[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 16 08:24:29 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ca1e271 by Salvatore Bonaccorso at 2024-03-16T09:23:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2024-2514 (A vulnerability classified as critical was found in MAGESH-K21 Online- ...)
-	TODO: check
+	NOT-FOR-US: MAGESH-K21 Online-College-Event-Hall-Reservation-System
 CVE-2024-2308 (The ElementInvader Addons for Elementor plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2294 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2042 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source library fo ...)
 	- ruby-rotp <unfixed>
 	NOTE: https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f
@@ -13,59 +13,59 @@ CVE-2024-28862 (The Ruby One Time Password library (ROTP) is an open source libr
 CVE-2024-28859 (Symfony1 is a community fork of symfony 1.4 with DIC, form enhancement ...)
 	TODO: check
 CVE-2024-28640 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2024-28639 (Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B2020110 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLink
 CVE-2024-28070 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2024-28069 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2024-27197 (Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27195 (Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Waterm ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-27194 (Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Font ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24845 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-24156 (Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github  ...)
-	TODO: check
+	NOT-FOR-US: Gnuboard
 CVE-2024-23523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-23298 (A logic issue was addressed with improved state management.)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-22513 (djangorestframework-simplejwt version 5.3.1 and before is vulnerable t ...)
 	TODO: check
 CVE-2024-22259 (Applications that use UriComponentsBuilder in Spring Frameworkto parse ...)
 	TODO: check
 CVE-2024-1733 (The Word Replacer Pro plugin for WordPress is vulnerable to unauthoriz ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1685 (The Social Media Share Buttons plugin for WordPress is vulnerable to P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1239 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6525 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51521 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51512 (Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table b ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51510 (Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51491 (Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Sli ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51489 (Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51487 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51486 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao WooCommerce  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51474 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClass ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51407 (Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Spl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-36483 (An authorization bypass was discovered in the Carrier MASmobile Classi ...)
-	TODO: check
+	NOT-FOR-US: Carrier applications
 CVE-2021-47135 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d874e6c06952382897d35bf4094193cd44ae91bd (5.13-rc5)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ca1e2710923ae3ea0890ca9625cca2bb917c60a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ca1e2710923ae3ea0890ca9625cca2bb917c60a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240316/b9c36163/attachment.htm>

More information about the debian-security-tracker-commits mailing list