[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 17 07:35:30 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ee8209d by Salvatore Bonaccorso at 2024-08-17T08:34:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-7646 (A security issue was discovered in ingress-nginx where an actor with p ...)
-	TODO: check
+	NOT-FOR-US: Kubernetes ingress-nginx
 CVE-2024-7147 (The JetBlocks for Elementor plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7146 (The JetTabs for Elementor plugin for WordPress is vulnerable to Local  ...)
@@ -79,9 +79,9 @@ CVE-2024-42462 (Improper Authentication vulnerability in upKeeper Solutions prod
 CVE-2024-2175 (An insecure permissions vulnerability was reported inLenovo Display Co ...)
 	TODO: check
 CVE-2024-25837 (A stored cross-site scripting (XSS) vulnerability in October CMS Blogh ...)
-	TODO: check
+	NOT-FOR-US: October CMS Bloghub Plugin
 CVE-2024-25008 (Ericsson RAN Compute and Site Controller 6610 contains a vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Ericsson
 CVE-2023-5888
 	REJECTED
 CVE-2023-47728 (IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pa ...)
@@ -139,29 +139,29 @@ CVE-2024-42488 (Cilium is a networking, observability, and security solution wit
 CVE-2024-42487 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
 CVE-2024-34743 (In setTransactionState of SurfaceFlinger.cpp, there is a possible way  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34742 (In shouldWrite of OwnersData.java, there is a possible edge case that  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34741 (In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, the ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34740 (In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.j ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34739 (In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.j ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34738 (In multiple functions of AppOpsService.java, there is a possible way f ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34737 (In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.jav ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34736 (In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34734 (In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, ther ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34731 (In multiple functions of TranscodingResourcePolicy.cpp, there is a pos ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-34727 (In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible ou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-31333 (In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2023-7049 (The Custom Field For WP Job Manager plugin for WordPress is vulnerable ...)
 	TODO: check
 CVE-2024-43374 (The UNIX editor Vim prior to version 9.1.0678 has a use-after-free err ...)
@@ -426,7 +426,7 @@ CVE-2024-42435 (Sensitive information disclosure in some Zoom Workplace Apps, SD
 CVE-2024-42434 (Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Ro ...)
 	NOT-FOR-US: Zoom
 CVE-2024-42360 (SequenceServer lets you rapidly set up a BLAST+ server with an intuiti ...)
-	TODO: check
+	NOT-FOR-US: SequenceServer
 CVE-2024-41866 (InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by ...)
 	NOT-FOR-US: Adobe
 CVE-2024-41865 (Dimension versions 3.4.11 and earlier are affected by an Untrusted Sea ...)
@@ -1140,7 +1140,7 @@ CVE-2023-31304 (Improper input validation in SMU may allow an attacker with priv
 CVE-2024-7715 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DN ...)
 	NOT-FOR-US: D-Link
 CVE-2024-7709 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: OcoMon
 CVE-2024-7707 (A vulnerability was found in Tenda FH1206 02.03.01.35 and classified a ...)
 	NOT-FOR-US: Tenda
 CVE-2024-7706 (A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee8209d80609e4a07698e77c01f52b7bc2ed63d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee8209d80609e4a07698e77c01f52b7bc2ed63d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240817/426746b2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list