[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 16 21:24:23 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34471312 by Salvatore Bonaccorso at 2024-07-16T22:23:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,85 +1,85 @@
 CVE-2024-6621 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6579 (The Web and WooCommerce Addons for WPBakery Builder plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6570 (The Glossary plugin for WordPress is vulnerable to Full Path Disclosur ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6565 (The AForms \u2014 Form Builder for Price Calculator & Cost Estimation  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6492 (Exposure of Sensitive Information in edge browser session proxy featur ...)
-	TODO: check
+	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2024-6457 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6435 (A privilege escalation vulnerability exists in the affected products w ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-6326 (An exposure of sensitive information vulnerability exists in the Rockw ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-6325 (The v6.40 release of Rockwell Automation FactoryTalk\xae Policy Manage ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-6089 (An input validation vulnerability exists in the Rockwell Automation501 ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-5852 (The WordPress File Upload plugin for WordPress is vulnerable to Direct ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-40626 (Outline is an open source, collaborative document editor. A type confu ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2024-40516 (An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R ...)
-	TODO: check
+	NOT-FOR-US: H3C Magic RC3000 RC3000V100R009
 CVE-2024-40515 (An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.4 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-40505 (**UNSUPPORTED WHEN ASSIGNED** Directory Traversal vulnerability in D-L ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-40503 (An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to c ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-40456 (ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: ThinkSAAS
 CVE-2024-40455 (An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows atta ...)
-	TODO: check
+	NOT-FOR-US: ThinkSAAS
 CVE-2024-40425 (File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop ...)
-	TODO: check
+	NOT-FOR-US: Nanjin Xingyuantu Technology Co Sparkshop
 CVE-2024-40394 (Simple Library Management System Project Using PHP/MySQL v1.0 was disc ...)
-	TODO: check
+	NOT-FOR-US: Simple Library Management System Project Using PHP/MySQL
 CVE-2024-40393 (Online Clinic Management System In PHP With Free Source code v1.0 was  ...)
-	TODO: check
+	NOT-FOR-US: Online Clinic Management System In PHP With Free Source code
 CVE-2024-40392 (SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/M ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Pharmacy/Medical Store Point of Sale System
 CVE-2024-40322 (An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2024-40130 (open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.)
-	TODO: check
+	NOT-FOR-US: Open5GS
 CVE-2024-40129 (Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context ...)
-	TODO: check
+	NOT-FOR-US: Open5GS
 CVE-2024-3779 (Denial of service vulnerability present shortly after product installa ...)
-	TODO: check
+	NOT-FOR-US: ESET
 CVE-2024-3587 (The Premium Portfolio Features for Phlox theme plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3232 (A formula injection vulnerability exists in Tenable Identity Exposure  ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some  ...)
 	TODO: check
 CVE-2024-39887 (An SQL Injection vulnerability in Apache Superset exists due to improp ...)
-	TODO: check
+	NOT-FOR-US: Apache Superset
 CVE-2024-39700 (JupyterLab extension template is a  `copier` template for JupyterLab e ...)
 	TODO: check
 CVE-2024-39036 (SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2024-35338 (Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-33182 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-33181 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-33180 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-32861 (Under certain circumstances the Software House C\u25cfCURE 9000 Site S ...)
 	TODO: check
 CVE-2024-2691 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-22442 (The vulnerability could be remotely exploited to bypass authentication ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-21686 (This High severity Stored XSS vulnerability was introduced in versions ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2024-1937 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-31456 (There is an SSRF vulnerability in the Fluid Topics platform that affec ...)
 	TODO: check
 CVE-2023-52886 (In the Linux kernel, the following vulnerability has been resolved:  U ...)
@@ -363443,13 +363443,13 @@ CVE-2019-16643 (An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vu
 CVE-2019-16642 (App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has ...)
 	NOT-FOR-US: TuziCMS
 CVE-2019-16641 (An issue was found on the Ruijie EG-2000 series gateway. There is a bu ...)
-	TODO: check
+	NOT-FOR-US: Ruijie EG-2000
 CVE-2019-16640 (An issue was found in upload.php on the Ruijie EG-2000 series gateway. ...)
-	TODO: check
+	NOT-FOR-US: Ruijie EG-2000
 CVE-2019-16639 (An issue was found on the Ruijie EG-2000 series gateway. There is a ne ...)
-	TODO: check
+	NOT-FOR-US: Ruijie EG-2000
 CVE-2019-16638 (An issue was found on the Ruijie EG-2000 series gateway. An attacker c ...)
-	TODO: check
+	NOT-FOR-US: Ruijie EG-2000
 CVE-2019-16637
 	RESERVED
 CVE-2019-16636



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3447131288ebb9014b807e2dd7ff8f79368ae8a1

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3447131288ebb9014b807e2dd7ff8f79368ae8a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240716/327f55a5/attachment.htm>

More information about the debian-security-tracker-commits mailing list