[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 28 10:25:10 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
07958801 by Salvatore Bonaccorso at 2024-08-28T11:23:52+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,35 +31,35 @@ CVE-2024-8217 (A vulnerability has been found in SourceCodester E-Commerce Websi
 CVE-2024-8216 (A vulnerability, which was classified as critical, has been found in n ...)
 	NOT-FOR-US: nafisulbari/itsourcecode Insurance Management System
 CVE-2024-8030 (The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Buil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-7573 (The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6448 (The Mollie Payments for WooCommerce plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6312 (The Funnelforms Free plugin for WordPress is vulnerable to arbitrary f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6311 (The Funnelforms Free plugin for WordPress is vulnerable to arbitrary f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4556 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Access Manager
 CVE-2024-4555 (Improper Privilege Management vulnerability in OpenText NetIQ Access M ...)
-	TODO: check
+	NOT-FOR-US: (OpenText) NetIQ Access Manager
 CVE-2024-4554 (Improper Input Validation vulnerability in OpenText NetIQ Access Manag ...)
-	TODO: check
+	NOT-FOR-US: (OpenText) NetIQ Access Manager
 CVE-2024-45346 (A code execution vulnerability exists in the XiaomiGetApps application ...)
-	TODO: check
+	NOT-FOR-US: XiaomiGetApps application
 CVE-2024-45049 (Hydra is a Continuous Integration service for Nix based projects. It i ...)
 	TODO: check
 CVE-2024-45038 (Meshtastic device firmware is a firmware for meshtastic devices to run ...)
-	TODO: check
+	NOT-FOR-US: Meshtastic device firmware
 CVE-2024-39771 (QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier  ...)
 	TODO: check
 CVE-2024-39584 (Dell Client Platform BIOS contains a Use of Default Cryptographic Key  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-45896 (ntfs3 in the Linux kernel before 6.5.11 allows a physically proximate  ...)
 	TODO: check
 CVE-2023-43078 (Dell Dock Firmware and Dell Client Platform contain an Improper Link R ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-44943 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.10.3-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -147,7 +147,7 @@ CVE-2024-42851 (Buffer Overflow vulnerability in open source exiftags v.1.01 all
 CVE-2024-41622 (D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command ...)
 	NOT-FOR-US: D-Link
 CVE-2024-40395 (An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 all ...)
-	TODO: check
+	NOT-FOR-US: PTC ThingWorx
 CVE-2024-3982 (An attacker with local access to machine where MicroSCADA X SYS600 is  ...)
 	NOT-FOR-US: Hitachi
 CVE-2024-3980 (The product allows user input to control or influence paths or file na ...)
@@ -117474,13 +117474,13 @@ CVE-2023-26326 (The BuddyForms WordPress plugin, in versions prior to 2.7.8, was
 CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin, is affe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-26324 (A code execution vulnerability exists in the XiaomiGetApps application ...)
-	TODO: check
+	NOT-FOR-US: XiaomiGetApps application
 CVE-2023-26323 (A code execution vulnerability exists in the Xiaomi App market product ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2023-26322 (A code execution vulnerability exists in the XiaomiGetApps application ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2023-26321 (A path traversal vulnerability exists in the Xiaomi File Manager appli ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2023-26320 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
 	NOT-FOR-US: Xiaomi
 CVE-2023-26319 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
@@ -237566,11 +237566,11 @@ CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Ente
 CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...)
 	NOT-FOR-US: Micro Focus
 CVE-2021-38122 (A Cross-Site Scripting vulnerable identified in NetIQ Advance Authenti ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Advance Authentication
 CVE-2021-38121 (Insufficient or weak TLS protocol version identified in Advance authen ...)
-	TODO: check
+	NOT-FOR-US: NetIQ
 CVE-2021-38120 (A vulnerability identified in Advance Authentication that allows bash  ...)
-	TODO: check
+	NOT-FOR-US: NetIQ
 CVE-2021-38119
 	RESERVED
 CVE-2021-38118
@@ -277063,9 +277063,9 @@ CVE-2021-22532
 CVE-2021-22531 (A bug exist in the input parameter of Access Manager that allows suppl ...)
 	NOT-FOR-US: Microfocus
 CVE-2021-22530 (A vulnerability identified in NetIQ Advance Authentication that doesn' ...)
-	TODO: check
+	NOT-FOR-US: NetIQ
 CVE-2021-22529 (A vulnerability identified in NetIQ Advance Authentication that leaks  ...)
-	TODO: check
+	NOT-FOR-US: NetIQ
 CVE-2021-22528 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
 	NOT-FOR-US: NetIQ Access Manager
 CVE-2021-22527 (Information leakage vulnerability in NetIQ Access Manager prior to 5.0 ...)
@@ -277105,7 +277105,7 @@ CVE-2021-22511 (Improper Certificate Validation vulnerability in Micro Focus App
 CVE-2021-22510 (Reflected XSS vulnerability in Micro Focus Application Automation Tool ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2021-22509 (A vulnerability identified in storing and reusing information in Advan ...)
-	TODO: check
+	NOT-FOR-US: NetIQ
 CVE-2021-22508 (A potential vulnerability has been identified for OpenText Operations  ...)
 	NOT-FOR-US: OpenText Operations Bridge Reporter
 CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Bridge M ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07958801d18ae46d5ab8daf1d8d04e5321f2d7e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07958801d18ae46d5ab8daf1d8d04e5321f2d7e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240828/91461325/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list