[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 4 09:33:13 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1651411 by Salvatore Bonaccorso at 2024-05-04T10:29:37+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3237 (The ConvertPlug plugin for WordPress is vulnerable to unauthorized mod ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34461 (Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snip ...)
-	TODO: check
+	NOT-FOR-US: Zenario
 CVE-2024-34460 (The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is a ...)
-	TODO: check
+	NOT-FOR-US: Zenario
 CVE-2024-1050 (The Import and export users and customers plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7065 (The Stop Spammers Security | Block Spam Users, Comments, Forms plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4466 (SQL injection vulnerability in Gescen on the centrosdigitales.net plat ...)
 	NOT-FOR-US: Gescen
 CVE-2024-4461 (Unquoted path or search item vulnerability in SugarSync versions prior ...)
@@ -875,9 +875,9 @@ CVE-2023-47220 (An OS command injection vulnerability has been reported to affec
 CVE-2023-44472 (Missing Authorization vulnerability in ThemeFuse Unyson.This issue aff ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-44452 (Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Exe ...)
-	TODO: check
+	NOT-FOR-US: Linux Mint Xreader
 CVE-2023-44451 (Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code E ...)
-	TODO: check
+	NOT-FOR-US: Linux Mint Xreader
 CVE-2023-44450 (NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch  ...)
 	NOT-FOR-US: Netgear
 CVE-2023-44449 (NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injectio ...)
@@ -909,7 +909,7 @@ CVE-2023-44432 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code
 CVE-2023-44431 (BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Exec ...)
 	TODO: check
 CVE-2023-44430 (Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vul ...)
-	TODO: check
+	NOT-FOR-US: Bentley
 CVE-2023-44428 (MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Exec ...)
 	TODO: check
 CVE-2023-44427 (D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injecti ...)
@@ -1895,11 +1895,11 @@ CVE-2023-32159 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote C
 CVE-2023-32158 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...)
 	NOT-FOR-US: PDF-XChange Editor
 CVE-2023-32157 (Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code ...)
-	TODO: check
+	NOT-FOR-US: Tesla
 CVE-2023-32156 (Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Tesla
 CVE-2023-32155 (Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vu ...)
-	TODO: check
+	NOT-FOR-US: Tesla
 CVE-2023-32154 (Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vuln ...)
 	NOT-FOR-US: Mikrotik RouterOS
 CVE-2023-32153 (D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vuln ...)
@@ -325182,13 +325182,13 @@ CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administra
 CVE-2019-19756 (An internal product security audit of Lenovo XClarity Administrator (L ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-19755 (ethOS through 1.3.3 ships with SSH host keys baked into the installati ...)
-	TODO: check
+	NOT-FOR-US: ethOS
 CVE-2019-19754 (HiveOS through 0.6-102 at 191212 ships with SSH host keys baked into the  ...)
-	TODO: check
+	NOT-FOR-US: HiveOS
 CVE-2019-19753 (SimpleMiningOS through v1259 ships with SSH host keys baked into the i ...)
 	NOT-FOR-US: SimpleMiningOS
 CVE-2019-19752 (nvOC through 3.2 ships with SSH host keys baked into the installation  ...)
-	TODO: check
+	NOT-FOR-US: nvOC
 CVE-2019-19751 (easyMINE before 2019-12-05 ships with SSH host keys baked into the ins ...)
 	NOT-FOR-US: easyMINE
 CVE-2019-19750 (minerstat msOS before 2019-10-23 does not have a unique SSH key for ea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d165141147842d59ddbb1a64557b9180ca2f5bbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d165141147842d59ddbb1a64557b9180ca2f5bbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240504/80d70e61/attachment.htm>

More information about the debian-security-tracker-commits mailing list