[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 19 21:22:32 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
353756f4 by Salvatore Bonaccorso at 2024-08-19T22:21:41+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,101 +1,101 @@
 CVE-2024-7958
 	REJECTED
 CVE-2024-7927 (A vulnerability classified as critical was found in ZZCMS 2023. Affect ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-7926 (A vulnerability classified as critical has been found in ZZCMS 2023. A ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-7925 (A vulnerability was found in ZZCMS 2023. It has been rated as problema ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-7924 (A vulnerability was found in ZZCMS 2023. It has been declared as criti ...)
-	TODO: check
+	NOT-FOR-US: ZZCMS
 CVE-2024-7922 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython, specifically  ...)
 	TODO: check
 CVE-2024-6348 (Predictable seed generation in the security access mechanism of UDS in ...)
-	TODO: check
+	NOT-FOR-US: Nissan
 CVE-2024-43401 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2024-43400 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2024-43399 (Mobile Security Framework (MobSF) is a pen-testing, malware analysis a ...)
 	TODO: check
 CVE-2024-43380 (fugit contains time tools for flor and the floraison group. The fugit  ...)
 	TODO: check
 CVE-2024-43379 (TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerab ...)
-	TODO: check
+	NOT-FOR-US: TruffleHog
 CVE-2024-43372
 	REJECTED
 CVE-2024-43354 (Deserialization of Untrusted Data vulnerability in myCred allows Objec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43345 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43328 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43326 (Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43317 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43311 (Improper Privilege Management vulnerability in Geek Code Lab Login As  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43281 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43280 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43272 (Missing Authentication for Critical Function vulnerability in icegram  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43271 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43261 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43256 (Missing Authorization vulnerability in nouthemes Leopard - WordPress o ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43252 (Deserialization of Untrusted Data vulnerability in Crew HRM allows Obj ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43250 (Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitform ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43249 (Unrestricted Upload of File with Dangerous Type vulnerability in Bit A ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43248 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43247 (Missing Authorization vulnerability in creativeon WHMpress allows Acce ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43245 (Improper Privilege Management vulnerability in eyecix JobSearch allows ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43242 (Deserialization of Untrusted Data vulnerability in azzaroco Ultimate M ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43240 (Improper Privilege Management vulnerability in azzaroco Ultimate Membe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43236 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43232 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-43221 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-42815 (In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-42813 (In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-42812 (In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-42675
 	REJECTED
 CVE-2024-42658 (An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: wishnet Nepstech Wifi Router NTPL-XPON1GFEVN
 CVE-2024-42657 (An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: wishnet Nepstech Wifi Router NTPL-XPON1GFEVN
 CVE-2024-42633 (A Command Injection vulnerability exists in the do_upgrade_post functi ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2024-39306
 	REJECTED
 CVE-2024-37099 (Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32928 (The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of  ...)
 	TODO: check
 CVE-2024-32927 (In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-23729 (The ColorOS Internet Browser com.heytap.browser application 45.10.3.4. ...)
-	TODO: check
+	NOT-FOR-US: ColorOS Internet Browser com.heytap.browser application
 CVE-2024-7921 (A vulnerability has been found in Anhui Deshun Intelligent Technology  ...)
 	NOT-FOR-US: Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016
 CVE-2024-7920 (A vulnerability, which was classified as problematic, was found in Anh ...)
@@ -121,9 +121,9 @@ CVE-2024-6330 (The GEO my WP WordPress plugin before 4.5.0.2 does not prevent un
 CVE-2024-44083 (ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a sect ...)
 	NOT-FOR-US: Hex-Rays IDA Pro
 CVE-2024-44076 (In Microcks before 1.10.0, the POST /api/import and POST /api/export e ...)
-	TODO: check
+	NOT-FOR-US: Microcks
 CVE-2024-44073 (The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust al ...)
-	TODO: check
+	NOT-FOR-US: Miniscript (aka rust-miniscript)
 CVE-2024-44070 (An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_enca ...)
 	TODO: check
 CVE-2024-44069 (Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= cal ...)
@@ -181,7 +181,7 @@ CVE-2024-43145 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2024-35686 (Missing Authorization vulnerability in Automattic Sensei LMS, Automatt ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-25582 (Module savepoints could be abused to inject references to malicious co ...)
-	TODO: check
+	NOT-FOR-US: Open-Xchange
 CVE-2024-7911 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...)
 	NOT-FOR-US: SourceCodester
 CVE-2024-7910 (A vulnerability was found in CodeAstro Online Railway Reservation Syst ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/353756f4c60f4351ffcd9d00fff6daf50fed6da9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/353756f4c60f4351ffcd9d00fff6daf50fed6da9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240819/9e98b91c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list