[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 6 09:37:49 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
475acb13 by Salvatore Bonaccorso at 2024-12-06T10:37:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-9769 (The Video Gallery \u2013 Best WordPress YouTube Gallery plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a  ...)
 	TODO: check
 CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could ...)
@@ -9,13 +9,13 @@ CVE-2024-54140 (sigstore-java is a sigstore java client for interacting with sig
 CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary F ...)
 	TODO: check
 CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: JSFinder
 CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the Device Settin ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2024-52798 (path-to-regexp turns path strings into a regular expressions. In certa ...)
 	TODO: check
 CVE-2024-49041 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-38920 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
 	TODO: check
 CVE-2024-38910 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versio ...)
@@ -39,27 +39,27 @@ CVE-2024-30961 (Insecure Permissions vulnerability in Open Robotics Robotic Oper
 CVE-2024-12064
 	REJECTED
 CVE-2024-11585 (The WP Hide & Security Enhancer plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11379 (The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11201 (The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11178 (The Login With OTP plugin for WordPress is vulnerable to authenticatio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11149 (In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits p ...)
 	TODO: check
 CVE-2024-10933 (In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, ex ...)
 	TODO: check
 CVE-2024-10836 (The Flixita theme for WordPress is vulnerable to Reflected Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-10578 (The Pubnews theme for WordPress is vulnerable to unauthorized arbitrar ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-10551 (The Sticky Social Icons WordPress plugin through 1.2.1 does not saniti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10480 (The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10247 (The Video Gallery \u2013 Best WordPress YouTube Gallery Plugin plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found providing a pot ...)
 	NOT-FOR-US: ABB
 CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a potential ...)
@@ -208,15 +208,15 @@ CVE-2024-11155 (A \u201cuse after free\u201d  code execution vulnerability exist
 CVE-2024-11148 (In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, ht ...)
 	TODO: check
 CVE-2024-10937 (The Related Posts, Inline Related Posts, Contextual Related Posts, Rel ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10848 (The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-10777 (The AnyWhere Elementor plugin for WordPress is vulnerable to Informati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10716 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS i ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2024-10056 (The Contact Form Builder by vcita plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50913 (Oxide control plane software before 5 allows SSRF.)
 	TODO: check
 CVE-2023-48010 (STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism ...)
@@ -476532,7 +476532,7 @@ CVE-2018-9464
 CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a pos ...)
 	TODO: check
 CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds write du ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9461
 	RESERVED
 CVE-2018-9460
@@ -476578,7 +476578,7 @@ CVE-2018-9441 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out
 CVE-2018-9440 (In parse of M3UParser.cpp there is a possible resource exhaustion due  ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2018-9439 (In __unregister_prot_hook and packet_release of af_packet.c, there is  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9438 (When a device connects only over WiFi VPN, the device may not receive  ...)
 	NOT-FOR-US: Android
 CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read due to  ...)
@@ -476647,31 +476647,31 @@ CVE-2018-9410 (In analyzeAxes of FontUtils.cpp, there is a possible out of bound
 CVE-2018-9409 (In HWCSession::SetColorModeById of hwc_session.cpp, there is a possibl ...)
 	NOT-FOR-US: Android
 CVE-2018-9408 (In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Ou ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9407 (In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9406
 	RESERVED
 CVE-2018-9405
 	RESERVED
 CVE-2018-9404 (In oemCallback of ril.cpp, there is a possible out of bounds write due ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9403 (In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_-     i ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9402 (In multiple functions of gl_proc.c, there is a buffer overwrite due to ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9401
 	RESERVED
 CVE-2018-9400 (In gt1x_debug_write_proc and gt1x_tool_write of     drivers/input/touc ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9399 (In /proc/driver/wmt_dbg driver, there are several possible out of boun ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9398 (In fm_set_stat of mediatek FM radio driver, there is a possible OOB wr ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9397 (In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OO ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9396 (In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9395 (In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor ...)
 	NOT-FOR-US: Android
 CVE-2018-9394 (In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen ...)
@@ -476681,17 +476681,17 @@ CVE-2018-9393 (In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2
 CVE-2018-9392 (In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps ...)
 	NOT-FOR-US: Android
 CVE-2018-9391 (In update_gps_sv and output_vzw_debug of     vendor/mediatek/proprieta ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9390 (In procfile_write of gl_proc.c, there is a possible out of  bounds rea ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9389
 	RESERVED
 CVE-2018-9388 (In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_p ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9387
 	RESERVED
 CVE-2018-9386 (In reboot_block_command of htc reboot_block driver, there is a possibl ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bounds w ...)
 	- linux 4.16.12-1
 	[stretch] - linux 4.9.107-1
@@ -515612,7 +515612,7 @@ CVE-2017-13310 (In createFromParcel of ViewPager.java, there is a possible read/
 CVE-2017-13309 (In readEncryptedData of ConscryptEngine.java, there is a possible plai ...)
 	NOT-FOR-US: Android
 CVE-2017-13308 (In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there i ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci sysf ...)
 	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
 CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh driv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475acb1375fe6f891558f0325d66534936fe61e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475acb1375fe6f891558f0325d66534936fe61e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241206/b0178070/attachment.htm>

More information about the debian-security-tracker-commits mailing list