[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 22 22:28:18 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31bf8786 by Moritz Muehlenhoff at 2024-04-22T23:27:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,87 +1,87 @@
 CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...)
-	TODO: check
+	NOT-FOR-US: CrushFTP
 CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...)
-	TODO: check
+	NOT-FOR-US: Holded
 CVE-2024-3645 (The Essential Addons for Elementor Pro plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32691 (Missing Authorization vulnerability in realmag777 Active Products Tabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32688 (Missing Authorization vulnerability in Long Watch Studio MyRewards.Thi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32687 (Missing Authorization vulnerability in WPClever WPC Frequently Bought  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32684 (Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32682 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32681 (Missing Authorization vulnerability in BdThemes Prime Slider \u2013 Ad ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32407 (An issue in inducer relate before v.2024.1 allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: inducer relate
 CVE-2024-32405 (Cross Site Scripting vulnerability in inducer relate before v.2024.1 a ...)
-	TODO: check
+	NOT-FOR-US: inducer relate
 CVE-2024-32399 (Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 a ...)
-	TODO: check
+	NOT-FOR-US: RaidenMAILD Mail Server
 CVE-2024-32368 (Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-L ...)
-	TODO: check
+	NOT-FOR-US: Agasta Sanketlife
 CVE-2024-32238 (H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password ...)
-	TODO: check
+	NOT-FOR-US: H3C ER8300G2-X
 CVE-2024-32205
 	REJECTED
 CVE-2024-31666 (An issue in flusity-CMS v.2.33 allows a remote attacker to execute arb ...)
-	TODO: check
+	NOT-FOR-US: flusity-CMS
 CVE-2024-31545 (Computer Laboratory Management System v1.0 is vulnerable to SQL Inject ...)
-	TODO: check
+	NOT-FOR-US: Computer Laboratory Management System
 CVE-2024-29661 (A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-29376 (Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Pr ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2024-28717 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: OpenStack Storlets yoga-eom
 CVE-2024-28699 (A buffer overflow vulnerability in pdf2json v0.70 allows a local attac ...)
 	TODO: check
 CVE-2024-28436 (Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DA ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-22856 (A SQL injection vulnerability via the Save Favorite Search function in ...)
-	TODO: check
+	NOT-FOR-US: Axefinance Axe Credit Portal
 CVE-2024-22815 (An issue in the communication protocol of Tormach xsTECH CNC Router, P ...)
-	TODO: check
+	NOT-FOR-US: Tormach xsTECH
 CVE-2024-22813 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...)
-	TODO: check
+	NOT-FOR-US: Tormach xsTECH
 CVE-2024-22811 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...)
-	TODO: check
+	NOT-FOR-US: Tormach xsTECH
 CVE-2024-22809 (Incorrect access control in Tormach xsTECH CNC Router, PathPilot Contr ...)
-	TODO: check
+	NOT-FOR-US: Tormach xsTECH
 CVE-2024-22808 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...)
-	TODO: check
+	NOT-FOR-US: Tormach xsTECH
 CVE-2024-22807 (An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 all ...)
-	TODO: check
+	NOT-FOR-US: Tormach xsTECH
 CVE-2023-38302 (A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM2 ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2023-38301 (An issue was discovered in a third-party component related to vendor.g ...)
-	TODO: check
+	NOT-FOR-US: vendor.gsm.serial,
 CVE-2023-38300 (A certain software build for the Orbic Maui device (Orbic/RC545L/RC545 ...)
-	TODO: check
+	NOT-FOR-US: Orbic Maui
 CVE-2023-38299 (Various software builds for the AT&T Calypso, Nokia C100, Nokia C200,  ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2023-38298 (Various software builds for the following TCL devices (30Z, A3X, 20XE, ...)
-	TODO: check
+	NOT-FOR-US: TCL
 CVE-2023-38297 (An issue was discovered in a third-party com.factory.mmigroup componen ...)
-	TODO: check
+	NOT-FOR-US: com.factory.mmigroup
 CVE-2023-38296 (Various software builds for the following TCL 30Z and TCL A3X devices  ...)
-	TODO: check
+	NOT-FOR-US: TCL
 CVE-2023-38295 (Certain software builds for the TCL 30Z and TCL 10 Android devices con ...)
-	TODO: check
+	NOT-FOR-US: TCL
 CVE-2023-38294 (Certain software builds for the Itel Vision 3 Turbo Android device con ...)
-	TODO: check
+	NOT-FOR-US: Itel
 CVE-2023-38293 (Certain software builds for the Nokia C200 and Nokia C100 Android devi ...)
-	TODO: check
+	NOT-FOR-US: Nokia
 CVE-2023-38292 (Certain software builds for the TCL 20XE Android device contain a vuln ...)
-	TODO: check
+	NOT-FOR-US: TCL
 CVE-2023-38291 (An issue was discovered in a third-party component related to ro.boot. ...)
-	TODO: check
+	NOT-FOR-US: ro.boot.wifimacaddr
 CVE-2023-38290 (Certain software builds for the BLU View 2 and Sharp Rouvo V Android d ...)
-	TODO: check
+	NOT-FOR-US: BLU / Sharp
 CVE-2024-27349 (Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Se ...)
 	NOT-FOR-US: Apache HugeGraph-Hubble
 CVE-2024-27348 (RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31bf878674e2a5767600167060d61694690344bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31bf878674e2a5767600167060d61694690344bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240422/88aff73b/attachment.htm>

More information about the debian-security-tracker-commits mailing list