[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 3 09:39:03 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18163ce9 by Salvatore Bonaccorso at 2024-07-03T10:38:17+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
 CVE-2024-6453 (A vulnerability was found in itsourcecode Farm Management System 1.0.  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Farm Management System
 CVE-2024-6340 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6263 (The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4708 (mySCADA myPRO   uses a hard-coded password which could allow an attack ...)
-	TODO: check
+	NOT-FOR-US: mySCADA myPRO
 CVE-2024-4543 (The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4482 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39920 (The TCP protocol in RFC 9293 has a timing side channel that makes it e ...)
 	TODO: check
 CVE-2024-39326 (SkillTree is a micro-learning gamification platform. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: SkillTree
 CVE-2024-39325 (aimeos/ai-controller-frontend is the  Aimeos frontend controller. Prio ...)
-	TODO: check
+	NOT-FOR-US: Aimeos frontend controller
 CVE-2024-39324 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Sta ...)
-	TODO: check
+	NOT-FOR-US: Aimeos GraphQL API admin interface
 CVE-2024-39322 (aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administ ...)
-	TODO: check
+	NOT-FOR-US: Aimeos e-commerce JSON API for administrative tasks
 CVE-2024-38453 (The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows at ...)
-	TODO: check
+	NOT-FOR-US: Avalara for Salesforce CPQ app
 CVE-2024-37082 (Security check loophole in HAProxy release (in combination with routin ...)
 	TODO: check
 CVE-2024-32673 (Improper Validation of Array Index vulnerability in Samsung Open Sourc ...)
@@ -43,9 +43,9 @@ CVE-2024-2040 (The Himer WordPress theme before 2.1.1 does not have CSRF checks
 CVE-2024-24791 (The net/http HTTP/1.1 client mishandled the case where a server respon ...)
 	TODO: check
 CVE-2024-6452 (A vulnerability classified as critical was found in linlinjava litemal ...)
-	TODO: check
+	NOT-FOR-US: linlinjava litemall
 CVE-2024-6441 (A vulnerability was found in ORIPA up to 1.72. It has been declared as ...)
-	TODO: check
+	NOT-FOR-US: ORIPA
 CVE-2024-6440 (A vulnerability was found in SourceCodester Home Owners Collection Man ...)
 	NOT-FOR-US: SourceCodester Home Owners Collection Management System
 CVE-2024-6439 (A vulnerability was found in SourceCodester Home Owners Collection Man ...)
@@ -75,7 +75,7 @@ CVE-2024-5865 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others
 CVE-2024-5260 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4897 (parisneo/lollms-webui, in its latest version, is vulnerable to remote  ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-4836 (Web services managed by Edito CMS (Content Management System) in versi ...)
 	NOT-FOR-US: Edito CMS
 CVE-2024-4467 (A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...)
@@ -94,7 +94,7 @@ CVE-2024-39894 (OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attac
 CVE-2024-39891 (In the Twilio Authy API, accessed by Authy Android before 25.1.0 and A ...)
 	NOT-FOR-US: Twilio Authy API
 CVE-2024-39323 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Sta ...)
-	TODO: check
+	NOT-FOR-US: Aimeos GraphQL API admin interface
 CVE-2024-39316 (Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...)
 	TODO: check
 CVE-2024-39315 (Pomerium is an identity and context-aware access proxy. Prior to versi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18163ce92859870c5c8389424524cc9dd52e4ee1

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18163ce92859870c5c8389424524cc9dd52e4ee1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240703/22993466/attachment.htm>

More information about the debian-security-tracker-commits mailing list