[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 12 21:44:50 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5233344d by Salvatore Bonaccorso at 2024-06-12T22:44:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,7 +79,7 @@ CVE-2024-36761 (naga v0.14.0 was discovered to contain a stack overflow via the
 CVE-2024-36699 (GNU Debugger v8.2 to v14.2 was discovered to contain a buffer overflow ...)
 	TODO: check
 CVE-2024-36691 (Insecure permissions in the AdminController.AjaxSave() method of PPGo_ ...)
-	TODO: check
+	NOT-FOR-US: PPGo_Jobs
 CVE-2024-36265 (** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability  ...)
 	NOT-FOR-US: Apache Submarine Server Core
 CVE-2024-36264 (** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability  ...)
@@ -87,83 +87,83 @@ CVE-2024-36264 (** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerab
 CVE-2024-36263 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
 	NOT-FOR-US: Apache Submarine Server Core
 CVE-2024-34065 (Strapi is an open-source content management system. By combining two v ...)
-	TODO: check
+	NOT-FOR-US: Strapi
 CVE-2024-31881 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
 	NOT-FOR-US: IBM
 CVE-2024-31217 (Strapi is an open-source content management system. Prior to version 4 ...)
-	TODO: check
+	NOT-FOR-US: Strapi
 CVE-2024-2747 (CWE-428: Unquoted search path or element vulnerability exists in Easer ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2024-2300 (HP Advance Mobile Applications for iOS and Android are potentially vul ...)
-	TODO: check
+	NOT-FOR-US: HP Advance Mobile Applications for iOS and Android
 CVE-2024-2230
 	REJECTED
 CVE-2024-2092 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-29181 (Strapi is an open-source content management system. Prior to version 4 ...)
-	TODO: check
+	NOT-FOR-US: Strapi
 CVE-2024-28964 (Dell Common Event Enabler, version 8.9.10.0 and prior, contain an inse ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-28762 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
 	NOT-FOR-US: IBM
 CVE-2024-25949 (Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x an ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-24051 (Improper input validation of printing files in Monoprice Select Mini V ...)
-	TODO: check
+	NOT-FOR-US: Monoprice Select Mini
 CVE-2024-22855 (A cross-site scripting (XSS) vulnerability in the User Maintenance sec ...)
-	TODO: check
+	NOT-FOR-US: ITSS iMLog
 CVE-2024-1891 (A stored cross site scripting vulnerability exists in Tenable Security ...)
-	TODO: check
+	NOT-FOR-US: Tenable Security Center
 CVE-2024-1766 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1659 (Arbitrary File Upload vulnerability in MegaBIP software allows attacke ...)
-	TODO: check
+	NOT-FOR-US: MegaBIP
 CVE-2024-1577 (Remote Code Execution vulnerability in MegaBIP software allows to exec ...)
-	TODO: check
+	NOT-FOR-US: MegaBIP
 CVE-2024-1576 (SQL Injection vulnerability in MegaBIP software allows attacker to obt ...)
-	TODO: check
+	NOT-FOR-US: MegaBIP
 CVE-2024-0865 (CWE-798: Use of hard-coded credentials vulnerability exists that could ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2023-52177 (Missing Authorization vulnerability in SoftLab Integrate Google Drive. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-52117 (Missing Authorization vulnerability in Metagauss ProfileGrid.This issu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51680 (Missing Authorization vulnerability in TechnoVama Quotes for WooCommer ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51679 (Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51671 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51670 (Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.Th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51537 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51526 (Missing Authorization vulnerability in Brett Shumaker Simple Staff Lis ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51524 (Missing Authorization vulnerability in weForms.This issue affects weFo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51413 (Missing Authorization vulnerability in Piotnet Forms.This issue affect ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49559 (An issue in vektah gqlparser open-source-library v.2.5.10 allows a rem ...)
 	TODO: check
 CVE-2023-48280 (Missing Authorization vulnerability in Consensu.IO Consensu.Io.This is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47845 (Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47828 (Missing Authorization vulnerability in Mandrill wpMandrill.This issue  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-44234 (Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.Th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41240 (Missing Authorization vulnerability in Vark Pricing Deals for WooComme ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-40672 (Missing Authorization vulnerability in Hardik Chavada Sticky Social Me ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-40603 (Missing Authorization vulnerability in Gangesh Matta Simple Org Chart. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-40209 (Missing Authorization vulnerability in Himalaya Saxena Highcompress Im ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-38395 (Missing Authorization vulnerability in Afzal Multani WP Clone Menu.Thi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5892 (The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin for Word ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5873
@@ -102039,7 +102039,7 @@ CVE-2023-25032 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25030 (Missing Authorization vulnerability in Buy Me a Coffee.This issue affe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5233344d645e41a6fa6bc87bc1563923e5a9f1d0

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5233344d645e41a6fa6bc87bc1563923e5a9f1d0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240612/c5faf78f/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list