[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 17 09:30:32 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6463876a by Salvatore Bonaccorso at 2024-08-17T10:29:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2024-7886 (A vulnerability has been found in Scooter Software Beyond Compare up t ...)
-	TODO: check
+	NOT-FOR-US: Scooter Software Beyond Compare
 CVE-2024-6500 (The InPost for WooCommerce plugin and InPost PL plugin for WordPress a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6459 (The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43395 (CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popu ...)
-	TODO: check
+	NOT-FOR-US: CraftOS-PC
 CVE-2023-4730 (The LadiApp plugn for WordPress is vulnerable to unauthorized modifica ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4717
 	REJECTED
 CVE-2023-4604 (The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4507 (The Admission AppManager plugin for WordPress is vulnerable to Reflect ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4027 (The Radio Player plugin for WordPress is vulnerable to unauthorized mo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4025 (The Radio Player plugin for WordPress is vulnerable to unauthorized mo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4024 (The Radio Player plugin for WordPress is vulnerable to unauthorized mo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7885
 	- undertow <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2305290
@@ -102,7 +102,7 @@ CVE-2024-42463 (Authorization Bypass Through User-Controlled Key vulnerability i
 CVE-2024-42462 (Improper Authentication vulnerability in upKeeper Solutions product up ...)
 	NOT-FOR-US: upKeeper
 CVE-2024-2175 (An insecure permissions vulnerability was reported inLenovo Display Co ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-25837 (A stored cross-site scripting (XSS) vulnerability in October CMS Blogh ...)
 	NOT-FOR-US: October CMS Bloghub Plugin
 CVE-2024-25008 (Ericsson RAN Compute and Site Controller 6610 contains a vulnerability ...)
@@ -190,7 +190,7 @@ CVE-2024-34727 (In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possi
 CVE-2024-31333 (In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code ...)
 	NOT-FOR-US: Android
 CVE-2023-7049 (The Custom Field For WP Job Manager plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43374 (The UNIX editor Vim prior to version 9.1.0678 has a use-after-free err ...)
 	- vim <unfixed> (unimportant)
 	NOTE: Crash in CLI tool, no security impact
@@ -106989,7 +106989,7 @@ CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior to
 	NOTE: https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2
 	NOTE: https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f
 CVE-2023-1604 (The Short URL plugin for WordPress is vulnerable to Cross-Site Request ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1603 (Permission bypass when importing or synchronizing entriesin User vault ...)
 	NOT-FOR-US: Devolutions
 CVE-2023-1602 (The Short URL plugin for WordPress is vulnerable to stored Cross-Site  ...)
@@ -130805,7 +130805,7 @@ CVE-2022-4534
 CVE-2022-4533
 	RESERVED
 CVE-2022-4532 (The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4531
 	REJECTED
 CVE-2022-4530
@@ -149393,7 +149393,7 @@ CVE-2022-3401 (The Bricks theme for WordPress is vulnerable to remote code execu
 CVE-2022-3400 (The Bricks theme for WordPress is vulnerable to authorization bypass d ...)
 	NOT-FOR-US: Bricks theme for WordPress
 CVE-2022-3399 (The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3398 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...)
 	NOT-FOR-US: OMRON CX-Programmer
 CVE-2022-3397 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...)
@@ -180454,7 +180454,7 @@ CVE-2022-1753 (A vulnerability, which was classified as critical, was found in W
 CVE-2022-1752 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
 	NOT-FOR-US: Trudesk
 CVE-2022-1751 (The Skitter Slideshow plugin for WordPress is vulnerable to Server-Sid ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1750 (The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Si ...)
 	NOT-FOR-US: Sticky Popup plugin for WordPress
 CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Requ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6463876a2abaa1b7d3fc58b80b39865ace7c9e81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6463876a2abaa1b7d3fc58b80b39865ace7c9e81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240817/f3b0bae9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list