[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 25 22:23:41 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9128e489 by Salvatore Bonaccorso at 2024-04-25T22:35:45+02:00
Process some NFUs

- - - - -
69bca91c by Salvatore Bonaccorso at 2024-04-25T22:35:45+02:00
Add two glpi issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,93 +1,97 @@
 CVE-2024-4175 (Unicode transformation vulnerability in Hyperion affecting version 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Hyperion
 CVE-2024-4174 (Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affect ...)
-	TODO: check
+	NOT-FOR-US: Hyperion
 CVE-2024-4172 (A vulnerability classified as problematic was found in idcCMS 1.35. Af ...)
-	TODO: check
+	NOT-FOR-US: idcCMS
 CVE-2024-4171 (A vulnerability classified as critical has been found in Tenda W30E 1. ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4170 (A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4169 (A vulnerability was found in Tenda 4G300 1.01.42. It has been declared ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4168 (A vulnerability was found in Tenda 4G300 1.01.42. It has been classifi ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4167 (A vulnerability was found in Tenda 4G300 1.01.42 and classified as cri ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4166 (A vulnerability has been found in Tenda 4G300 1.01.42 and classified a ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4165 (A vulnerability, which was classified as critical, was found in Tenda  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4164 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-4077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4035 (The Photo Gallery \u2013 GT3 Image Gallery & Gutenberg Block Gallery p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4024 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	TODO: check
 CVE-2024-4006 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	TODO: check
 CVE-2024-3994 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3733 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3730 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33592 (Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Play ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33247 (Sourcecodester Employee Task Management System v1.0 is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Employee Task Management System
 CVE-2024-32961 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32676 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32649 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-32648 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-32647 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-32646 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-32645 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-32481 (Vyper is a pythonic Smart Contract Language for the Ethereum virtual m ...)
-	TODO: check
+	NOT-FOR-US: Vyper
 CVE-2024-32467 (MeterSphere is an open source continuous testing platform. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: MeterSphere
 CVE-2024-32358 (An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitra ...)
-	TODO: check
+	NOT-FOR-US: Jpress
 CVE-2024-32324 (Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd  ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
 CVE-2024-32236 (An issue in CmsEasy v.7.7 and before allows a remote attacker to obtai ...)
-	TODO: check
+	NOT-FOR-US: CmsEasy
 CVE-2024-31615 (ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.)
-	TODO: check
+	NOT-FOR-US: ThinkCMF
 CVE-2024-31574 (Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attac ...)
-	TODO: check
+	NOT-FOR-US: TWCMS
 CVE-2024-31266 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-30939 (An issue discovered in Yealink VP59 Teams Editions with firmware versi ...)
-	TODO: check
+	NOT-FOR-US: Yealink
 CVE-2024-30890 (Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacke ...)
-	TODO: check
+	NOT-FOR-US: ED01-CMS
 CVE-2024-30560 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2829 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	TODO: check
 CVE-2024-2434 (An issue has been discovered in GitLab affecting all versions of GitLa ...)
 	TODO: check
 CVE-2024-29660 (Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local att ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-28241 (The GLPI Agent is a generic management agent. Prior to version 1.7.2,  ...)
-	TODO: check
+	- glpi <removed>
+	NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw
+	NOTE: https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9
 CVE-2024-28240 (The GLPI Agent is a generic management agent. A vulnerability that onl ...)
-	TODO: check
+	- glpi <removed>
+	NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-hx3x-mmqg-h3jp
+	NOTE: https://github.com/glpi-project/glpi-agent/commit/41bbb1169e899bd15350a9e2fdbf9269a3b7a14f
 CVE-2024-25917 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-25624 (Iris is a web collaborative platform aiming to help incident responder ...)
-	TODO: check
+	NOT-FOR-US: Iris
 CVE-2024-25569 (An out-of-bounds read vulnerability exists in the RAWCodec::DecodeByte ...)
 	TODO: check
 CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cfaffae9b185a961bd736e4ee474dd4fb9f8375c...69bca91ca2e9df172751f6a20fb65681530be77d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cfaffae9b185a961bd736e4ee474dd4fb9f8375c...69bca91ca2e9df172751f6a20fb65681530be77d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240425/e70a4f68/attachment.htm>

More information about the debian-security-tracker-commits mailing list