[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 30 21:47:19 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b62f2ac4 by Salvatore Bonaccorso at 2024-04-30T22:44:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,55 +1,55 @@
 CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...)
 	TODO: check
 CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...)
-	TODO: check
+	NOT-FOR-US: Adive Framework
 CVE-2024-4336 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...)
-	TODO: check
+	NOT-FOR-US: Adive Framework
 CVE-2024-4185 (The Customer Email Verification for WooCommerce plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3746 (The entire parent directory - C:\ScadaPro and its sub-directories and  ...)
-	TODO: check
+	NOT-FOR-US: Measuresoft
 CVE-2024-3411 (Implementations of IPMI Authenticated sessions does not provide enough ...)
 	TODO: check
 CVE-2024-3072 (The ACF Front End Editor plugin for WordPress is vulnerable to unautho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34088 (In FRRouting (FRR) through 9.1, it is possible for the get_edge() func ...)
 	TODO: check
 CVE-2024-33832 (OneNav v0.9.35-20240318 was discovered to contain a Server-Side Reques ...)
-	TODO: check
+	NOT-FOR-US: OneNav
 CVE-2024-33831 (A stored cross-site scripting (XSS) vulnerability in the Advanced Expe ...)
 	TODO: check
 CVE-2024-33465 (Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allow ...)
-	TODO: check
+	NOT-FOR-US: MajorDoMo (aka Major Domestic Module)
 CVE-2024-33437 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...)
-	TODO: check
+	NOT-FOR-US: CSS Exfil Protection
 CVE-2024-33436 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...)
-	TODO: check
+	NOT-FOR-US: CSS Exfil Protection
 CVE-2024-33383 (Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allow ...)
-	TODO: check
+	NOT-FOR-US: novel-plus
 CVE-2024-33371 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-33332 (An issue discovered in SpringBlade 3.7.1 allows attackers to obtain se ...)
-	TODO: check
+	NOT-FOR-US: SpringBlade
 CVE-2024-33309 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...)
-	TODO: check
+	NOT-FOR-US: TVS Motor Company Limited TVS Connet
 CVE-2024-33308 (An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and i ...)
-	TODO: check
+	NOT-FOR-US: TVS Motor Company Limited TVS Connet
 CVE-2024-33275 (SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and bef ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-33274 (Directory Traversal vulnerability in FME Modules customfields v.2.2.7  ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-33273 (SQL injection vulnerability in shipup before v.3.3.0 allows a remote a ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-33270 (An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2 ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-33267 (SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before a ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2024-33103 (An arbitrary file upload vulnerability in the Media Manager component  ...)
 	TODO: check
 CVE-2024-33102 (A stored cross-site scripting (XSS) vulnerability in the component /pu ...)
-	TODO: check
+	NOT-FOR-US: ThinkSAAS
 CVE-2024-33101 (A stored cross-site scripting (XSS) vulnerability in the component /ac ...)
-	TODO: check
+	NOT-FOR-US: ThinkSAAS
 CVE-2024-2877 (Vault Enterprise, when configured with performance standby nodes and a ...)
 	TODO: check
 CVE-2024-2663 (The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server ...)
@@ -61,7 +61,7 @@ CVE-2024-2378 (A vulnerability exists in the web-authentication component of the
 CVE-2024-2377 (A vulnerability exists in the too permissive HTTP response header web  ...)
 	TODO: check
 CVE-2024-29384 (An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to o ...)
-	TODO: check
+	NOT-FOR-US: CSS Exfil Protection
 CVE-2024-29320 (Wallos before 1.15.3 is vulnerable to SQL Injection via the category a ...)
 	TODO: check
 CVE-2024-28716 (An issue in OpenStack Storlets yoga-eom allows a remote attacker to ex ...)
@@ -140,7 +140,7 @@ CVE-2024-34044 (The O-RAN E2T I-Release buildPrometheusList function can have a
 CVE-2024-34043 (O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a ce ...)
 	NOT-FOR-US: O-RAN
 CVE-2024-33522 (In vulnerable versions of Calico (v3.27.2 and below), Calico Enterpris ...)
-	TODO: check
+	NOT-FOR-US: Calico
 CVE-2024-33401 (Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remot ...)
 	NOT-FOR-US: DedeCMS
 CVE-2024-33350 (Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote at ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62f2ac4682e34b8398a26c1acb62f5c3307d586

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62f2ac4682e34b8398a26c1acb62f5c3307d586
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240430/3c35c32e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list