[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 2 22:02:48 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
45052991 by Salvatore Bonaccorso at 2024-07-02T23:02:10+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2024-6452 (A vulnerability classified as critical was found in linlinjava li
CVE-2024-6441 (A vulnerability was found in ORIPA up to 1.72. It has been declared as ...)
TODO: check
CVE-2024-6440 (A vulnerability was found in SourceCodester Home Owners Collection Man ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Home Owners Collection Management System
CVE-2024-6439 (A vulnerability was found in SourceCodester Home Owners Collection Man ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Home Owners Collection Management System
CVE-2024-6438 (A vulnerability has been found in Hitout Carsale 1.0 and classified as ...)
- TODO: check
+ NOT-FOR-US: Hitout Carsale
CVE-2024-6382 (Incorrect handling of certain string inputs may result in MongoDB Rust ...)
TODO: check
CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be susc ...)
@@ -15,35 +15,35 @@ CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be
CVE-2024-6341
REJECTED
CVE-2024-6264 (The Post Meta Data Manager plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6099 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6088 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6012 (The Cost Calculator Builder plugin for WordPress is vulnerable to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6011 (The Cost Calculator Builder plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5866 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The ...)
- TODO: check
+ NOT-FOR-US: Delinea Centrify PAS
CVE-2024-5865 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The ...)
- TODO: check
+ NOT-FOR-US: Delinea Centrify PAS
CVE-2024-5260 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4897 (parisneo/lollms-webui, in its latest version, is vulnerable to remote ...)
TODO: check
CVE-2024-4836 (Web services managed by Edito CMS (Content Management System) in versi ...)
- TODO: check
+ NOT-FOR-US: Edito CMS
CVE-2024-4467 (A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...)
TODO: check
CVE-2024-4268 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3826 (In versions of Akana in versions prior to and including 2022.1.3 valid ...)
TODO: check
CVE-2024-39894 (OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks aga ...)
TODO: check
CVE-2024-39891 (In the Twilio Authy API, accessed by Authy Android before 25.1.0 and A ...)
- TODO: check
+ NOT-FOR-US: Twilio Authy API
CVE-2024-39323 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Sta ...)
TODO: check
CVE-2024-39316 (Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...)
@@ -51,11 +51,11 @@ CVE-2024-39316 (Rack is a modular Ruby web server interface. Starting in version
CVE-2024-39315 (Pomerium is an identity and context-aware access proxy. Prior to versi ...)
TODO: check
CVE-2024-39206 (An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 all ...)
- TODO: check
+ NOT-FOR-US: MSP360 Backup Agent
CVE-2024-39143 (A stored cross-site scripting (XSS) vulnerability exists in ResidenceC ...)
- TODO: check
+ NOT-FOR-US: ResidenceCMS
CVE-2024-39119 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
- TODO: check
+ NOT-FOR-US: idccms
CVE-2024-38857 (Improper neutralization of input in Checkmk before versions 2.3.0p8, 2 ...)
TODO: check
CVE-2024-38537 (Fides is an open-source privacy engineering platform. `fides.js`, a cl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/450529916e45f132fd7b9a5cca1e05c1da961769
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/450529916e45f132fd7b9a5cca1e05c1da961769
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240702/a3553169/attachment.htm>
More information about the debian-security-tracker-commits
mailing list