[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e30d0302 by Moritz Muehlenhoff at 2024-05-29T11:29:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2024-3937 (The Playlist for Youtube WordPress plugin through 1.32 does not s
 CVE-2024-3921 (The Gianism WordPress plugin through 5.1.0 does not sanitise and escap ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3050 (The Site Reviews WordPress plugin before 7.0.0 retrieves client IP add ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-36112 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
-	TODO: check
+	NOT-FOR-US: Nautobot
 CVE-2024-35548 (A SQL injection vulnerability in Mybatis plus versions below 3.5.6 all ...)
-	TODO: check
+	NOT-FOR-US: Mybatis
 CVE-2024-35511 (phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injec ...)
 	NOT-FOR-US: phpgurukul Men Salon Management System
 CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In affec ...)
@@ -29,17 +29,17 @@ CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In
 CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
 	TODO: check
 CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encryption of  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...)
 	TODO: check
 CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to Prototyp ...)
-	TODO: check
+	NOT-FOR-US: Node mysql2
 CVE-2024-0434 (The WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6743 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-36015 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e (6.10-rc1)
@@ -74,13 +74,13 @@ CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched aut
 	- gnome-shell <unfixed> (bug #1072124)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688
 CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...)
-	TODO: check
+	NOT-FOR-US: ansibleguy-webui
 CVE-2024-36109 (CoCalc is web-based software that enables collaboration in research, t ...)
-	TODO: check
+	NOT-FOR-US: CoCalc
 CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU Affero G ...)
 	- minio <itp> (bug #859207)
 CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit function of For ...)
-	TODO: check
+	NOT-FOR-US: Formwork
 CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
 	NOT-FOR-US: Sourcecodester Laboratory Management System
 CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
@@ -88,7 +88,7 @@ CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester Lab
 CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...)
 	NOT-FOR-US: Sourcecodester Laboratory Management System
 CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL  ...)
-	TODO: check
+	NOT-FOR-US: CDG-Server
 CVE-2024-35510 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...)
 	NOT-FOR-US: DedeCMS
 CVE-2024-35403 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...)
@@ -144,13 +144,13 @@ CVE-2024-33450 (SQL Injection in Finereport v.8.0 allows a remote attacker to ob
 CVE-2024-33402 (A SQL injection vulnerability in /model/approve_petty_cash.php in camp ...)
 	NOT-FOR-US: campcodes Complete Web-Based School Management System
 CVE-2024-30212 (If a SCSI READ(10) command is initiated via USB using the largest LBA  ...)
-	TODO: check
+	NOT-FOR-US: Microchip MPLAB
 CVE-2024-30165 (Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that ...)
 	NOT-FOR-US: Amazon AWS Client VPN
 CVE-2024-30164 (Amazon AWS Client VPN has a buffer overflow that could potentially all ...)
 	NOT-FOR-US: Amazon AWS Client VPN
 CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full & Host) ...)
-	TODO: check
+	NOT-FOR-US: TeamViewer
 CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap server ...)
 	TODO: check
 CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit Reader 2024.2 ...)
@@ -160,7 +160,7 @@ CVE-2024-28061 (An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypa
 CVE-2024-28060 (An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijackin ...)
 	NOT-FOR-US: Apiris Kafeo
 CVE-2024-26024 (SUBNET Solutions Inc. has identified vulnerabilities in third-party co ...)
-	TODO: check
+	NOT-FOR-US: SUBNET Substation Server
 CVE-2024-24963 (A stack-based buffer overflow vulnerability exists in the Programming  ...)
 	NOT-FOR-US: AutomationDirect
 CVE-2024-24962 (A stack-based buffer overflow vulnerability exists in the Programming  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e30d030287f7102a19f75c42f578523a42bde16e

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e30d030287f7102a19f75c42f578523a42bde16e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240529/0c96b1a1/attachment.htm>