[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 17 21:08:05 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
24e2f140 by Salvatore Bonaccorso at 2024-07-17T22:07:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2024-5252 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerab
 CVE-2024-5251 (The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-40637 (dbt enables data analysts and engineers to transform their data using  ...)
-	TODO: check
+	NOT-FOR-US: dbt-core
 CVE-2024-40536 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovere ...)
 	NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
 CVE-2024-40535 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...)
@@ -316,7 +316,7 @@ CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has
 CVE-2024-39887 (An SQL Injection vulnerability in Apache Superset exists due to improp ...)
 	NOT-FOR-US: Apache Superset
 CVE-2024-39700 (JupyterLab extension template is a  `copier` template for JupyterLab e ...)
-	TODO: check
+	NOT-FOR-US: JupyterLab extension template
 CVE-2024-39036 (SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.)
 	NOT-FOR-US: SeaCMS
 CVE-2024-35338 (Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password  ...)
@@ -328,7 +328,7 @@ CVE-2024-33181 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-base
 CVE-2024-33180 (Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buff ...)
 	NOT-FOR-US: Tenda
 CVE-2024-32861 (Under certain circumstances the Software House C\u25cfCURE 9000 Site S ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2024-2691 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-22442 (The vulnerability could be remotely exploited to bypass authentication ...)
@@ -735,9 +735,9 @@ CVE-2024-41008 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.9.7-1
 	NOTE: https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)
 CVE-2024-40632 (Linkerd is an open source, ultralight, security-first service mesh for ...)
-	TODO: check
+	NOT-FOR-US: Linkerd
 CVE-2024-40524 (Directory Traversal vulnerability in xmind2testcase v.1.5 allows a rem ...)
-	TODO: check
+	NOT-FOR-US: xmind2testcase
 CVE-2023-52290 (In streampark-console the list pages(e.g: application pages), users ca ...)
 	NOT-FOR-US: Apache StreamPark
 CVE-2024-6746 (A vulnerability classified as problematic was found in NaiboWang EasyS ...)
@@ -757,7 +757,7 @@ CVE-2024-6398 (An information disclosure vulnerability in SWG in versions 12.x p
 CVE-2024-5402 (Unquoted Search Path or Element vulnerability in ABB Mint Workbench.   ...)
 	NOT-FOR-US: ABB
 CVE-2024-40631 (Plate media is an open source, rich-text editor for React. Editors tha ...)
-	TODO: check
+	NOT-FOR-US: Plate media
 CVE-2024-40630 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
 	- openimageio <unfixed>
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-jjm9-9m4m-c8p2
@@ -781,13 +781,13 @@ CVE-2024-40415 (A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 fu
 CVE-2024-40414 (A vulnerability in /goform/SetNetControlList in the sub_656BC function ...)
 	NOT-FOR-US: Tenda
 CVE-2024-39919 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...)
-	TODO: check
+	NOT-FOR-US: jasonraimondi/url-to-png
 CVE-2024-39918 (@jmondi/url-to-png is an open source URL to PNG utility featuring para ...)
-	TODO: check
+	NOT-FOR-US: jasonraimondi/url-to-png
 CVE-2024-39915 (Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Ic ...)
 	NOT-FOR-US: Thruk
 CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries and a Sym ...)
-	TODO: check
+	NOT-FOR-US: web-auth/webauthn-lib PHP libraries and Symfony bundle
 CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace Desktop  ...)
 	NOT-FOR-US: Zoom
 CVE-2024-39826 (Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24e2f14047b59dfd92754edddb842db7f8c5b9a2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24e2f14047b59dfd92754edddb842db7f8c5b9a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240717/63084f6a/attachment.htm>

More information about the debian-security-tracker-commits mailing list