[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5833e85e by Salvatore Bonaccorso at 2024-05-13T22:38:27+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36,41 +36,41 @@ CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is
 CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food administr ...)
 	TODO: check
 CVE-2024-35172 (Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35171 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35167 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35166 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	TODO: check
 CVE-2024-35165 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-35099 (TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stac ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-35050 (An issue in SurveyKing v1.3.1 allows attackers to escalate privileges  ...)
-	TODO: check
+	NOT-FOR-US: SurveyKing
 CVE-2024-35049 (SurveyKing v1.3.1 was discovered to keep users' sessions active after  ...)
-	TODO: check
+	NOT-FOR-US: SurveyKing
 CVE-2024-35048 (An issue in SurveyKing v1.3.1 allows attackers to execute a session re ...)
-	TODO: check
+	NOT-FOR-US: SurveyKing
 CVE-2024-34921 (TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a co ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-34899 (WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2024-34812 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34749 (Phormer prior to version 3.35 contains a cross-site scripting vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Phormer
 CVE-2024-34709 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2024-34708 (Directus is a real-time API and App dashboard for managing SQL databas ...)
-	TODO: check
+	NOT-FOR-US: Directus
 CVE-2024-34707 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
 	TODO: check
 CVE-2024-34706 (Valtimo is an open source business process and case management platfor ...)
@@ -90,31 +90,31 @@ CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in
 CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...)
 	TODO: check
 CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in Thoma ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34353 (matrix-rust-sdk is an implementation of a Matrix client-server library ...)
 	TODO: check
 CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...)
 	TODO: check
 CVE-2024-34231 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Laboratory Management System
 CVE-2024-34230 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Laboratory Management System
 CVE-2024-34226 (SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Visitor Management System
 CVE-2024-34225 (Cross Site Scripting vulnerability in php-lms/admin/?page=system_info  ...)
-	TODO: check
+	NOT-FOR-US: Computer Laboratory Management System using PHP and MySQL
 CVE-2024-34224 (Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=sav ...)
-	TODO: check
+	NOT-FOR-US: Computer Laboratory Management System using PHP and MySQL
 CVE-2024-34223 (Insecure permission vulnerability in /hrm/leaverequest.php in SourceCo ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Human Resource Management System
 CVE-2024-34222 (Sourcecodester Human Resource Management System 1.0 is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Human Resource Management System
 CVE-2024-34221 (Sourcecodester Human Resource Management System 1.0 is vulnerable to I ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Human Resource Management System
 CVE-2024-34081 (MantisBT (Mantis Bug Tracker) is an open source issue tracker.  Improp ...)
 	TODO: check
 CVE-2024-34080 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5833e85eb0076562c3bd59398b8e45f4881c83e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5833e85eb0076562c3bd59398b8e45f4881c83e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240513/b0e0c4cc/attachment-0001.htm>