[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 9 21:57:06 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eddbc3d6 by Salvatore Bonaccorso at 2024-07-09T22:56:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,59 +9,59 @@ CVE-2024-6237 (A flaw was found in the 389 Directory Server. This flaw allows an
 	NOTE: https://github.com/389ds/389-ds-base/issues/5989
 	NOTE: https://github.com/389ds/389-ds-base/commit/e8dd583685e6143f2027f97569de4cc45ba46e14 (389-ds-base-2.4.5)
 CVE-2024-6222 (In Docker Desktop before v4.29.0, an attacker who has gained access to ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop
 CVE-2024-6168 (The Just Custom Fields plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6167 (The Just Custom Fields plugin for WordPress is vulnerable to unauthori ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6069 (The Registration Forms \u2013 User Registration Forms, Invitation-Base ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5993 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unaut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5992 (The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unaut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5946 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5937 (The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5856 (The Comment Images Reloaded plugin for WordPress is vulnerable to unau ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5810 (The WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100 pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5704 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5669 (The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5652 (In Docker Desktop on Windows before v4.31.0allows a user in the docker ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop
 CVE-2024-5648 (The LearnDash LMS \u2013 Reports plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5634 (Longse modelLBH30FE200W cameras, as well as products based on this dev ...)
-	TODO: check
+	NOT-FOR-US: Longse model LBH30FE200W cameras
 CVE-2024-5633 (Longse modelLBH30FE200W cameras, as well as products based on this dev ...)
-	TODO: check
+	NOT-FOR-US: Longse model LBH30FE200W cameras
 CVE-2024-5632 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well as prod ...)
-	TODO: check
+	NOT-FOR-US: Longse NVR (Network Video Recorder) model NVR3608PGE2W
 CVE-2024-5631 (Longse NVR (Network Video Recorder) modelNVR3608PGE2W, as well as prod ...)
-	TODO: check
+	NOT-FOR-US: Longse NVR (Network Video Recorder) model NVR3608PGE2W
 CVE-2024-5600 (The SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic Enqueue ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5479 (The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5457 (The Panda Video plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5456 (The Panda Video plugin for WordPress is vulnerable to Local File Inclu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4868 (The Extensions for Elementor plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4862 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4102 (The Pricing Table plugin for WordPress is vulnerable to unauthorized a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4100 (The Pricing Table plugin for WordPress is vulnerable to Cross-Site Req ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-40750 (Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 dev ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2024-40742 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
 	TODO: check
 CVE-2024-40741 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
@@ -97,59 +97,59 @@ CVE-2024-40727 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allo
 CVE-2024-40726 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)
 	TODO: check
 CVE-2024-40039 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-40038 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-40037 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-40036 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-40035 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-40034 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-3608 (The Product Designer plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3604 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to SQL ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3603 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3596 (RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a  ...)
 	TODO: check
 CVE-2024-3563 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3228 (The Social Sharing Plugin \u2013 Kiwi plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39899 (PrivateBin is an online pastebin where the server has zero knowledge o ...)
 	TODO: check
 CVE-2024-39897 (zot is an OCI image registry. Prior to 2.1.0, the cache driver `GetBlo ...)
 	TODO: check
 CVE-2024-39888 (A vulnerability has been identified in Mendix Encryption (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39876 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39875 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39874 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39873 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39872 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39871 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39870 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39869 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39868 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39867 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39866 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39865 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39698 (electron-updater allows for automatic updates for Electron apps. The f ...)
 	TODO: check
 CVE-2024-39697 (phonenumber is a library for parsing, formatting and validating intern ...)
@@ -157,21 +157,21 @@ CVE-2024-39697 (phonenumber is a library for parsing, formatting and validating
 CVE-2024-39684 (Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...)
 	TODO: check
 CVE-2024-39675 (A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39571 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39570 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39569 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39568 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39567 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2024-39171 (Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist check ...)
-	TODO: check
+	NOT-FOR-US: PHPVibe
 CVE-2024-39118 (Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write  ...)
-	TODO: check
+	NOT-FOR-US: Mommy Heather Advanced Backups
 CVE-2024-39063 (Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSR ...)
 	TODO: check
 CVE-2024-38972 (A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows att ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eddbc3d6666ed32ce9ec153cfc9766755d62326c

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eddbc3d6666ed32ce9ec153cfc9766755d62326c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240709/58cff231/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list