[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 28 21:30:27 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c78ad01 by Salvatore Bonaccorso at 2024-06-28T22:29:41+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,57 +1,57 @@
 CVE-2024-6403 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301 15.13.0 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-5972
 	REJECTED
 CVE-2024-5925 (The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-5922 (The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-5827 (Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration  ...)
-	TODO: check
+	NOT-FOR-US: Vanna
 CVE-2024-5737 (Script afGdStream.php inAdmirorFrames Joomla! extension doesn\u2019t s ...)
-	TODO: check
+	NOT-FOR-US: AdmirorFrames Joomla! extension
 CVE-2024-5736 (Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joom ...)
-	TODO: check
+	NOT-FOR-US: AdmirorFrames Joomla! extension
 CVE-2024-5735 (Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension  ...)
-	TODO: check
+	NOT-FOR-US: AdmirorFrames Joomla! extension
 CVE-2024-5712 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
-	TODO: check
+	NOT-FOR-US: stitionai/devika
 CVE-2024-5662 (The Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Car ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5424 (The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTub ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3995 (In Helix ALM versions prior to 2024.2.0, a local command injection was ...)
-	TODO: check
+	NOT-FOR-US: Helix ALM
 CVE-2024-3816 (Sites managed in S at M CMS (Concept Intermedia) might be vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: S at M CMS
 CVE-2024-3801 (Sites managed in S at M CMS (Concept Intermedia) might be vulnerable to R ...)
-	TODO: check
+	NOT-FOR-US: S at M CMS
 CVE-2024-3800 (Sites managed in S at M CMS (Concept Intermedia) might be vulnerable to R ...)
-	TODO: check
+	NOT-FOR-US: S at M CMS
 CVE-2024-39704 (Soft Circle French-Bread Melty Blood: Actress Again: Current Code thro ...)
-	TODO: check
+	NOT-FOR-US: Soft Circle French-Bread Melty Blood: Actress Again
 CVE-2024-38531 (Nix is a package manager for Linux and other Unix systems that makes p ...)
 	TODO: check
 CVE-2024-38528 (nptd-rs is a tool for synchronizing your computer's clock, implementin ...)
 	TODO: check
 CVE-2024-38522 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...)
-	TODO: check
+	NOT-FOR-US: Hush Line
 CVE-2024-38521 (Hush Line is a free and open-source, anonymous-tip-line-as-a-service f ...)
-	TODO: check
+	NOT-FOR-US: Hush Line
 CVE-2024-38514 (NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side ...)
-	TODO: check
+	NOT-FOR-US: NextChat cross-platform ChatGPT/Gemini UI
 CVE-2024-38374 (The CycloneDX core module provides a model representation of the SBOM  ...)
-	TODO: check
+	NOT-FOR-US: CycloneDX
 CVE-2024-38371 (authentik is an open-source Identity Provider. Access restrictions ass ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2024-38322 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent us ...)
 	NOT-FOR-US: IBM
 CVE-2024-37905 (authentik is an open-source Identity Provider that emphasizes flexibil ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2024-37741 (OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile  ...)
-	TODO: check
+	NOT-FOR-US: OpenPLC
 CVE-2024-35156 (IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sens ...)
 	NOT-FOR-US: IBM
 CVE-2024-35155 (IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote  ...)
@@ -179012,7 +179012,7 @@ CVE-2022-27542
 CVE-2022-27541 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
 	NOT-FOR-US: HP
 CVE-2022-27540 (A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has be ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2022-27539 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
 	NOT-FOR-US: HP
 CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c78ad012eb849a7b70cf3b0c27ea25dcb68704c

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c78ad012eb849a7b70cf3b0c27ea25dcb68704c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240628/c1ca24e0/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list