[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Sep 8 18:36:48 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ed1968a by Moritz Muehlenhoff at 2024-09-08T19:36:30+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,39 +2,39 @@ CVE-2024-XXXX [RUSTSEC-2024-0373]
 	- rust-quinn-proto <not-affected> (Only affects 0.11.x)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0373.html
 CVE-2024-8572 (A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been  ...)
-	TODO: check
+	NOT-FOR-US: Gouniverse GoLang CMS
 CVE-2024-8571 (A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a ...)
-	TODO: check
+	NOT-FOR-US: erjemin roll_cms
 CVE-2024-8570 (A vulnerability was found in itsourcecode Tailoring Management System  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Tailoring Management System
 CVE-2024-8569 (A vulnerability has been found in code-projects Hospital Management Sy ...)
-	TODO: check
+	NOT-FOR-US: code-projects Hospital Management System
 CVE-2024-8568 (A vulnerability, which was classified as critical, was found in Mini-T ...)
-	TODO: check
+	NOT-FOR-US: Mini-Tmall
 CVE-2024-8567 (A vulnerability, which was classified as critical, has been found in i ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Payroll Management System
 CVE-2024-8566 (A vulnerability classified as problematic was found in code-projects O ...)
-	TODO: check
+	NOT-FOR-US: Online Shop Store
 CVE-2024-8565 (A vulnerability was found in SourceCodesters Clinics Patient Managemen ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2024-8564 (A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2024-6928 (The Opti Marketing WordPress plugin through 2.0.9 does not properly sa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6925 (The TrueBooker  WordPress plugin before 1.0.3 does not have CSRF check ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6924 (The TrueBooker  WordPress plugin before 1.0.3 does not properly saniti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6859 (The WP MultiTasking  WordPress plugin through 0.1.12 does not validate ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6856 (The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSR ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6855 (The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSR ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6853 (The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSR ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6852 (The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSR ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8563 (A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been  ...)
 	NOT-FOR-US: SourceCodester PHP CRUD
 CVE-2024-8562 (A vulnerability was found in SourceCodester PHP CRUD 1.0 and classifie ...)
@@ -161,7 +161,7 @@ CVE-2024-7493 (The WPCOM Member plugin for WordPress is vulnerable to privilege
 CVE-2024-6445 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: DataFlowX Technology DataDiodeX
 CVE-2024-45758 (H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JD ...)
-	TODO: check
+	NOT-FOR-US: H2O.ai
 CVE-2024-45405 (`gix-path` is a crate of the `gitoxide` project (an implementation of  ...)
 	- rust-gix-path <unfixed>
 	NOTE: https://github.com/advisories/GHSA-m8rp-vv92-46c7
@@ -357,7 +357,7 @@ CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL queries
 CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7884 (When a canister method is called via ic_cdk::call* , a new Future Call ...)
-	TODO: check
+	NOT-FOR-US: Rust crate ic-cdk
 CVE-2024-7605 (The HelloAsso plugin for WordPress is vulnerable to unauthorized modif ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7591 (Improper Input Validation vulnerability in Progress LoadMaster allows  ...)
@@ -381,7 +381,7 @@ CVE-2024-5309 (The Form Vibes \u2013 Database Manager for Forms plugin for WordP
 CVE-2024-45589 (RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 imprope ...)
 	NOT-FOR-US: RapidIdentity
 CVE-2024-45401 (stripe-cli is a command-line tool for the payment processor Stripe. A  ...)
-	TODO: check
+	NOT-FOR-US: stripe-cli
 CVE-2024-45392 (SuiteCRM is an open-source customer relationship management (CRM) syst ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2024-45178 (An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ed1968a295793145f2c5cde8e9364f9999b1859

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ed1968a295793145f2c5cde8e9364f9999b1859
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240908/b87c4151/attachment.htm>

More information about the debian-security-tracker-commits mailing list