Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
abdc0738 by Salvatore Bonaccorso at 2025-09-18T07:18:55+02:00
Associate some older NFUs with ghost, itp'ed entry
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -120233,7 +120233,7 @@ CVE-2024-6337 (An Incorrect Authorization
vulnerability was identified in GitHub
CVE-2024-6322 (Access control for plugin data sources protected by the
ReqActions jso ...)
- grafana <removed>
CVE-2024-43409 (Ghost is a Node.js content management system. Improper
authentication ...)
- NOT-FOR-US: Ghost
+ - ghost <itp> (bug #892150)
CVE-2024-43408 (Discourse Placeholder Forms will let you build dynamic
documentation. ...)
NOT-FOR-US: Discourse Placeholder Forms
CVE-2024-43406 (LF Edge eKuiper is a lightweight IoT data analytics and stream
process ...)
@@ -136779,7 +136779,7 @@ CVE-2024-36279 (Reliance on obfuscation or encryption
of security-relevant input
CVE-2024-36277 (Improper verification of cryptographic signature issue exists
in "Free ...)
NOT-FOR-US: FreeFrom
CVE-2024-34451 (Ghost through 5.85.1 allows remote attackers to bypass an
authenticati ...)
- NOT-FOR-US: Ghost
+ - ghost <itp> (bug #892150)
CVE-2024-38468 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows
unauthorize ...)
NOT-FOR-US: Shenzhen Guoxin Synthesis image system
CVE-2024-38467 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows
unauthorize ...)
@@ -143381,7 +143381,7 @@ CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL
Injection via admin/tax.php.)
CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via
ecshop/arti ...)
NOT-FOR-US: Ecshop
CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV
export.)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software
Corp SEG ...)
NOT-FOR-US: Insyde
CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC
v3.7.4.0 ...)
@@ -177960,7 +177960,7 @@ CVE-2024-25713 (yyjson through 0.8.0 has a double
free, leading to remote code e
CVE-2024-25712 (http-swagger before 1.2.6 allows XSS via PUT requests, because
a file ...)
NOT-FOR-US: http-swagger
CVE-2024-23724 (Ghost through 5.76.0 allows stored XSS, and resultant
privilege escala ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2024-21875 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
NOT-FOR-US: Team Hacker Hotel Badge
CVE-2024-1432 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
DeepFaceL ...)
@@ -182022,7 +182022,7 @@ CVE-2024-23730 (The OpenAPI and ChatGPT plugin
loaders in LlamaHub (aka llama-hu
CVE-2024-23726 (Ubee DDW365 XCNDDW365 devices have predictable default WPA2
PSKs that ...)
NOT-FOR-US: Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices
CVE-2024-23725 (Ghost before 5.76.0 allows XSS via a post excerpt in
excerpt.js. An XS ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2024-0769 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
D-Link DI ...)
NOT-FOR-US: D-Link
CVE-2024-0521 (Code Injection in paddlepaddle/paddle)
@@ -209295,7 +209295,7 @@ CVE-2023-4324 (Broadcom RAID Controller web interface
is vulnerable due to insec
CVE-2023-4323 (Broadcom RAID Controller web interface is vulnerable to
improper sessi ...)
NOT-FOR-US: Broadcom RAID Controller web interface
CVE-2023-40028 (Ghost is an open source content management system. Versions
prior to 5 ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2023-40027 (Keystone is an open source headless CMS for Node.js \u2014
built with ...)
NOT-FOR-US: Keystone CMS
CVE-2023-39843 (Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door
Lock v1 ...)
@@ -221233,7 +221233,7 @@ CVE-2023-32269 (An issue was discovered in the Linux
kernel before 6.1.11. In ne
[buster] - linux 4.19.282-1
NOTE:
https://git.kernel.org/linus/611792920925fb088ddccbe2783c7f92fdfb6b64 (6.2-rc7)
CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary
files wi ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2023-32233 (In the Linux kernel through 6.3.1, a use-after-free in
Netfilter nf_ta ...)
