CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound
Master 2nd ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb2024358257faed4b9aac73d95de88f7ac1e05
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb2024358257faed4b9aac73d95de88f7ac1e05
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
