[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 24 10:49:24 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1d5dca5 by Moritz Muehlenhoff at 2024-06-24T11:48:31+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,23 +21,23 @@ CVE-2024-4899 (The SEOPress  WordPress plugin before 7.8 does not sanitise and e
 CVE-2024-4499 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS s ...)
 	NOT-FOR-US: parisneo/lollms
 CVE-2024-4460 (A denial of service (DoS) vulnerability exists in zenml-io/zenml versi ...)
-	TODO: check
+	NOT-FOR-US: zenml
 CVE-2024-3121 (A remote code execution vulnerability exists in the create_conda_env f ...)
-	TODO: check
+	NOT-FOR-US: lollms
 CVE-2024-39337 (Click Studios Passwordstate Core before 9.8 build 9858 allows Authenti ...)
-	TODO: check
+	NOT-FOR-US: Click Studios Passwordstate
 CVE-2024-39334 (MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a  ...)
-	TODO: check
+	NOT-FOR-US: MENDELSON
 CVE-2024-24554 (Bludit uses predictable methods in combination with the MD5 hashing al ...)
-	TODO: check
+	NOT-FOR-US: Bludit CMS
 CVE-2024-24553 (Bludit uses the SHA-1 hashing algorithm to compute password hashes. Th ...)
-	TODO: check
+	NOT-FOR-US: Bludit CMS
 CVE-2024-24552 (A session fixation vulnerability in Bludit allows an attacker to bypas ...)
-	TODO: check
+	NOT-FOR-US: Bludit CMS
 CVE-2024-24551 (A security vulnerability has been identified in Bludit, allowing authe ...)
-	TODO: check
+	NOT-FOR-US: Bludit CMS
 CVE-2024-24550 (A security vulnerability has been identified in Bludit, allowing attac ...)
-	TODO: check
+	NOT-FOR-US: Bludit CMS
 CVE-2024-29868
 	NOT-FOR-US: Apache StreamPipes
 CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the atta ...)
@@ -210,7 +210,7 @@ CVE-2023-51375 (Missing Authorization vulnerability in WPDeveloper EmbedPress.Th
 CVE-2023-45673 (Joplin is a free, open source note taking and to-do application. A rem ...)
 	- joplin <itp> (bug #931306)
 CVE-2023-45197 (The file upload plugin in Adminer and AdminerEvo allows an attacker to ...)
-	TODO: check
+	NOT-FOR-US: Adminer plugin
 CVE-2023-39517 (Joplin is a free, open source note taking and to-do application. A Cro ...)
 	- joplin <itp> (bug #931306)
 CVE-2023-38506 (Joplin is a free, open source note taking and to-do application. A Cro ...)
@@ -523,7 +523,7 @@ CVE-2024-1639 (The License Manager for WooCommerce plugin for WordPress is vulne
 CVE-2023-3352 (The Smush plugin for WordPress is vulnerable to unauthorized deletion  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-47621 (ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XX ...)
-	TODO: check
+	NOT-FOR-US: ClassGraph
 CVE-2024-6196 (A vulnerability was found in itsourcecode Banking Management System 1. ...)
 	NOT-FOR-US: itsourcecode Banking Management System
 CVE-2024-6195 (A vulnerability has been found in itsourcecode Tailoring Management Sy ...)
@@ -611,7 +611,7 @@ CVE-2024-29013 (Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN
 CVE-2024-29012 (Stack-based buffer overflow vulnerability in the SonicOS HTTP server a ...)
 	NOT-FOR-US: SonicOS
 CVE-2024-28397 (An issue in the component js2py.disable_pyimport() of js2py up to v0.7 ...)
-	TODO: check
+	NOT-FOR-US: js2py
 CVE-2024-28147 (An authenticated user can upload arbitrary files in the upload  functi ...)
 	NOT-FOR-US: edu-sharing
 CVE-2023-49113 (The Kiuwan Local Analyzer (KLA) Java scanning application contains sev ...)
@@ -579573,7 +579573,7 @@ CVE-2014-5474
 CVE-2014-5473
 	RESERVED
 CVE-2014-5470 (Actual Analyzer through 2014-08-29 allows code execution via shell met ...)
-	TODO: check
+	NOT-FOR-US: Actual Analyzer
 CVE-2014-5469
 	RESERVED
 CVE-2014-5468 (A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1d5dca5ac4a0b9034bf19d14191997efdc706a6

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1d5dca5ac4a0b9034bf19d14191997efdc706a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240624/f7f1aa49/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list