[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 5 21:23:27 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55f1f248 by Salvatore Bonaccorso at 2024-06-05T22:22:37+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,49 +2,49 @@ CVE-2024-5629 (An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or ea
 	- pymongo <unfixed>
 	NOTE: https://jira.mongodb.org/browse/PYTHON-4305
 CVE-2024-5571 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5536 (The GamiPress \u2013 Link plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5526 (Grafana OnCall is an easy-to-use on-call management tool that will hel ...)
 	TODO: check
 CVE-2024-5459 (The Restaurant Menu and Food Ordering plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5184 (The EmailGPT service contains a prompt injection vulnerability.The ser ...)
-	TODO: check
+	NOT-FOR-US: EmailGPT service
 CVE-2024-5037 (A flaw was found in OpenShift's Telemeter. If certain conditions are i ...)
 	TODO: check
 CVE-2024-4821 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4812 (A flaw was found in the Katello plugin for Foreman, where it is possib ...)
 	TODO: check
 CVE-2024-4743 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4009 (Replay Attack  in ABB, Busch-Jaeger, FTS Display (version 1.00) and BC ...)
-	TODO: check
+	NOT-FOR-US: ABB, Busch-Jaeger, FTS Display and BCU
 CVE-2024-4008 (FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (ve ...)
-	TODO: check
+	NOT-FOR-US: ABB, Busch-Jaeger, FTS Display and BCU
 CVE-2024-4001 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3716 (A flaw was found in foreman-installer when puppet-candlepin is invoked ...)
 	TODO: check
 CVE-2024-3469 (The GP Premium plugin for WordPress is vulnerable to Reflected Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-36837 (SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker  ...)
-	TODO: check
+	NOT-FOR-US: CRMEB
 CVE-2024-36670 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-36669 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-36668 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-36667 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-36129 (The OpenTelemetry Collector offers a vendor-agnostic implementation on ...)
 	TODO: check
 CVE-2024-35674 (Missing Authorization vulnerability in Unlimited Elements Unlimited El ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35673 (Cross-Site Request Forgery (CSRF) vulnerability in Pure Chat by Ruby P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-31631
 	REJECTED
 CVE-2024-31630
@@ -66,51 +66,51 @@ CVE-2024-31623
 CVE-2024-31622
 	REJECTED
 CVE-2024-28818 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27382 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27381 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27380 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27379 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27378 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27377 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27376 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27375 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27374 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27373 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27372 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27371 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-27370 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-20405 (A vulnerability in the web-based management interface of Cisco Finesse ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-20404 (A vulnerability in the web-based management interface of Cisco Finesse ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2024-1662 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: PORTY Smart Tech Technology Joint Stock Company PowerBank Application
 CVE-2024-1272 (Inclusion of Sensitive Information in Source Code vulnerability in TNB ...)
-	TODO: check
+	NOT-FOR-US: TNB Mobile Solutions Cockpit Software
 CVE-2023-6734
 	REJECTED
 CVE-2023-50804 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-50803 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-49928 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2023-49927 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-5636 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...)
 	NOT-FOR-US: Bakery Online Ordering System
 CVE-2024-5635 (A vulnerability was found in itsourcecode Bakery Online Ordering Syste ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f1f2486276cef54b9a90ae42a146037cf747a6

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55f1f2486276cef54b9a90ae42a146037cf747a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240605/b7f0592d/attachment.htm>


More information about the debian-security-tracker-commits mailing list