[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 19 09:33:35 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f11faf45 by Salvatore Bonaccorso at 2024-06-19T10:30:54+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2024-6146 (Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overf ...)
-	TODO: check
+	NOT-FOR-US: Actiontec WCB6200Q
 CVE-2024-6145 (Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Actiontec WCB6200Q
 CVE-2024-6144 (Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remo ...)
-	TODO: check
+	NOT-FOR-US: Actiontec WCB6200Q
 CVE-2024-6143 (Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Exec ...)
-	TODO: check
+	NOT-FOR-US: Actiontec WCB6200Q
 CVE-2024-6142 (Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Exe ...)
-	TODO: check
+	NOT-FOR-US: Actiontec WCB6200Q
 CVE-2024-6132 (The Pexels: Free Stock Photos plugin for WordPress is vulnerable to ar ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6129 (A vulnerability, which was classified as problematic, was found in spa ...)
@@ -33,49 +33,49 @@ CVE-2024-5343 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for
 CVE-2024-5208 (An uncontrolled resource consumption vulnerability exists in the `uplo ...)
 	TODO: check
 CVE-2024-5021 (The WordPress Picture / Portfolio / Media Gallery plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4873 (The Replace Image plugin for WordPress is vulnerable to Insecure Direc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4787 (The Cost Calculator Builder PRO for WordPress is vulnerable to arbitra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4663 (The OSM Map Widget for Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4623 (The Blogmentor \u2013 Blog Layouts for Elementor plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4541 (The Custom Product List Table plugin for WordPress is vulnerable to Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4450 (The AliExpress Dropshipping with AliNext Lite plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3984 (The EmbedSocial \u2013 Social Media Feeds, Reviews and Galleries plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3894 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3229 (The Salon booking system plugin for WordPress is vulnerable to arbitra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37881 (SiteGuard WP Plugin provides a functionality to customize the path to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-37387 (Use of potentially dangerous function issue exists in Ricoh Streamline ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2024-37124 (Use of potentially dangerous function issue exists in Ricoh Streamline ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2024-36978 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/affc18fdc694190ca7575b9a86632a73b9fe043d (6.10-rc3)
 CVE-2024-36480 (Use of hard-coded credentials issue exists in Ricoh Streamline NX PC C ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2024-36252 (Improper restriction of communication channel to intended endpoints is ...)
-	TODO: check
+	NOT-FOR-US: Ricoh
 CVE-2024-35298 (Improper authorization in handler for custom URL scheme issue in 'ZOZO ...)
 	TODO: check
 CVE-2024-2381 (The AliExpress Dropshipping with AliNext Lite plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1407 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0789 (The WP Maintenance plugin for WordPress is vulnerable to IP Address Sp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6692 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6116 (A vulnerability, which was classified as critical, has been found in i ...)
 	NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
 CVE-2024-6115 (A vulnerability classified as critical was found in itsourcecode Simpl ...)
@@ -102,7 +102,7 @@ CVE-2024-5899 (When Bazel Plugin in intellij imports a project (either using "im
 CVE-2024-5750
 	REJECTED
 CVE-2024-5275 (A hard-coded password in the FileCatalyst TransferAgent can be found w ...)
-	TODO: check
+	NOT-FOR-US: FileCatalyst TransferAgent
 CVE-2024-38507 (In JetBrains Hub before 2024.2.34646 stored XSS via project descriptio ...)
 	NOT-FOR-US: JetBrains Hub
 CVE-2024-38506 (In JetBrains YouTrack before 2024.2.34646 user without appropriate per ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f11faf457a6a86dc8f9cbf53ca0a1e724531506a

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f11faf457a6a86dc8f9cbf53ca0a1e724531506a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240619/b0445937/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list