[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 25 08:41:07 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
410bf268 by Moritz Muehlenhoff at 2024-04-25T09:40:17+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81,11 +81,11 @@ CVE-2024-4069 (A vulnerability, which was classified as critical, was found in K
 CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...)
 	NOT-FOR-US: Tenda
 CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...)
-	TODO: check
+	NOT-FOR-US: MongoDB Compass
 CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...)
-	TODO: check
+	NOT-FOR-US: lua-resty-jwt
 CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -121,7 +121,7 @@ CVE-2024-32872 (Umbraco workflow provides workflows for the Umbraco content mana
 CVE-2024-32869 (Hono is a Web application framework that provides support for any Java ...)
 	NOT-FOR-US: Hono
 CVE-2024-32866 (Conform, a type-safe form validation library, allows the parsing of ne ...)
-	TODO: check
+	NOT-FOR-US: Conform
 CVE-2024-32836 (Unrestricted Upload of File with Dangerous Type vulnerability in WP La ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32835 (Deserialization of Untrusted Data vulnerability in WebToffee Import Ex ...)
@@ -226,17 +226,17 @@ CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
 CVE-2024-32051 (Insertion of sensitive information into log file issue exists in RoamW ...)
 	NOT-FOR-US: RoamWiFi
 CVE-2024-31616 (An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S ro ...)
-	TODO: check
+	NOT-FOR-US: RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers
 CVE-2024-31406 (Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45 ...)
 	NOT-FOR-US: RoamWiFi
 CVE-2024-30886 (A stored cross-site scripting (XSS) vulnerability in the remotelink fu ...)
 	NOT-FOR-US: HadSky
 CVE-2024-2972 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2404 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2402 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-28977 (Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path  ...)
 	NOT-FOR-US: Dell
 CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a Path Trav ...)
@@ -244,61 +244,61 @@ CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a Pat
 CVE-2024-28963 (Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive ...)
 	NOT-FOR-US: Dell
 CVE-2024-28825 (Improper restriction of excessive authentication attempts on some auth ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2024-28613 (SQL Injection vulnerability in PHP Task Management System v.1.0 allows ...)
 	NOT-FOR-US: PHP Task Management System
 CVE-2024-27791 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27537
 	REJECTED
 CVE-2024-27536
 	REJECTED
 CVE-2024-23271 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-23228 (This issue was addressed through improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-20359 (A vulnerability in a legacy capability that allowed for the preloading ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20358 (A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20356 (A vulnerability in the web-based management interface of Cisco Integra ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20353 (A vulnerability in the management and VPN web servers for Cisco Adapti ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20295 (A vulnerability in the CLI of the Cisco Integrated Management Controll ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-1756 (The WooCommerce Customers Manager WordPress plugin before 29.8 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1743 (The WooCommerce Customers Manager WordPress plugin before 29.8 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0151 (Insufficient argument checking in Secure state Entry functions in soft ...)
 	TODO: check
 CVE-2023-7253 (The Import WP  WordPress plugin before 2.13.1 does not prevent users w ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51477 (Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Them ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51472 (Improper Authentication vulnerability in Mestres do WP Checkout Mestre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51471 (Improper Authentication vulnerability in Mestres do WP Checkout Mestre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51425 (Improper Privilege Management vulnerability in Jacques Malgrange Renco ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51405 (Improper Authentication vulnerability in Repute Infosystems BookingPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48939
 	REJECTED
 CVE-2023-48938
 	REJECTED
 CVE-2023-48763 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47774 (Improper Restriction of Rendered UI Layers or Frames vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47504 (Improper Authentication vulnerability in Elementor Elementor Website B ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47357
 	REJECTED
 CVE-2023-32127 (Missing Authorization vulnerability in Daniel Powney Multi Rating allo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25583
 	- pdns-recursor 4.9.5-1 (bug #1069762)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/410bf268f2a554728f8d4831d0fa0910f54c05d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/410bf268f2a554728f8d4831d0fa0910f54c05d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240425/a89a321b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list