[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jun 2 07:37:31 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1008259e by Salvatore Bonaccorso at 2024-06-02T08:36:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2024-5348 (The Elements For Elementor plugin for WordPress is vulnerable to Local ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4148 (A Regular Expression Denial of Service (ReDoS) vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-3821 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3820 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3200 (The wpForo Forum plugin for WordPress is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
 	- plasma-workspace 4:5.27.11.1-1
 	NOTE: https://kde.org/info/security/advisory-20240531-1.txt
@@ -57,11 +57,11 @@ CVE-2024-2933 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for Word
 CVE-2024-2506 (The Popup Builder \u2013 Create highly converting, mobile friendly mar ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2295 (The Contact Form Manager plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1324 (The QQWorld Auto Save Images plugin for WordPress is vulnerable to una ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6382 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5565 (The Vanna library uses a prompt function to present the user with visu ...)
 	TODO: check
 CVE-2024-5564 (A vulnerability was found in libndp. This flaw allows a local maliciou ...)
@@ -146,29 +146,29 @@ CVE-2024-29822 (An unspecified SQL Injection vulnerability in Core server of Iva
 CVE-2024-28736 (An issue in Debezium Community debezium-ui v.2.5 allows a local attack ...)
 	NOT-FOR-US: Debezium Community debezium-ui
 CVE-2024-23692 (Rejetto HTTP File Server, up to and including version 2.3m, is vulnera ...)
-	TODO: check
+	NOT-FOR-US: Rejetto HTTP File Server
 CVE-2024-23316 (HTTP request desynchronization in Ping Identity PingAccess, all versio ...)
 	TODO: check
 CVE-2024-22338 (IBM Security Verify Access OIDC Provider 22.09 through 23.03 could dis ...)
 	NOT-FOR-US: IBM
 CVE-2024-22060 (An unrestricted file upload vulnerability in web component of Ivanti N ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-22059 (A SQL injection vulnerability in web component of Ivanti Neurons for I ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-22058 (A buffer overflow allows a low privilege user on the local machine tha ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-1980
 	REJECTED
 CVE-2024-1275 (Use of Default Cryptographic Key vulnerability in Baxter Welch Ally Co ...)
-	TODO: check
+	NOT-FOR-US: Baxter Welch Ally Connex Spot Monitor
 CVE-2023-7073 (The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-46810 (A local privilege escalation vulnerability in Ivanti Secure Access Cli ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-38551 (A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) al ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2023-38042 (A local privilege escalation vulnerability in Ivanti Secure Access Cli ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2024-5525 (Improper privilege management vulnerability in Astrotalks affecting ve ...)
 	NOT-FOR-US: Astrotalks
 CVE-2024-5524 (Information exposure vulnerability in Astrotalks affecting version 10/ ...)
@@ -204,7 +204,7 @@ CVE-2024-32850 (Improper neutralization of special elements used in a command ('
 CVE-2024-2793 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-23847 (Incorrect default permissions issue exists in Unifier and Unifier Cast ...)
-	TODO: check
+	NOT-FOR-US: Unifier and Unifier Cast
 CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where an Atta ...)
 	TODO: check
 CVE-2024-5499 (Out of bounds write in Streams API in Google Chrome prior to 125.0.642 ...)
@@ -343,15 +343,15 @@ CVE-2024-32029
 CVE-2024-2657 (The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2422 (LenelS2 NetBox access control and event monitoring system was discover ...)
-	TODO: check
+	NOT-FOR-US: LenelS2 NetBox
 CVE-2024-2421 (LenelS2 NetBox access control and event monitoring system was discover ...)
-	TODO: check
+	NOT-FOR-US: LenelS2 NetBox
 CVE-2024-2420 (LenelS2 NetBox access control and event monitoring system was discover ...)
-	TODO: check
+	NOT-FOR-US: LenelS2 NetBox
 CVE-2024-2089 (The Remote Content Shortcode plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1100 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Vadi Corporate Information Systems DIGIKENT GIS
 CVE-2024-36959 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 6.8.11-1
 	NOTE: https://git.kernel.org/linus/a0cedbcc8852d6c77b00634b81e41f17f29d9404 (6.9-rc7)
@@ -82907,7 +82907,7 @@ CVE-2023-30316
 CVE-2023-30315
 	RESERVED
 CVE-2023-30314 (An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers a ...)
-	TODO: check
+	NOT-FOR-US: 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers
 CVE-2023-30313 (An issue discovered in Wavlink QUANTUM D2G routers allows attackers to ...)
 	NOT-FOR-US: Wavlink QUANTUM D2G routers
 CVE-2023-30312 (An issue discovered in routers running Openwrt 18.06, 19.07, 21.02, 22 ...)
@@ -178415,9 +178415,9 @@ CVE-2022-25040
 CVE-2022-25039
 	RESERVED
 CVE-2022-25038 (wanEditor v4.7.11 was discovered to contain a cross-site scripting (XS ...)
-	TODO: check
+	NOT-FOR-US: wanEditor
 CVE-2022-25037 (An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discov ...)
-	TODO: check
+	NOT-FOR-US: wanEditor
 CVE-2022-25036
 	RESERVED
 CVE-2022-25035



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1008259e86f8774b09a2a19529f8ae7da717f7a7

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1008259e86f8774b09a2a19529f8ae7da717f7a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240602/9df2cb41/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list