{DSA-5402-1 DLA-3508-1 DLA-3446-1}
- linux 6.1.27-1
@@ -221964,7 +221964,7 @@ CVE-2023-31135 (Dgraph is an open source distributed
GraphQL database. Existing
CVE-2023-31134 (Tauri is software for building applications for multi-platform
deploym ...)
NOT-FOR-US: Tauri
CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a
website, ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2023-31132 (Cacti is an open source operational monitoring and fault
management fr ...)
- cacti <not-affected> (Only affect Cacti Installer on Windows)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876
@@ -236312,7 +236312,7 @@ CVE-2023-0997 (A vulnerability was found in
SourceCodester Moosikay E-Commerce S
CVE-2023-26511 (A Hard Coded Admin Credentials issue in the Web-UI Admin Panel
in Prop ...)
NOT-FOR-US: Propius MachineSelector
CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can
view draft ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2023-26509 (AnyDesk 7.0.8 allows remote Denial of Service.)
NOT-FOR-US: AnyDesk
CVE-2023-26508
@@ -254239,13 +254239,13 @@ CVE-2022-47199
CVE-2022-47198
RESERVED
CVE-2022-47197 (An insecure default vulnerability exists in the Post Creation
function ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2022-47196 (An insecure default vulnerability exists in the Post Creation
function ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2022-47195 (An insecure default vulnerability exists in the Post Creation
function ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2022-47194 (An insecure default vulnerability exists in the Post Creation
function ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2022-46736
REJECTED
CVE-2022-46729
@@ -272980,7 +272980,7 @@ CVE-2022-41702 (The affected product DIAEnergie
(versions prior to v1.9.01.002)
CVE-2022-41701 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
NOT-FOR-US: DIAEnergie
CVE-2022-41697 (A user enumeration vulnerability exists in the login
functionality of ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2022-41688 (Delta Electronics InfraSuite Device Master versions 00.00.01a
and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-41683
@@ -272988,7 +272988,7 @@ CVE-2022-41683
CVE-2022-41657 (Delta Electronics InfraSuite Device Master Versions 00.00.01a
and prio ...)
NOT-FOR-US: Delta Electronics
CVE-2022-41654 (An authentication bypass vulnerability exists in the
newsletter subscr ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2022-41653 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version
1.2.3 and pr ...)
NOT-FOR-US: Daikin
CVE-2022-41651 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
@@ -310449,7 +310449,7 @@ CVE-2022-28399
CVE-2022-28398
RESERVED
CVE-2022-28397 (An arbitrary file upload vulnerability in the file upload
module of Gh ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2022-28396
REJECTED
CVE-2022-28395
@@ -314595,7 +314595,7 @@ CVE-2022-27141
CVE-2022-27140 (An arbitrary file upload vulnerability in the file upload
module of ex ...)
NOT-FOR-US: Express FileUpload
CVE-2022-27139 (An arbitrary file upload vulnerability in the file upload
module of Gh ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2022-27138
RESERVED
CVE-2022-27137
@@ -354286,7 +354286,7 @@ CVE-2021-39194 (kaml is an open source implementation
of the YAML format with su
CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to
commit ...)
NOT-FOR-US: Frontier
CVE-2021-39192 (Ghost is a Node.js content management system. An error in the
implemen ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
{DLA-3499-1}
- libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648)
@@ -379333,7 +379333,7 @@ CVE-2021-29486 (cumulative-distribution-function is
an open source npm library u
CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In
versions prior ...)
NOT-FOR-US: Ratpack
CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the
developmen ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The
'wikiconfig' ...)
NOT-FOR-US: ManageWiki MediaWiki extension
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
@@ -464617,7 +464617,7 @@ CVE-2020-8136 (Prototype pollution vulnerability in
fastify-multipart < 1.0.5 al
CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side
Request Fo ...)
NOT-FOR-US: Node uppy
CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS <
3.10.0 ...)
- NOT-FOR-US: Ghost CMS
+ - ghost <itp> (bug #892150)
CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in
Nextcl ...)
- nextcloud-server <itp> (bug #941708)
CVE-2020-8132 (Lack of input validation in pdf-image npm package version <=
2.0.0 may ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abdc0738d90da9216852a5457a6e2731dde6ef7d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abdc0738d90da9216852a5457a6e2731dde6ef7d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
