[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 13 21:36:29 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84cba931 by Salvatore Bonaccorso at 2024-09-13T22:35:58+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,53 +1,53 @@
 CVE-2024-8784 (A vulnerability classified as critical was found in QDocs Smart School ...)
-	TODO: check
+	NOT-FOR-US: QDocs Smart School Management System
 CVE-2024-8783 (A vulnerability classified as problematic has been found in OpenTibiaB ...)
-	TODO: check
+	NOT-FOR-US: OpenTibiaBR MyAAC
 CVE-2024-8782 (A vulnerability was found in JFinalCMS up to 1.0. It has been rated as ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2024-8747 (The Email Obfuscate Shortcode plugin for WordPress is vulnerable to St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8737 (The PDF Thumbnail Generator plugin for WordPress is vulnerable to Refl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8734 (The Lucas String Replace plugin for WordPress is vulnerable to Reflect ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8732 (The Roles & Capabilities plugin for WordPress is vulnerable to Reflect ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8731 (The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8730 (The Exit Notifier plugin for WordPress is vulnerable to Reflected Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8714 (The WordPress Affiliates Plugin \u2014 SliceWP Affiliates plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8281 (An input validation weakness was discovered in XCC that could allow a  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-8280 (An input validation weakness was discovered in XCC that could allow a  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-8279 (A privilege escalation vulnerability was discovered in XCC that could  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-8278 (A privilege escalation vulnerability was discovered in XCC that could  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-8269 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8242 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8059 (IPMI credentials may be captured in XCC audit log entries when the acc ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-7756 (A potential vulnerability was reported in the ThinkPad L390 Yoga and 1 ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-7423 (The Stream plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6867 (An information disclosure vulnerability exists in the lunary-ai/lunary ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-6862 (A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/ ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-6656 (Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Co ...)
-	TODO: check
+	NOT-FOR-US: TNB Mobile Solutions Cockpit Software
 CVE-2024-6587 (A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/l ...)
-	TODO: check
+	NOT-FOR-US: berriai/litellm
 CVE-2024-6582 (A broken access control vulnerability exists in the latest version of  ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-6544 (The Custom Post Limits plugin for WordPress is vulnerable to full path ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6258 (BT: Missing length checks of net_buf in rfcomm_handle_data)
 	TODO: check
 CVE-2024-6137 (BT: Classic: SDP OOB access in get_att_search_list)
@@ -55,69 +55,69 @@ CVE-2024-6137 (BT: Classic: SDP OOB access in get_att_search_list)
 CVE-2024-6135 (BT:Classic: Multiple missing buf length checks)
 	TODO: check
 CVE-2024-6087 (An improper access control vulnerability exists in lunary-ai/lunary at ...)
-	TODO: check
+	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-5931 (BT: Unchecked user input in bap_broadcast_assistant)
 	TODO: check
 CVE-2024-5884 (The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-5870 (The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-5869 (The Neighborly theme for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-5867 (The Delicate theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-5789 (The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2024-5754 (BT: Encryption procedure host vulnerability)
 	TODO: check
 CVE-2024-4550 (A potential buffer overflow vulnerability was reported in some Lenovo  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-46049 (Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulner ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46048 (Tenda FH451 v1.0.0.9 has a command injection vulnerability in the form ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46047 (Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhc ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46046 (Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46045 (Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-46044 (CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the f ...)
-	TODO: check
+	NOT-FOR-US: CH22
 CVE-2024-45368 (The H2-DM1E PLC's authentication protocol appears to utilize either a  ...)
 	TODO: check
 CVE-2024-45113 (ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Imp ...)
 	TODO: check
 CVE-2024-45112 (Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.0 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-45111 (Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-45109 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-45108 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-45105 (An internal product security audit discovered a UEFI SMM (System Manag ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-45104 (A valid, authenticated LXCA user without sufficient privileges may be  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-45103 (A valid, authenticated LXCA user may be able to unmanage an LXCA manag ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-45101 (A privilege escalation vulnerability was discovered when Single Sign O ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-44798 (phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site  ...)
-	TODO: check
+	NOT-FOR-US: phpgurukul Bus Pass Management System
 CVE-2024-44685 (Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnera ...)
-	TODO: check
+	NOT-FOR-US: Titan SFTP and Titan MFT Server
 CVE-2024-44430 (SQL Injection vulnerability in Best Free Law Office Management Softwar ...)
-	TODO: check
+	NOT-FOR-US: Best Free Law Office Management Software
 CVE-2024-43760 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-43759 (Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL P ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-43758 (Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use Af ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-43756 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-43099 (The session hijacking attack targets the application layer's control m ...)
 	TODO: check
 CVE-2024-42025 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...)
@@ -125,15 +125,15 @@ CVE-2024-42025 (A Command Injection vulnerability found in a Self-Hosted UniFi N
 CVE-2024-41874 (ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Dese ...)
 	TODO: check
 CVE-2024-41869 (Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.0 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-41867 (After Effects versions 23.6.6, 24.5 and earlier are affected by a Stac ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-41859 (After Effects versions 23.6.6, 24.5 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-41857 (Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integ ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-3100 (A potential buffer overflow vulnerability was reported in some Lenovo  ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2024-39926 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. ...)
 	TODO: check
 CVE-2024-39925 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. ...)
@@ -141,23 +141,23 @@ CVE-2024-39925 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1
 CVE-2024-39924 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. ...)
 	TODO: check
 CVE-2024-39385 (Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use A ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-39384 (Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out- ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-39382 (After Effects versions 23.6.6, 24.5 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-39381 (After Effects versions 23.6.6, 24.5 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-39380 (After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-34121 (Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integ ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2024-31416 (The Eaton Foreseer software provides multiple customizable input field ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2024-31415 (The Eaton Foreseer software provides the feasibility for the user to c ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2024-31414 (The Eaton Foreseer software provides users the capability to customize ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2024-46713 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)
@@ -173159,7 +173159,7 @@ CVE-2022-35874 (Four format string injection vulnerabilities exist in the XCMD t
 CVE-2022-35244 (A format string injection vulnerability exists in the XCMD getVarHA fu ...)
 	NOT-FOR-US: Abode Systems
 CVE-2022-2446 (The WP Editor plugin for WordPress is vulnerable to deserialization of ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-2445
 	REJECTED
 CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84cba93134e5f50521651653d5e20c4c8fc80a2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84cba93134e5f50521651653d5e20c4c8fc80a2e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/734c94a3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list