[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 13 05:32:54 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c89233a by Salvatore Bonaccorso at 2024-07-13T06:32:20+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
 CVE-2024-6495 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6353 (The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6328 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5325 (The Form Vibes plugin for WordPress is vulnerable to SQL Injection via ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-40690 (IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2024-40552 (PublicCMS v4.0.202302.e was discovered to contain a remote commande ex ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40551 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40550 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40549 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40548 (An arbitrary file upload vulnerability in the component /admin/cmsTemp ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40547 (PublicCMS v4.0.202302.e was discovered to contain an arbitrary file co ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40546 (An arbitrary file upload vulnerability in the component /admin/cmsWebF ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40545 (An arbitrary file upload vulnerability in the component /admin/cmsWebF ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40544 (PublicCMS v4.0.202302.e was discovered to contain a Server-Side Reques ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40543 (PublicCMS v4.0.202302.e was discovered to contain a Server-Side Reques ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2024-40542 (my-springsecurity-plus before v2024.07.03 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-40541 (my-springsecurity-plus before v2024.07.03 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-40540 (my-springsecurity-plus before v2024.07.03 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-40539 (my-springsecurity-plus before v2024.07.03 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-40522 (There is a remote code execution vulnerability in SeaCMS 12.9. The vul ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-40521 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-40520 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-40519 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-40518 (SeaCMS 12.9 has a remote code execution vulnerability. The vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-40110 (Sourcecodester Poultry Farm Management System v1.0 contains an Unauthe ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Poultry Farm Management System
 CVE-2024-39917 (xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have  ...)
 	TODO: check
 CVE-2024-39916 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
-	TODO: check
+	NOT-FOR-US: FOG
 CVE-2024-39914 (FOG is a cloning/imaging/rescue suite/inventory management system. Pri ...)
-	TODO: check
+	NOT-FOR-US: FOG
 CVE-2024-39909 (KubeClarity is a tool for detection and management of Software Bill Of ...)
-	TODO: check
+	NOT-FOR-US: KubeClarity
 CVE-2024-39903 (Solara is a pure Python, React-style framework for scaling Jupyter and ...)
 	TODO: check
 CVE-2024-39340 (Securepoint UTM before 12.6.5 mishandles OTP codes.)
@@ -576,7 +576,7 @@ CVE-2024-6588 (The PowerPress Podcasting plugin by Blubrry plugin for WordPress
 CVE-2024-6555 (The WP Popups \u2013 WordPress Popup builder plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6468 (Vault and Vault Enterprise did not properly handle requests originatin ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2024-6396 (A vulnerability in the `_backup_run` function in aimhubio/aim version  ...)
 	NOT-FOR-US: aimhubio/aim
 CVE-2024-6392 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress  ...)
@@ -608,11 +608,11 @@ CVE-2024-1375 (The Event post plugin for WordPress is vulnerable to unauthorized
 CVE-2024-0974 (The Social Media Widget WordPress plugin before 4.0.9 does not sanitis ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6681 (A vulnerability, which was classified as critical, has been found in w ...)
-	TODO: check
+	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-6680 (A vulnerability classified as critical was found in witmy my-springsec ...)
-	TODO: check
+	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-6679 (A vulnerability classified as critical has been found in witmy my-spri ...)
-	TODO: check
+	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-6643
 	REJECTED
 CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...)
@@ -729,7 +729,7 @@ CVE-2024-2602 (CWE-22: Improper Limitation of a Pathname to a Restricted Directo
 CVE-2024-28872 (The TLS certificate validation code is flawed. An attacker can obtain  ...)
 	TODO: check
 CVE-2024-6676 (A vulnerability has been found in witmy my-springsecurity-plus up to 2 ...)
-	TODO: check
+	NOT-FOR-US: witmy my-springsecurity-plus
 CVE-2024-6666 (The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6655



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c89233aebf7f5a1b0208bf8dab8d25753a0e42e

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c89233aebf7f5a1b0208bf8dab8d25753a0e42e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240713/a79348ca/attachment.htm>

More information about the debian-security-tracker-commits mailing list