[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 19 12:01:53 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5cd290d5 by Moritz Muehlenhoff at 2024-06-19T13:00:44+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2024-5574 (The WP Magazine Modules Lite plugin for WordPress is vulnerable t
 CVE-2024-5343 (The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for Word ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5208 (An uncontrolled resource consumption vulnerability exists in the `uplo ...)
-	TODO: check
+	NOT-FOR-US: anything-llm
 CVE-2024-5021 (The WordPress Picture / Portfolio / Media Gallery plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4873 (The Replace Image plugin for WordPress is vulnerable to Insecure Direc ...)
@@ -67,7 +67,7 @@ CVE-2024-36480 (Use of hard-coded credentials issue exists in Ricoh Streamline N
 CVE-2024-36252 (Improper restriction of communication channel to intended endpoints is ...)
 	NOT-FOR-US: Ricoh
 CVE-2024-35298 (Improper authorization in handler for custom URL scheme issue in 'ZOZO ...)
-	TODO: check
+	NOT-FOR-US: ZOZOTOWN
 CVE-2024-2381 (The AliExpress Dropshipping with AliNext Lite plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1407 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...)
@@ -112,7 +112,7 @@ CVE-2024-38505 (In JetBrains YouTrack before 2024.2.34646 user access token was
 CVE-2024-38504 (In JetBrains YouTrack before 2024.2.34646 the Guest User Account was e ...)
 	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-38351 (Pocketbase is an open source web backend written in go. In affected ve ...)
-	TODO: check
+	NOT-FOR-US: Pocketbase
 CVE-2024-38348 (CodeProjects Health Care hospital Management System v1.0 was discovere ...)
 	NOT-FOR-US: CodeProjects Health Care hospital Management System
 CVE-2024-38347 (CodeProjects Health Care hospital Management System v1.0 was discovere ...)
@@ -466,15 +466,15 @@ CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through
 CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...)
 	- netatalk <unfixed>
 	NOTE: https://github.com/Netatalk/netatalk/issues/1098
-	TODO: check, upstream details have been removed
+	NOTE: upstream details have been removed, pinged MITRE for clarification or rejection
 CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...)
 	- netatalk <unfixed>
 	NOTE: https://github.com/Netatalk/netatalk/issues/1097
-	TODO: check, upstream details have been removed
+	NOTE: upstream details have been removed, pinged MITRE for clarification or rejection
 CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...)
 	- netatalk <unfixed>
 	NOTE: https://github.com/Netatalk/netatalk/issues/1096
-	TODO: check, upstream details have been removed
+	NOTE: upstream details have been removed, pinged MITRE for clarification or rejection
 CVE-2024-36397 (Vantiva - MediaAccess DGA2232v19.4 -CWE-79: Improper Neutralization of ...)
 	NOT-FOR-US: Vantiva
 CVE-2024-38428 (url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo ...)
@@ -1595,7 +1595,7 @@ CVE-2024-37629 (SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) vi
 CVE-2024-37304 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...)
 	NOT-FOR-US: NuGet Gallery
 CVE-2024-37300 (OAuthenticator is software that allows OAuth2 identity providers to be ...)
-	TODO: check
+	NOT-FOR-US: OAuthenticator
 CVE-2024-37297 (WooCommerce is an open-source e-commerce platform built on WordPress.  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-37040 (CWE-120: Buffer Copy without Checking Size of Input (\u2018Classic Buf ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd290d5f6f0045ede4bd850b07cc85c470b1042

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd290d5f6f0045ede4bd850b07cc85c470b1042
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240619/37f8866f/attachment.htm>

More information about the debian-security-tracker-commits mailing list