[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 25 08:54:19 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e34b99e by Salvatore Bonaccorso at 2024-03-25T09:53:45+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,53 +1,53 @@
 CVE-2024-2863 (This vulnerability allows remote attackers to traverse paths via file  ...)
-	TODO: check
+	NOT-FOR-US: LG
 CVE-2024-2862 (This vulnerability allows remote attackers to reset the password of an ...)
-	TODO: check
+	NOT-FOR-US: LG
 CVE-2024-29216 (Exposed IOCTL with insufficient access control issue exists in cg6kwin ...)
-	TODO: check
+	NOT-FOR-US: cg6kwin2k.sys
 CVE-2024-29194 (OneUptime is a solution for monitoring and managing online services. T ...)
-	TODO: check
+	NOT-FOR-US: OneUptime
 CVE-2024-29188 (WiX toolset lets developers create installers for Windows Installer, t ...)
 	TODO: check
 CVE-2024-29187 (WiX toolset lets developers create installers for Windows Installer, t ...)
 	TODO: check
 CVE-2024-29071 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...)
-	TODO: check
+	NOT-FOR-US: HGW BL1500HM
 CVE-2024-29034 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...)
 	TODO: check
 CVE-2024-29009 (Cross-site request forgery (CSRF) vulnerability in easy-popup-show all ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-28041 (HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent una ...)
-	TODO: check
+	NOT-FOR-US: HGW BL1500HM
 CVE-2024-24899 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: openEuler aops-zeus
 CVE-2024-24897 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
-	TODO: check
+	NOT-FOR-US: openEuler A-Tune-Collector
 CVE-2024-24892 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: openEuler migration-tools
 CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: openEuler gala-gopher
 CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...)
-	TODO: check
+	NOT-FOR-US: HGW BL1500HM
 CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable to Prot ...)
 	TODO: check
 CVE-2024-1962 (The CM Download Manager  WordPress plugin before 2.9.1 does not have C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1564 (The wp-schema-pro WordPress plugin before 2.7.16 does not validate pos ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1232 (The CM Download Manager  WordPress plugin before 2.9.0 does not have C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1231 (The CM Download Manager  WordPress plugin before 2.9.0 does not have C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-37886 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-37885 (Missing Authorization vulnerability in InspiryThemes RealHomes.This is ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-33923 (Missing Authorization vulnerability in HashThemes Viral News, HashThem ...)
 	TODO: check
 CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has been classi ...)
 	TODO: check
 CVE-2020-36825 (A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and  ...)
-	TODO: check
+	NOT-FOR-US: cyberaz0r WebRAT
 CVE-2024-27281 [RCE vulnerability with .rdoc_options in RDoc]
 	- ruby3.2 <unfixed>
 	- ruby3.1 <unfixed>
@@ -56691,7 +56691,7 @@ CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey G ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-30480 (Missing Authorization vulnerability in Sparkle WP Educenter.This issue ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-30479
 	RESERVED
 CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...)
@@ -119788,7 +119788,7 @@ CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 a
 	- djangorestframework 3.10.2-1
 	NOTE: https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8 (3.9.1)
 CVE-2022-36407 (Insertion of Sensitive Information into Log File vulnerability in Hita ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-36386 (Authenticated Arbitrary Code Execution vulnerability in Soflyy Import  ...)
@@ -200168,7 +200168,7 @@ CVE-2021-33634 (iSulad uses the lcr+lxc runtime (default) to run malicious image
 CVE-2021-33633 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
 	NOT-FOR-US: openEuler aops-ceres
 CVE-2021-33632 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in ope ...)
-	TODO: check
+	NOT-FOR-US: openEuler iSulad
 CVE-2021-33631 (Integer Overflow or Wraparound vulnerability in openEuler kernel on Li ...)
 	- linux 6.1.4-1
 	[bullseye] - linux 5.10.178-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e34b99e23752511db4494622896c7e2d953ac27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e34b99e23752511db4494622896c7e2d953ac27
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240325/2e8eef3f/attachment.htm>

More information about the debian-security-tracker-commits mailing list