[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 18 19:58:52 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9abea01 by Salvatore Bonaccorso at 2024-07-18T20:58:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2024-6705 (The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6599 (The Meks Video Importer plugin for WordPress is vulnerable to unauthor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6175 (The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6164 (The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Loc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5964 (The Zenon Lite theme for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-5726 (The Timeline Event History plugin for WordPress is vulnerable to PHP O ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-41184 (In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived th ...)
 	TODO: check
 CVE-2024-40764 (Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allo ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2024-40492 (Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a ...)
-	TODO: check
+	NOT-FOR-US: Heartbeat Chat
 CVE-2024-39682 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39681 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39680 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39679 (Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39678 (Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29014 (Vulnerability in SonicWall NetExtender Windows (32 and 64-bit) client  ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2023-6708 (The SVG Support plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	TODO: check
 CVE-2023-43971 (Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote  ...)
@@ -73,13 +73,13 @@ CVE-2024-39124 (In Roundup before 2.4.0, classhelpers (_generic.help.html) allow
 CVE-2024-38870 (Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpM ...)
 	NOT-FOR-US: ZohocorpZohocorp ManageEngine
 CVE-2024-38447 (NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modi ...)
-	TODO: check
+	NOT-FOR-US: NATO NCI ANET
 CVE-2024-38446 (NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a r ...)
-	TODO: check
+	NOT-FOR-US: NATO NCI ANET
 CVE-2024-36491 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...)
-	TODO: check
+	NOT-FOR-US: FutureNet
 CVE-2024-36475 (FutureNet NXR series, VXR series and WXR series provided by Century Sy ...)
-	TODO: check
+	NOT-FOR-US: FutureNet
 CVE-2024-32981 (Silverstripe framework is the PHP framework forming the base for the S ...)
 	NOT-FOR-US: Silverstripe framework
 CVE-2024-31979 (Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes ...)
@@ -93,9 +93,9 @@ CVE-2024-30471 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
 CVE-2024-29885 (silverstripe/reports is an API for creating backend reports in the Sil ...)
 	NOT-FOR-US: Silverstripe reports
 CVE-2024-29737 (In streampark, the project module integrates Maven's compilation capab ...)
-	TODO: check
+	NOT-FOR-US: streampark
 CVE-2024-29120 (In Streampark (version < 2.1.4), when a user logged in successfully, t ...)
-	TODO: check
+	NOT-FOR-US: streampark
 CVE-2024-28993 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
 	NOT-FOR-US: SolarWinds
 CVE-2024-28992 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
@@ -972,17 +972,17 @@ CVE-2024-39819 (Improper privilege management in the installer for some Zoom Wor
 CVE-2024-39767 (Mattermost Mobile Apps versions <=2.16.0 fail to validate that the pus ...)
 	NOT-FOR-US: Mattermost Mobile Apps
 CVE-2024-38496 (The vulnerability allows a malicious low-privileged PAM user to access ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-38495 (A specific authentication strategy allows a malicious attacker to lear ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-38494 (This vulnerability allows a high-privileged authenticated PAM user to  ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-38493 (A reflected cross-site scripting (XSS) vulnerability exists in the PAM ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-38492 (This vulnerability allows an unauthenticated attacker to achieve remot ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-38491 (The vulnerability allows an unauthenticated attacker to read arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-38360 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
 CVE-2024-37386 (An issue was discovered in Stormshield Network Security (SNS) 4.0.0 th ...)
@@ -990,13 +990,13 @@ CVE-2024-37386 (An issue was discovered in Stormshield Network Security (SNS) 4.
 CVE-2024-37016 (Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypa ...)
 	NOT-FOR-US: Mengshen Wireless Door Alarm M70
 CVE-2024-36458 (The vulnerability allows a malicious low-privileged PAM user to perfor ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-36457 (The vulnerability allows an attacker to bypass the authentication requ ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-36456 (This vulnerability allows an unauthenticated attacker to achieve remot ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-36455 (An improper input validation allows an unauthenticated attacker to ach ...)
-	TODO: check
+	NOT-FOR-US: Broadcom (inaccessible reference)
 CVE-2024-36438 (eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access C ...)
 	NOT-FOR-US: eLinkSmart Hidden Smart Cabinet Lock
 CVE-2024-36434 (An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9abea0170d3e5fd7f20a47d00a174e0f8dec452

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9abea0170d3e5fd7f20a47d00a174e0f8dec452
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240718/fd34325e/attachment.htm>

More information about the debian-security-tracker-commits mailing list