[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0f5fd8d by Moritz Muehlenhoff at 2024-09-05T14:06:42+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-8178 (The ctl_write_buffer and ctl_read_buffer functions allocated memory to ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-7627 (The Bit File Manager plugin for WordPress is vulnerable to Remote Code ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6846 (The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not valida ...)
@@ -9,29 +9,29 @@ CVE-2024-6835 (The Ivory Search \u2013 WordPress Search Plugin plugin for WordPr
 CVE-2024-45692 (Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traff ...)
 	- webmin <removed>
 CVE-2024-45429 (Cross-site scripting vulnerability exists in Advanced Custom Fields ve ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-45399 (Indico is an event management system that uses Flask-Multipass, a mult ...)
-	TODO: check
+	NOT-FOR-US: Indico
 CVE-2024-45395 (sigstore-go, a Go library for Sigstore signing and verification, is su ...)
-	TODO: check
+	NOT-FOR-US: sigstore-go
 CVE-2024-45288 (A missing null-termination character in the last element of an nvlist  ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-45287 (A malicious value of size in a structure of packed libnv can cause an  ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-45063 (The function ctl_write_buffer incorrectly set a flag which resulted in ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-43110 (The ctl_request_sense function could expose up to three bytes of the k ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-43102 (Concurrent removals of certain anonymous shared memory mappings by usi ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-42416 (The ctl_report_supported_opcodes function did not sufficiently validat ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-41928 (Malicious software running in a guest VM can exploit the buffer overfl ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-32668 (An insufficient boundary validation in the USB code could lead to an o ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2024-2166 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Forcepoint Email Security
 CVE-2024-20506 (A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) ...)
 	TODO: check
 CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) v ...)
@@ -51,17 +51,17 @@ CVE-2024-8413 (Cross Site Scripting (XSS) vulnerability through the action param
 CVE-2024-8412 (A vulnerability, which was classified as problematic, was found in Lin ...)
 	NOT-FOR-US: LinuxOSsk Shakal-NG
 CVE-2024-8411 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: ABCD
 CVE-2024-8410 (A vulnerability classified as problematic was found in ABCD ABCD2 up t ...)
-	TODO: check
+	NOT-FOR-US: ABCD
 CVE-2024-8409 (A vulnerability classified as problematic has been found in ABCD ABCD2 ...)
-	TODO: check
+	NOT-FOR-US: ABCD
 CVE-2024-8408 (A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated  ...)
 	NOT-FOR-US: Linksys
 CVE-2024-8407 (A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5 ...)
-	TODO: check
+	NOT-FOR-US: alwindoss akademy
 CVE-2024-8399 (Websites could utilize Javascript links to spoof URL addresses in the  ...)
-	TODO: check
+	NOT-FOR-US: Mozilla Firefox Focus
 CVE-2024-8391 (In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not lim ...)
 	NOT-FOR-US: Eclipse Vertx
 CVE-2024-8325 (The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Busi ...)
@@ -93,17 +93,17 @@ CVE-2024-7923 (An authentication bypass vulnerability has been identified in Pul
 CVE-2024-7870 (The PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager and the  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7834 (A local privilege escalation is caused by Overwolf loading and executi ...)
-	TODO: check
+	NOT-FOR-US: Overwolf
 CVE-2024-7821
 	REJECTED
 CVE-2024-7786 (The Sensei LMS  WordPress plugin before 4.24.2 does not properly prote ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7078 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Semtek Sempos
 CVE-2024-7077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Semtek Sempos
 CVE-2024-7076 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Semtek Sempos
 CVE-2024-7012 (An authentication bypass vulnerability has been identified in Foreman  ...)
 	- foreman <itp> (bug #663101)
 CVE-2024-6926 (The Viral Signup  WordPress plugin through 2.1 does not properly sanit ...)
@@ -117,7 +117,7 @@ CVE-2024-6722 (The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot
 CVE-2024-6020 (The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-45507 (Server-Side Request Forgery (SSRF), Improper Control of Generation of  ...)
-	TODO: check
+	NOT-FOR-US: Apache OFBiz
 CVE-2024-45450 (Permission control vulnerability in the software update module. Impact ...)
 	TODO: check
 CVE-2024-45449 (Access permission verification vulnerability in the ringtone setting m ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0f5fd8dd9ef436acf15efbab391641c3c3d836e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0f5fd8dd9ef436acf15efbab391641c3c3d836e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240905/388f07a1/attachment.htm>