[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a27fb40 by Salvatore Bonaccorso at 2024-06-13T11:11:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2024-5787 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5757 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5661 (An issue has been identified in both XenServer 8 and Citrix Hypervisor ...)
-	TODO: check
+	NOT-FOR-US: XenServer 8 and Citrix Hypervisor
 CVE-2024-5265 (The WPBakery Visual Composer plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4615 (The Elespare \u2013 Blog, Magazine and Newspaper Addons for Elementor  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4576 (The component listed above contains a vulnerability that allows an att ...)
 	TODO: check
 CVE-2024-4201 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
 	TODO: check
 CVE-2024-4149 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4145 (The Search & Replace WordPress plugin before 3.2.2 does not sanitize a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3922 (The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3552 (The Web Directory Free WordPress plugin before 1.7.0 does not sanitise ...)
 	TODO: check
 CVE-2024-3468 (There is a vulnerability in AVEVA PI Web API that could allow maliciou ...)
@@ -27,13 +27,13 @@ CVE-2024-3467 (There is a vulnerability in AVEVA PI Asset Framework Client that
 CVE-2024-3032 (Themify Builder WordPress plugin before 7.5.8 does not validate a para ...)
 	TODO: check
 CVE-2024-38295 (ALCASAR before 3.6.1 allows still_connected.php remote code execution.)
-	TODO: check
+	NOT-FOR-US: ALCASAR
 CVE-2024-38294 (ALCASAR before 3.6.1 allows email_registration_back.php remote code ex ...)
-	TODO: check
+	NOT-FOR-US: ALCASAR
 CVE-2024-38293 (ALCASAR before 3.6.1 allows CSRF and remote code execution in activity ...)
-	TODO: check
+	NOT-FOR-US: ALCASAR
 CVE-2024-37665 (An access control issue in Wvp GB28181 Pro 2.0 allows authenticated at ...)
-	TODO: check
+	NOT-FOR-US: Wvp GB28181 Pro
 CVE-2024-36523 (An access control issue in Wvp GB28181 Pro 2.0 allows users to continu ...)
 	TODO: check
 CVE-2024-36239 (Adobe Experience Manager versions 6.5.20 and earlier Answer: are affec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a27fb40350a304d5f6786ce2748b379f700d017

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a27fb40350a304d5f6786ce2748b379f700d017
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240613/604b781f/attachment.htm>