[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ab64d94 by Moritz Muehlenhoff at 2024-12-10T13:58:10+01:00
NFUs
drop confirmed TODO item

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -783,7 +783,7 @@ CVE-2024-42196 (HCL Launch stores potentially sensitive information in log files
 CVE-2024-30129 (The HTTP host header can be manipulated and cause the application to b ...)
 	NOT-FOR-US: HCL
 CVE-2024-21571 (Snyk has identified a remote code execution (RCE) vulnerability in all ...)
-	TODO: check
+	NOT-FOR-US: Snyk Code Agent
 CVE-2024-12254 (Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writel ...)
 	- python3.13 <unfixed> (bug #1089235)
 	- python3.12 <unfixed> (bug #1089236)
@@ -794,7 +794,6 @@ CVE-2024-12254 (Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/H4O3UBAOAQQXGT4RE3E4XQYR5XLROORB/
 	NOTE: https://github.com/python/cpython/commit/71e8429ac8e2adc10084ab5ec29a62f4b6671a82 (3.13-branch)
 	NOTE: https://github.com/python/cpython/commit/9aa0deb2eef2655a1029ba228527b152353135b5 (3.12-branch)
-	TODO: Double-check affected status for python3.11
 CVE-2024-12155 (The SV100 Companion plugin for WordPress is vulnerable to unauthorized ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-12110 (The Gold Addons for Elementor plugin for WordPress is vulnerable to un ...)
@@ -854,15 +853,15 @@ CVE-2024-10879 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress
 CVE-2024-10849 (The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10776 (Lua apps can be deployed, removed, started, reloaded or stopped withou ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2024-10774 (Unauthenticated CROWN APIs allow access to critical functions. This le ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2024-10773 (The product is vulnerable to pass-the-hash attacks in combination with ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2024-10772 (Since the firmware update is not validated, an attacker can install mo ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2024-10771 (Due to missing input validation during one step of the firmware update ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2024-10692 (The PowerPack Elementor Addons (Free Widgets, Extensions and Templates ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-10689 (The XLTab \u2013 Accordions and Tabs for Elementor Page Builder plugin ...)
@@ -2187,7 +2186,7 @@ CVE-2024-53505 (A SQL injection vulnerability has been identified in Siyuan 3.1.
 CVE-2024-53504 (A SQL injection vulnerability has been identified in Siyuan 3.1.11 via ...)
 	NOT-FOR-US: Siyuan
 CVE-2024-52810 (@intlify/shared is a shared library for the intlify project. The lates ...)
-	TODO: check
+	NOT-FOR-US: intlify
 CVE-2024-52809 (vue-i18n  is an internationalization plugin for Vue.js. In affected ve ...)
 	NOT-FOR-US: vue-i18n plugin for Vue.js
 CVE-2024-52801 (sftpgo is a full-featured and highly configurable event-driven file tr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab64d94f3fbf734dd41b3960765c0346df036c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ab64d94f3fbf734dd41b3960765c0346df036c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241210/aae153a1/attachment.htm>