[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 6 21:30:52 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1cceb72c by Salvatore Bonaccorso at 2024-05-06T22:30:12+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,7 +75,7 @@ CVE-2024-34529 (Nebari through 2024.4.1 prints the temporary Keycloak root passw
 CVE-2024-34528 (WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race  ...)
 	TODO: check
 CVE-2024-34527 (spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print stateme ...)
-	TODO: check
+	NOT-FOR-US: SolidUI
 CVE-2024-34525 (FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext  ...)
 	NOT-FOR-US: FileCodeBox
 CVE-2024-34524 (In XLANG OpenAgents through fe73ac4, the allowed_file protection mecha ...)
@@ -149,15 +149,15 @@ CVE-2024-34249 (wasm3 v0.5.0 was discovered to contain a heap buffer overflow wh
 CVE-2024-34246 (wasm3 v0.5.0 was discovered to contain an out-of-bound memory read whi ...)
 	TODO: check
 CVE-2024-34093 (An issue was discovered in Archer Platform 6 before 2024.03. There is  ...)
-	TODO: check
+	NOT-FOR-US: Archer Platform
 CVE-2024-34092 (An issue was discovered in Archer Platform 6 before 2024.04. Authentic ...)
-	TODO: check
+	NOT-FOR-US: Archer Platform
 CVE-2024-34091 (An issue was discovered in Archer Platform 6 before 2024.04. There is  ...)
-	TODO: check
+	NOT-FOR-US: Archer Platform
 CVE-2024-34090 (An issue was discovered in Archer Platform 6 before 2024.04. There is  ...)
-	TODO: check
+	NOT-FOR-US: Archer Platform
 CVE-2024-34089 (An issue was discovered in Archer Platform 6 before 2024.04. There is  ...)
-	TODO: check
+	NOT-FOR-US: Archer Platform
 CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typo ...)
 	TODO: check
 CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The debugger ...)
@@ -165,73 +165,73 @@ CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The de
 CVE-2024-34064 (Jinja is an extensible templating engine. The `xmlattr` filter in affe ...)
 	TODO: check
 CVE-2024-33912 (Missing Authorization vulnerability in Academy LMS.This issue affects  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33910 (Missing Authorization vulnerability in Supsystic Digital Publications  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33908 (Missing Authorization vulnerability in Themesgrove WidgetKit.This issu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33907 (Missing Authorization vulnerability in Michael Nelson Print My Blog.Th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33830 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-33829 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-33788 (Linksys E5600 v1.1.0.26 was discovered to contain a command injection  ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2024-33753 (Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allo ...)
-	TODO: check
+	NOT-FOR-US: Section Camera
 CVE-2024-33752 (An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and p ...)
-	TODO: check
+	NOT-FOR-US: Emlog Pro
 CVE-2024-33749 (DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_m ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2024-33576 (Missing Authorization vulnerability in Ollybach WPPizza.This issue aff ...)
-	TODO: check
+	NOT-FOR-US: Ollybach WPPizza
 CVE-2024-33570 (Missing Authorization vulnerability in Wpmet Metform Elementor Contact ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-33411 (A SQL injection vulnerability in /model/get_admin_profile.php in Campc ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33410 (SQL injection vulnerability in /model/delete_range_grade.php in campco ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33409 (SQL injection vulnerability in index.php in campcodes Complete Web-Bas ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33408 (A SQL injection vulnerability in /model/get_classroom.php in campcodes ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33407 (SQL injection vulnerability in /model/delete_record.php in campcodes C ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33406 (SQL injection vulnerability in /model/delete_student_grade_subject.php ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33405 (SQL injection vulnerability in add_friends.php in campcodes Complete W ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33404 (A SQL injection vulnerability in /model/add_student_first_payment.php  ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33403 (A SQL injection vulnerability in /model/get_events.php in campcodes Co ...)
-	TODO: check
+	NOT-FOR-US: Campcodes Complete Web-Based School Management System
 CVE-2024-33294 (An issue in Library System using PHP/MySQli with Source Code V1.0 allo ...)
-	TODO: check
+	NOT-FOR-US: Library System using PHP/MySQli with Source Code
 CVE-2024-33121 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: Roothub
 CVE-2024-33118 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulne ...)
-	TODO: check
+	NOT-FOR-US: LuckyFrameWeb
 CVE-2024-33117 (crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forg ...)
 	TODO: check
 CVE-2024-33113 (D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey  ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2024-33112 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command  ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2024-33111 (D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Script ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2024-33110 (D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permissi ...)
-	TODO: check
+	NOT-FOR-US: D-LINK
 CVE-2024-32982 (Litestar and Starlite is an Asynchronous Server Gateway Interface (ASG ...)
 	TODO: check
 CVE-2024-32972 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
 	TODO: check
 CVE-2024-32807 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2041
 	REJECTED
 CVE-2024-26312 (Archer Platform 6 before 2024.03 contains a sensitive information disc ...)
-	TODO: check
+	NOT-FOR-US: Archer Platform
 CVE-2024-23354 (Memory corruption when the IOCTL call is interrupted by a signal.)
 	TODO: check
 CVE-2024-23351 (Memory corruption as GPU registers beyond the last protected range can ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cceb72cef5ae14e7da4acdaf9e316683b3a01c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cceb72cef5ae14e7da4acdaf9e316683b3a01c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240506/4e64935d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list