[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 7 20:36:42 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b28e94c by Salvatore Bonaccorso at 2024-03-07T21:36:04+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
 CVE-2024-2245 (Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sendin ...)
-	TODO: check
+	NOT-FOR-US: moziloCMS
 CVE-2024-2241 (Improper access control in the user interface in Devolutions Workspace ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2024-2136 (The WPKoi Templates for Elementor plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2128 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2127 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-28230 (In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-28229 (In JetBrains YouTrack before 2024.1.25893 user without appropriate per ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-28228 (In JetBrains YouTrack before 2024.1.25893 creation comments on behalf  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2024-27733 (File Upload vulnerability in Byzro Network Smart s42 Management Platfo ...)
-	TODO: check
+	NOT-FOR-US: Byzro Network Smart s42 Management Platform
 CVE-2024-22752 (Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allow ...)
-	TODO: check
+	NOT-FOR-US: EaseUS MobiMover
 CVE-2024-22256 (VMware Cloud Director contains a partial information disclosure vulner ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2024-1931 (NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 c ...)
 	TODO: check
 CVE-2024-1773 (The PDF Invoices and Packing Slips For WooCommerce plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1725 (A flaw was found in the kubevirt-csi component of OpenShift Virtualiza ...)
 	TODO: check
 CVE-2024-1534 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1442 (A user with the permissions to create a data source can use Grafana AP ...)
 	TODO: check
 CVE-2024-1382 (The Restaurant Reservations plugin for WordPress is vulnerable to Loca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1351 (Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Se ...)
 	TODO: check
 CVE-2024-1170 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1169 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0917 (remote code execution in paddlepaddle/paddle 2.6.0)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2024-0818 (Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle bef ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2024-0203 (The Digits plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48725 (A stack-based buffer overflow vulnerability exists in the JSON Parsing ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2023-47691 (Missing Authorization vulnerability in Podlove Podlove Web Player.This ...)
 	TODO: check
 CVE-2023-42662 (JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, ...)
@@ -81,13 +81,13 @@ CVE-2024-28212 (nGrinder before 3.5.9 uses old version of SnakeYAML, which could
 CVE-2024-28211 (nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by ...)
 	NOT-FOR-US: nGrinder
 CVE-2024-28111 (Canarytokens helps track activity and actions on a network. Canarytoke ...)
-	TODO: check
+	NOT-FOR-US: Canarytokens
 CVE-2024-28110 (Go SDK for CloudEvents is the official CloudEvents SDK to integrate ap ...)
 	TODO: check
 CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using python-cryp ...)
 	TODO: check
 CVE-2024-28101 (The Apollo Router is a graph router written in Rust to run a federated ...)
-	TODO: check
+	NOT-FOR-US: Apollo Router
 CVE-2024-28097 (Calendar functionality in Schoolbox application  before version 23.1.3 ...)
 	NOT-FOR-US: Schoolbox application
 CVE-2024-28096 (Class functionality in Schoolbox application  before version 23.1.3 is ...)
@@ -107,13 +107,13 @@ CVE-2024-27933 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. In ve
 CVE-2024-27932 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in ...)
 	NOT-FOR-US: Deno
 CVE-2024-27927 (RSSHub is an open source RSS feed generator. Prior to version 1.0.0-ma ...)
-	TODO: check
+	NOT-FOR-US: RSSHub
 CVE-2024-27926 (RSSHub is an open source RSS feed generator. Starting in version 1.0.0 ...)
-	TODO: check
+	NOT-FOR-US: RSSHub
 CVE-2024-27923 (Grav is a content management system (CMS). Prior to version 1.7.43, us ...)
 	NOT-FOR-US: Grav CMS
 CVE-2024-27922 (TOMP Bare Server implements the TompHTTP bare server. A vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: TOMP Bare Server
 CVE-2024-27918 (Coder allows oragnizations to provision remote development environment ...)
 	TODO: check
 CVE-2024-26566 (An issue in Cute Http File Server v.3.1 allows a remote attacker to es ...)
@@ -131,9 +131,9 @@ CVE-2024-1506 (The Prime Slider \u2013 Addons For Elementor plugin for WordPress
 CVE-2024-1500 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1460 (MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vul ...)
-	TODO: check
+	NOT-FOR-US: MSI Afterburner
 CVE-2024-1443 (MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vuln ...)
-	TODO: check
+	NOT-FOR-US: MSI Afterburner
 CVE-2024-1419 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1377 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
@@ -141,9 +141,9 @@ CVE-2024-1377 (The Happy Addons for Elementor plugin for WordPress is vulnerable
 CVE-2024-1366 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-0817 (Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2024-0815 (Command injection in paddle.utils.download._wget_download (bypass filt ...)
-	TODO: check
+	NOT-FOR-US: PaddlePaddle
 CVE-2023-51395 (The vulnerability described by CVE-2023-0972 has been additionally dis ...)
 	NOT-FOR-US: Silicon Labs
 CVE-2023-51281 (Cross Site Scripting vulnerability in Customer Support System v.1.0 al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b28e94ce3442720cd9526cb77b300e9415db70a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b28e94ce3442720cd9526cb77b300e9415db70a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240307/06bd7050/attachment.htm>

More information about the debian-security-tracker-commits mailing list