[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 4 21:55:19 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4356745 by Salvatore Bonaccorso at 2024-07-04T22:54:36+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,49 +1,49 @@
 CVE-2024-6513
 	REJECTED
 CVE-2024-6511 (A vulnerability classified as problematic was found in y_project RuoYi ...)
-	TODO: check
+	NOT-FOR-US: y_project RuoYi
 CVE-2024-6507 (Command injection when ingesting a remote Kaggle dataset due to a lack ...)
-	TODO: check
+	NOT-FOR-US: deeplake
 CVE-2024-6506 (Information exposure vulnerability in the MRW plugin, in its5.4.3 vers ...)
-	TODO: check
+	NOT-FOR-US: MRW plugin
 CVE-2024-6434 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6319 (The IMGspider plugin for WordPress is vulnerable to arbitrary file upl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6318 (The IMGspider plugin for WordPress is vulnerable to arbitrary file upl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5943 (The Nested Pages plugin for WordPress is vulnerable to Cross-Site Requ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3904 (Incorrect Default Permissions vulnerability in Smart Device Communicat ...)
-	TODO: check
+	NOT-FOR-US: Smart Device Communication Gateway on MELIPC Series MI5122-VW firmware
 CVE-2024-39934 (Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., ...)
-	TODO: check
+	NOT-FOR-US: Robotmk
 CVE-2024-39933 (Gogs through 0.13.0 allows argument injection during the tagging of a  ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2024-39932 (Gogs through 0.13.0 allows argument injection during the previewing of ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2024-39931 (Gogs through 0.13.0 allows deletion of internal files.)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2024-39930 (The built-in SSH server of Gogs through 0.13.0 allows argument injecti ...)
-	TODO: check
+	NOT-FOR-US: Go Git Service
 CVE-2024-39929 (Exim through 4.97.1 misparses a multiline RFC 2231 header filename, an ...)
 	TODO: check
 CVE-2024-39211 (Kaiten 57.128.8 allows remote attackers to enumerate user accounts via ...)
-	TODO: check
+	NOT-FOR-US: Kaiten
 CVE-2024-39165 (QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pr ...)
-	TODO: check
+	NOT-FOR-US: Asial JpGraph Professional
 CVE-2024-37476 (Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campai ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37474 (Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads al ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37472 (Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows R ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-37471 (Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core all ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32754 (Under certain circumstances, when the controller is in factory reset m ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2024-22277 (VMware Cloud Director Availability contains an HTML injection vulnerab ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-1574 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe  ...)
 	TODO: check
 CVE-2024-1573 (Improper Authentication vulnerability in the mobile monitoring feature ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4356745d3e61587c484a4203131c16e1c1aed48

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4356745d3e61587c484a4203131c16e1c1aed48
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240704/4bf08752/attachment.htm>


More information about the debian-security-tracker-commits mailing list