[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 1 16:17:07 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d182553 by Salvatore Bonaccorso at 2024-06-01T17:16:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,9 +39,9 @@ CVE-2024-34002 (In a shared hosting environment that has been misconfigured to a
 CVE-2024-34001 (Actions in the admin preset tool did not include the necessary token t ...)
 	- moodle <removed>
 CVE-2024-2933 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2506 (The Popup Builder \u2013 Create highly converting, mobile friendly mar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2295 (The Contact Form Manager plugin for WordPress is vulnerable to Stored  ...)
 	TODO: check
 CVE-2024-1324 (The QQWorld Auto Save Images plugin for WordPress is vulnerable to una ...)
@@ -84,7 +84,7 @@ CVE-2024-36120 (javascript-deobfuscator removes common JavaScript obfuscation te
 CVE-2024-36108 (casgate is an Open Source Identity and Access Management system. In af ...)
 	TODO: check
 CVE-2024-35196 (Sentry is a developer-first error tracking and performance monitoring  ...)
-	TODO: check
+	NOT-FOR-US: Sentry
 CVE-2024-35142 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a  ...)
 	NOT-FOR-US: IBM
 CVE-2024-35140 (IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a  ...)
@@ -108,29 +108,29 @@ CVE-2024-31889 (IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-
 CVE-2024-31030 (An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote  ...)
 	TODO: check
 CVE-2024-29848 (An unrestricted file upload vulnerability in web component of Ivanti A ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29846 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29830 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29829 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29828 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29827 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29826 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29825 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29824 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29823 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of Ivanti EP ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a local attack ...)
-	TODO: check
+	NOT-FOR-US: Debezium Community debezium-ui
 CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is vulnera ...)
 	TODO: check
 CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess, all versio ...)
@@ -186,9 +186,9 @@ CVE-2024-36246 (Missing authorization vulnerability exists in Unifier and Unifie
 CVE-2024-36119 (Statamic is a, Laravel + Git powered CMS designed for building website ...)
 	TODO: check
 CVE-2024-32850 (Improper neutralization of special elements used in a command ('Comman ...)
-	TODO: check
+	NOT-FOR-US: SkyBridge
 CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifier Cast ...)
 	TODO: check
 CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...)
@@ -269,9 +269,9 @@ CVE-2024-3584 (qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal d
 CVE-2024-3583 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3301 (An unsafe .NET object deserialization vulnerability in DELMIA Apriso R ...)
-	TODO: check
+	NOT-FOR-US: DELMIA Apriso
 CVE-2024-3300 (An unsafe .NET object deserialization vulnerability in DELMIA Apriso R ...)
-	TODO: check
+	NOT-FOR-US: DELMIA Apriso
 CVE-2024-36118 (MeterSphere is a test management and interface testing tool. In affect ...)
 	NOT-FOR-US: MeterSphere
 CVE-2024-35504 (A cross-site scripting (XSS) vulnerability in the login page of FineSo ...)
@@ -317,17 +317,17 @@ CVE-2024-35349 (A vulnerability has been discovered in Di\xf1o Physics School As
 CVE-2024-35345 (A vulnerability has been discovered in Di\xf1o Physics School Assistan ...)
 	NOT-FOR-US: Dino Physics School Assistant
 CVE-2024-35228 (Wagtail is an open source content management system built on Django. D ...)
-	TODO: check
+	NOT-FOR-US: Wagtail
 CVE-2024-35189 (Fides is an open-source privacy engineering platform. The Fides webser ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2024-34171 (Fuji Electric Monitouch V-SFT  is vulnerable to a stack-based buffer o ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric Monitouch V-SFT
 CVE-2024-32877 (Yii 2 is a PHP application framework. During internal penetration test ...)
 	TODO: check
 CVE-2024-32029
 	REJECTED
 CVE-2024-2657 (The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2422 (LenelS2 NetBox access control and event monitoring system was discover ...)
 	TODO: check
 CVE-2024-2421 (LenelS2 NetBox access control and event monitoring system was discover ...)
@@ -769,7 +769,7 @@ CVE-2024-36267 (Path traversal vulnerability exists in Redmine DMSF Plugin versi
 CVE-2024-36114 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...)
 	TODO: check
 CVE-2024-35221 (Rubygems.org is the Ruby community's gem hosting service. A Gem publis ...)
-	TODO: check
+	NOT-FOR-US: Rubygems.org gem hosting service
 CVE-2024-2253 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5185 (The EmbedAI application is susceptible to security issues that enable  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d182553e2b13640d44ba0e25d45aed507b9a1c9

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d182553e2b13640d44ba0e25d45aed507b9a1c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240601/da0561c5/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list