[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 6 10:35:57 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0ca2fda by Salvatore Bonaccorso at 2024-08-06T11:35:21+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,33 +31,33 @@ CVE-2024-7009 (Unsanitized user-input in Calibre <= 7.15.0 allow users with perm
 CVE-2024-7008 (Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform ...)
 	TODO: check
 CVE-2024-6886 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	- gitea <removed>
 CVE-2024-6782 (Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticate ...)
 	TODO: check
 CVE-2024-6781 (Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to ...)
 	TODO: check
 CVE-2024-6766 (The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not val ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6651 (The WordPress File Upload WordPress plugin before 4.24.8 does not sani ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6315 (The Blox Page Builder plugin for WordPress is vulnerable to arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6203 (HaloITSM versions up to 2.146.1 are affected by a Password Reset Poiso ...)
-	TODO: check
+	NOT-FOR-US: HaloITSM
 CVE-2024-6202 (HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature W ...)
-	TODO: check
+	NOT-FOR-US: HaloITSM
 CVE-2024-6201 (HaloITSM versions up to 2.146.1 are affected by a Template Injection v ...)
-	TODO: check
+	NOT-FOR-US: HaloITSM
 CVE-2024-6200 (HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Sc ...)
-	TODO: check
+	NOT-FOR-US: HaloITSM
 CVE-2024-5963 (Unquoted Executable Path vulnerability in Hitachi Device Manager on Wi ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-5828 (Expression Language Injection vulnerability in Hitachi Tuning Manager  ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2024-5709 (The WPBakery Visual Composer plugin for WordPress is vulnerable to Loc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5708 (The WPBakery Visual Composer plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-42352 (Nuxt is a free and open-source framework to create full-stack web appl ...)
 	TODO: check
 CVE-2024-41995 (Initialization of a resource with an insecure default vulnerability ex ...)
@@ -65,21 +65,21 @@ CVE-2024-41995 (Initialization of a resource with an insecure default vulnerabil
 CVE-2024-41820 (Kubean is a cluster lifecycle management toolchain based on kubespray  ...)
 	TODO: check
 CVE-2024-41816 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-41811 (ipl/web is a set of common web components for php projects. Some of th ...)
 	TODO: check
 CVE-2024-39817 (Insertion of sensitive information into sent data issue exists in Cybo ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Office
 CVE-2024-34344 (Nuxt is a free and open-source framework to create full-stack web appl ...)
 	TODO: check
 CVE-2024-34343 (Nuxt is a free and open-source framework to create full-stack web appl ...)
 	TODO: check
 CVE-2024-28962 (Dell Command | Update, Dell Update, and Alienware Update UWP, versions ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-23657 (Nuxt is a free and open-source framework to create full-stack web appl ...)
 	TODO: check
 CVE-2023-5000 (The Horizontal scrolling announcements plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7547 (oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vul ...)
 	- ofono <unfixed>
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1087/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0ca2fdae4f0eae54720b34b92f47ffc5ada9300

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0ca2fdae4f0eae54720b34b92f47ffc5ada9300
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240806/f6df578d/attachment.htm>

More information about the debian-security-tracker-commits mailing list