[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 18 09:30:10 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5aa9b75 by Salvatore Bonaccorso at 2024-12-18T10:29:39+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30,9 +30,9 @@ CVE-2024-52792 (LDAP Account Manager (LAM) is a php webfrontend for managing ent
 CVE-2024-51175 (An issue in H3C switch h3c-S1526 allows a remote attacker to obtain se ...)
 	NOT-FOR-US: H3C switch h3c-S1526
 CVE-2024-4464 (Authorization bypass through user-controlled key vulnerability in stre ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2024-47480 (Dell Inventory Collector Client, versions prior to 12.7.0, contains an ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-47397 (Weak authentication issue exists in AE1021 firmware versions 2.0.10 an ...)
 	TODO: check
 CVE-2024-39703 (In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able  ...)
@@ -48,47 +48,47 @@ CVE-2024-21547 (Versions of the package spatie/browsershot before 5.0.2 are vuln
 CVE-2024-21546 (Versions of the package unisharp/laravel-filemanager before 2.9.1 are  ...)
 	TODO: check
 CVE-2024-1610 (In OPPO Store APP, there's a possible escalation of privilege due to i ...)
-	TODO: check
+	NOT-FOR-US: OPPO Store APP
 CVE-2024-12698 (An incomplete fix for ose-olm-catalogd-container was issued for the Ra ...)
 	TODO: check
 CVE-2024-12596 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12539 (An issue was discovered where improper authorization controls affected ...)
 	- elasticsearch <removed>
 CVE-2024-12513 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12500 (The Philantro \u2013 Donations and Donor Management plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12449 (The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12432 (The WPC Shop as a Customer for WooCommerce plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12287 (The Biagiotti Membership plugin for WordPress is vulnerable to authent ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12259 (The CRM WordPress Plugin \u2013 RepairBuddy plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12250 (The Accept Authorize.NET Payments Using Contact Form 7 plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12061 (The Events Addon for Elementor plugin for WordPress is vulnerable to I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-12025 (The Collapsing Categories plugin for WordPress is vulnerable to SQL In ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11993 (Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7 ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-11881 (The Easy Waveform Player plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11748 (The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11439 (The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11295 (The Simple Page Access Restriction plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11254 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10892 (The Cost Calculator Builder WordPress plugin before 3.2.43 does not ha ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37940 (Cross-site scripting (XSS) vulnerability in the edit Service Access Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-9819 (Authorization Bypass Through User-Controlled Key vulnerability in Next ...)
 	NOT-FOR-US: NextGeography NG Analyser
 CVE-2024-9654 (The Easy Digital Downloads plugin for WordPress is vulnerable to Impro ...)
@@ -297991,13 +297991,13 @@ CVE-2021-26283
 CVE-2021-26282
 	RESERVED
 CVE-2021-26281 (Some parameters of the alarm clock module are improperly stored, leaki ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2021-26280 (Locally installed application can bypass the permission check and perf ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2021-26279 (Some parameters of the weather module are improperly stored, leaking s ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2021-26278 (The wifi module exposes the interface and has improper permission cont ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2021-26277 (The framework service handles pendingIntent incorrectly, allowing a ma ...)
 	NOT-FOR-US: Vivo
 CVE-2021-26276 (scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) p ...)
@@ -362457,13 +362457,13 @@ CVE-2020-12489
 CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...)
 	NOT-FOR-US: Vivo
 CVE-2020-12487 (Due to the flaws in the verification of input parameters, the attacker ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2020-12486
 	RESERVED
 CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...)
 	NOT-FOR-US: Vivo
 CVE-2020-12484 (When using special mode to connect to enterprise wifi, certain options ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...)
 	NOT-FOR-US: Vivo
 CVE-2020-12482



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5aa9b754c3cad8621aa72b3ca865616a061af6f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5aa9b754c3cad8621aa72b3ca865616a061af6f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241218/e20af8dd/attachment.htm>

More information about the debian-security-tracker-commits mailing list