[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 1 21:21:46 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82d69d44 by Salvatore Bonaccorso at 2024-10-01T22:21:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
 CVE-2024-9411 (A vulnerability classified as problematic has been found in OFCMS 1.1. ...)
-	TODO: check
+	NOT-FOR-US: OFCMS
 CVE-2024-9405 (An incorrect limitation of a path to a restricted directory (path trav ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2024-9341 (A flaw was found in Go. When FIPS mode is enabled on a system, contain ...)
 	TODO: check
 CVE-2024-9289 (The WordPress & WooCommerce Affiliate Program plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9265 (The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9241 (The PDF Image Generator plugin for WordPress is vulnerable to Reflecte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9228 (The Loggedin \u2013 Limit Active Logins plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9224 (The Hello World plugin for WordPress is vulnerable to Arbitrary File R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9220 (The LH Copy Media File plugin for WordPress is vulnerable to Reflected ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9209 (The WP Search Analytics plugin for WordPress is vulnerable to Reflecte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9118 (The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9060 (The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9018 (The WP Easy Gallery \u2013 WordPress Gallery Plugin plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8799 (The Custom Banners plugin for WordPress is vulnerable to Reflected Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8793 (The Store Exporter for WooCommerce \u2013 Export Products, Export Orde ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8786 (The Auto Featured Image from Title plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8430 (The Spice Starter Sites plugin for WordPress is vulnerable to unauthor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8324 (The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8288 (The Guten Post Layout \u2013 An Advanced Post Grid Collection for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-47608 (Logicytics is designed to harvest and collect data for forensic analys ...)
 	TODO: check
 CVE-2024-47604 (NuGet Gallery is a package repository that powers nuget.org. The NuGet ...)
@@ -61,41 +61,41 @@ CVE-2024-46259 (cute_png v1.05 was discovered to contain a heap buffer overflow
 CVE-2024-46258 (cute_png v1.05 was discovered to contain a heap buffer overflow via th ...)
 	TODO: check
 CVE-2024-46083 (Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: Scriptcase
 CVE-2024-46081 (Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: Scriptcase
 CVE-2024-46079 (Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: Scriptcase
 CVE-2024-45999 (A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, speci ...)
 	TODO: check
 CVE-2024-45967 (Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.ph ...)
 	TODO: check
 CVE-2024-45408 (eLabFTW is an open source electronic lab notebook for research labs. A ...)
-	TODO: check
+	NOT-FOR-US: eLabFTW
 CVE-2024-44744 (An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers  ...)
-	TODO: check
+	NOT-FOR-US: Malwarebytes Premium Security
 CVE-2024-44610 (PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before ...)
-	TODO: check
+	NOT-FOR-US: PCAN-Ethernet Gateway FD
 CVE-2024-42514 (A vulnerability in the legacy chat component of Mitel MiContact Center ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2024-41673 (Decidim is a participatory democracy framework. The version control fe ...)
 	TODO: check
 CVE-2024-41276 (A vulnerability in Kaiten version 57.131.12 and earlier allows attacke ...)
 	TODO: check
 CVE-2024-31835 (Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 all ...)
-	TODO: check
+	NOT-FOR-US: Flatpress
 CVE-2024-30132 (HCL Nomad server on Domino did not configure certain HTTP Security hea ...)
 	TODO: check
 CVE-2024-25661 (In Infinera TNMS (Transcend Network Management System) 19.10.3, cleart ...)
-	TODO: check
+	NOT-FOR-US: Infinera TNMS (Transcend Network Management System)
 CVE-2024-25660 (The WebDAV service in Infinera TNMS (Transcend Network Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Infinera TNMS (Transcend Network Management System)
 CVE-2024-25659 (In Infinera TNMS (Transcend Network Management System) 19.10.3, an ins ...)
-	TODO: check
+	NOT-FOR-US: Infinera TNMS (Transcend Network Management System)
 CVE-2024-25658 (Cleartext storage of passwords in Infinera TNMS (Transcend Network Man ...)
-	TODO: check
+	NOT-FOR-US: Infinera TNMS (Transcend Network Management System)
 CVE-2024-25632 (eLabFTW is an open source electronic lab notebook for research labs. I ...)
-	TODO: check
+	NOT-FOR-US: eLabFTW
 CVE-2023-7273 (Cross site request forgery in Kiteworks OwnCloud allows an unauthentic ...)
 	TODO: check
 CVE-2023-3441 (An issue has been discovered in GitLab EE/CE affecting all versions st ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82d69d444e500c8aa2010a6dbec2a01b21f3c471

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82d69d444e500c8aa2010a6dbec2a01b21f3c471
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241001/52cda081/attachment.htm>

More information about the debian-security-tracker-commits mailing list