[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 22 21:49:52 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce7c83bd by Salvatore Bonaccorso at 2024-05-22T22:49:20+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,65 +33,65 @@ CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attacker
 CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...)
-	TODO: check
+	NOT-FOR-US: Qlik Sense Enterprise for Windows
 CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...)
 	TODO: check
 CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35559 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35558 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35557 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35556 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35555 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35554 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35553 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35552 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35551 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35550 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
-	TODO: check
+	NOT-FOR-US: idccms
 CVE-2024-35475 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Op ...)
 	TODO: check
 CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.)
 	TODO: check
 CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/arti ...)
-	TODO: check
+	NOT-FOR-US: Ecshop
 CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV export.)
-	TODO: check
+	NOT-FOR-US: Ghost CMS
 CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software Corp SEG ...)
-	TODO: check
+	NOT-FOR-US: Insyde
 CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0  ...)
-	TODO: check
+	NOT-FOR-US: Nicomsoft WinI2C/DDC
 CVE-2024-33226 (An issue in the component Access64.sys of Wistron Corporation TBT Forc ...)
-	TODO: check
+	NOT-FOR-US: Wistron Corporation TBT Force Power Control
 CVE-2024-33225 (An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp R ...)
-	TODO: check
+	NOT-FOR-US: Realtek Semiconductor Corp Realtek High Definition Audio Function Driver
 CVE-2024-33224 (An issue in the component rtkio64.sys of Realtek Semiconductor Corp Re ...)
-	TODO: check
+	NOT-FOR-US: Realtek Semiconductor Corp Realtek lO Driver
 CVE-2024-33223 (An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU ...)
-	TODO: check
+	NOT-FOR-US: ASUSTeK
 CVE-2024-33222 (An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS AT ...)
-	TODO: check
+	NOT-FOR-US: ASUSTeK
 CVE-2024-33221 (An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS B ...)
-	TODO: check
+	NOT-FOR-US: ASUSTeK
 CVE-2024-33220 (An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite ...)
-	TODO: check
+	NOT-FOR-US: ASUSTeK
 CVE-2024-33219 (An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABE ...)
-	TODO: check
+	NOT-FOR-US: ASUSTeK
 CVE-2024-33218 (An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS US ...)
-	TODO: check
+	NOT-FOR-US: ASUSTeK
 CVE-2024-31904 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...)
 	NOT-FOR-US: IBM
 CVE-2024-31895 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...)
@@ -107,7 +107,7 @@ CVE-2024-2036 (The ApplyOnline \u2013 Application Form Builder and Manager plugi
 CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow  ...)
 	TODO: check
 CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via Cl ...)
-	TODO: check
+	NOT-FOR-US: Silverpeas Core
 CVE-2024-27264 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local ...)
 	NOT-FOR-US: IBM
 CVE-2024-25738 (A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/Fix ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7c83bd590040c80918405ba094230639f98952

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce7c83bd590040c80918405ba094230639f98952
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/0f7d7289/attachment.htm>

More information about the debian-security-tracker-commits mailing list