[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 14 21:40:14 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80ab404e by Salvatore Bonaccorso at 2024-06-14T22:39:36+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,113 +1,113 @@
 CVE-2024-5996 (The notification emails sent by Soar Cloud HR Portal contain a link wi ...)
-	TODO: check
+	NOT-FOR-US: Soar Cloud HR Portal
 CVE-2024-5934
 	REJECTED
 CVE-2024-5731 (A vulnerability in the IPS Manager, Central Manager, and Local Manager ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2024-5685 (Users with "User:edit" and "Self:api" permissionscan promote or demote ...)
 	TODO: check
 CVE-2024-5671 (Insecure Deserialization in some workflows of the IPS Manager allows u ...)
-	TODO: check
+	NOT-FOR-US: Trellix
 CVE-2024-5659 (Rockwell Automation was made aware of a vulnerability that causes all  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-4863 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3912 (Certain models of ASUS routers have an arbitrary firmware upload vulne ...)
-	TODO: check
+	NOT-FOR-US: ASUS routers
 CVE-2024-37889 (MyFinances is a web application for managing finances. MyFinances has  ...)
-	TODO: check
+	NOT-FOR-US: MyFinances
 CVE-2024-37888 (The Open Link is a CKEditor plugin, extending context menu with a poss ...)
 	TODO: check
 CVE-2024-37887 (Nextcloud Server is a self hosted personal cloud system. Private share ...)
 	TODO: check
 CVE-2024-37886 (user_oidc app is an OpenID Connect user backend for Nextcloud. An atta ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud user_oidc app
 CVE-2024-37885 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
 	TODO: check
 CVE-2024-37884 (Nextcloud Server is a self hosted personal cloud system. A malicious u ...)
 	TODO: check
 CVE-2024-37883 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Deck
 CVE-2024-37882 (Nextcloud Server is a self hosted personal cloud system. A recipient o ...)
 	TODO: check
 CVE-2024-37831 (Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Inject ...)
-	TODO: check
+	NOT-FOR-US: Itsourcecode Payroll Management System
 CVE-2024-37645 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-37644 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcod ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-37643 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-37642 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-37641 (TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack o ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2024-37640 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-37639 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-37637 (TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stac ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-37369 (A privilege escalation vulnerability exists in the affected product. T ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-37368 (A user authentication vulnerability exists in the Rockwell AutomationF ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-37367 (A user authentication vulnerability exists in the Rockwell Automation  ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-37317 (The Nextcloud Notes app is a distraction free notes taking app for Nex ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Notes app
 CVE-2024-37316 (Nextcloud Calendar is a calendar app for Nextcloud. Authenticated user ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Calendar
 CVE-2024-37315 (Nextcloud Server is a self hosted personal cloud system. An attacker w ...)
 	TODO: check
 CVE-2024-37314 (Nextcloud Photos is a photo management app. Users can remove photos fr ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Photos
 CVE-2024-37313 (Nextcloud server is a self hosted personal cloud system. Under some ci ...)
 	TODO: check
 CVE-2024-37312 (user_oidc app is an OpenID Connect user backend for Nextcloud. Missing ...)
 	TODO: check
 CVE-2024-37182 (Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for p ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Desktop App
 CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript c ...)
-	TODO: check
+	NOT-FOR-US: MintHCM
 CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to  ...)
 	TODO: check
 CVE-2024-36599 (A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: Aegon Life
 CVE-2024-36598 (An arbitrary file upload vulnerability in Aegon Life v1.0 allows attac ...)
-	TODO: check
+	NOT-FOR-US: Aegon Life
 CVE-2024-36597 (Aegon Life v1.0 was discovered to contain a SQL injection vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Aegon Life
 CVE-2024-36459 (A CRLF cross-site scripting vulnerability has been identified in certa ...)
-	TODO: check
+	NOT-FOR-US: SiteMinder
 CVE-2024-36287 (Mattermost Desktop App versions <=5.7.0 fail to disable certain Electr ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Desktop App
 CVE-2024-34694 (LNbits is a Lightning wallet and accounts system. Paying invoices in E ...)
 	TODO: check
 CVE-2024-34539 (Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a  ...)
 	TODO: check
 CVE-2024-34012 (Local privilege escalation due to insecure folder permissions. The fol ...)
-	TODO: check
+	NOT-FOR-US: Acronis Cloud Manager
 CVE-2024-33377 (LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulner ...)
-	TODO: check
+	NOT-FOR-US: LB-LINK BL-W1210M
 CVE-2024-33375 (LB-LINK BL-W1210M v2.0 was discovered to store user credentials in pla ...)
-	TODO: check
+	NOT-FOR-US: LB-LINK BL-W1210M
 CVE-2024-33374 (Incorrect access control in the UART/Serial interface on the LB-LINK B ...)
-	TODO: check
+	NOT-FOR-US: LB-LINK BL-W1210M
 CVE-2024-33373 (An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypa ...)
-	TODO: check
+	NOT-FOR-US: LB-LINK BL-W1210M
 CVE-2024-2472 (The LatePoint Plugin plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2024 (The Folders Pro plugin for WordPress is vulnerable to arbitrary file u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2023 (The Folders and Folders Pro plugin for WordPress is vulnerable to Dire ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24320 (Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 t ...)
-	TODO: check
+	NOT-FOR-US: Mgt-commerce CloudPanel
 CVE-2024-23442 (An open redirect issue was discovered in Kibana that could lead to a u ...)
 	TODO: check
 CVE-2023-51376 (Missing Authorization vulnerability in Brainstorm Force ProjectHuddle  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5995 (The notification emails sent by Soar Cloud HR Portal contain a link wi ...)
 	NOT-FOR-US: Soar Cloud
 CVE-2024-5994 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ab404eb92e2324d91ed51f681a2f79465acb66

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ab404eb92e2324d91ed51f681a2f79465acb66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240614/cd418af7/attachment.htm>


More information about the debian-security-tracker-commits mailing list