[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 15 13:13:43 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f4e1bc2 by Salvatore Bonaccorso at 2024-04-15T14:13:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,15 +21,15 @@ CVE-2024-3768 (A vulnerability, which was classified as critical, has been found
 CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul News Po ...)
 	NOT-FOR-US: PHPGurukul News Portal
 CVE-2024-3766 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: slowlyo OwlAdmin
 CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai AHB7804R- ...)
 	NOT-FOR-US: Xiongmai
 CVE-2024-3764 (A vulnerability classified as problematic has been found in Tuya Camer ...)
-	TODO: check
+	NOT-FOR-US: Tuya Camera
 CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated as pr ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been declared as ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component does  ...)
 	TODO: check
 CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...)
@@ -113,23 +113,23 @@ CVE-2024-32098 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2024-32087 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32082 (Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32079 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change de ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30545 (Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2858 (The Simple Buttons Creator WordPress plugin through 1.04 does not have ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2857 (The Simple Buttons Creator WordPress plugin through 1.04 does not have ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2836 (The Social Share, Social Login and Social Comments Plugin  WordPress p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2739 (The Advanced Search WordPress plugin through 1.1.6 does not have CSRF  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29844 (Default credentials on the Web Interface of Evolution Controller 2.x ( ...)
 	TODO: check
 CVE-2024-29843 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
@@ -151,39 +151,39 @@ CVE-2024-29836 (The Web interface of Evolution Controller Versions 2.04.560.31.0
 CVE-2024-27462
 	REJECTED
 CVE-2024-1849 (The WP Customer Reviews WordPress plugin before 3.7.1 does not validat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1846 (The Responsive Tabs WordPress plugin before 4.0.7 does not validate an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1755 (The NPS computy WordPress plugin through 2.7.5 does not have CSRF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1754 (The NPS computy WordPress plugin through 2.7.5 does not sanitise and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1746 (The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1712 (The Carousel Slider WordPress plugin before 2.2.7 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1660 (The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1655 (Certain ASUS WiFi routers models has an OS Command Injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: ASUS WiFi routers
 CVE-2024-1310 (The WooCommerce WordPress plugin before 8.6 does not prevent users wit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1307 (The Smart Forms  WordPress plugin before 2.6.94 does not have proper a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1306 (The Smart Forms  WordPress plugin before 2.6.94 does not have CSRF che ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1204 (The Meta Box  WordPress plugin before 5.9.4 does not prevent users wit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0902 (The Fancy Product Designer WordPress plugin before 6.1.81 does not san ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0399 (The WooCommerce Customers Manager WordPress plugin before 29.7 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7201 (The Everest Backup  WordPress plugin before 2.2.5 does not properly va ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6067 (The WP User Profile Avatar WordPress plugin through 1.0.1 does not val ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52144 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3508
 	NOT-FOR-US: Bombastic's use of bzip2
 CVE-2024-3651 [potential DoS via resource consumption via specially crafted inputs to idna.encode()]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4e1bc22728a05f219cccd00eec36c912529a66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4e1bc22728a05f219cccd00eec36c912529a66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240415/dc535c63/attachment.htm>

More information about the debian-security-tracker-commits mailing list