[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Sep 14 10:25:18 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c415fca2 by Salvatore Bonaccorso at 2024-09-14T11:24:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8775 (A flaw was found in Ansible, where sensitive information stored in Ans ...)
 	TODO: check
 CVE-2024-8724 (The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8669 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8479 (The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8271 (The The FOX \u2013 Currency Switcher Professional for WooCommerce plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8246 (The Post Form \u2013 Registration Form \u2013 Profile Form for User Pr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-8039 (Improper permission configurationDomain configuration vulnerability of ...)
-	TODO: check
+	NOT-FOR-US: mobile application (com.afmobi.boomplayer)
 CVE-2024-6259 (BT: HCI: adv_ext_report Improper discarding in adv_ext_report)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-44096 (there is a possible arbitrary read due to an insecure default value. T ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-44095 (In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrup ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-44094 (In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-44093 (In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-44092 (In TBD of TBD, there is a possible LCS signing enforcement missing  du ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-29779 (there is a possible escalation of privilege due to an unusual root cau ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2024-8784 (A vulnerability classified as critical was found in QDocs Smart School ...)
 	NOT-FOR-US: QDocs Smart School Management System
 CVE-2024-8783 (A vulnerability classified as problematic has been found in OpenTibiaB ...)
@@ -79,15 +79,15 @@ CVE-2024-6582 (A broken access control vulnerability exists in the latest versio
 CVE-2024-6544 (The Custom Post Limits plugin for WordPress is vulnerable to full path ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-6258 (BT: Missing length checks of net_buf in rfcomm_handle_data)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-6137 (BT: Classic: SDP OOB access in get_att_search_list)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-6135 (BT:Classic: Multiple missing buf length checks)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-6087 (An improper access control vulnerability exists in lunary-ai/lunary at ...)
 	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-5931 (BT: Unchecked user input in bap_broadcast_assistant)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-5884 (The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
 	NOT-FOR-US: WordPress theme
 CVE-2024-5870 (The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
@@ -99,7 +99,7 @@ CVE-2024-5867 (The Delicate theme for WordPress is vulnerable to Stored Cross-Si
 CVE-2024-5789 (The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress theme
 CVE-2024-5754 (BT: Encryption procedure host vulnerability)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-4550 (A potential buffer overflow vulnerability was reported in some Lenovo  ...)
 	NOT-FOR-US: Lenovo
 CVE-2024-46049 (Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulner ...)
@@ -115,7 +115,7 @@ CVE-2024-46045 (Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability loca
 CVE-2024-46044 (CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the f ...)
 	NOT-FOR-US: CH22
 CVE-2024-45368 (The H2-DM1E PLC's authentication protocol appears to utilize either a  ...)
-	TODO: check
+	NOT-FOR-US: H2-DM1E PLC
 CVE-2024-45113 (ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Imp ...)
 	TODO: check
 CVE-2024-45112 (Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.0 ...)
@@ -149,9 +149,9 @@ CVE-2024-43758 (Illustrator versions 28.6, 27.9.5 and earlier are affected by a
 CVE-2024-43756 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2024-43099 (The session hijacking attack targets the application layer's control m ...)
-	TODO: check
+	NOT-FOR-US: DirectLogic H2-DM1E
 CVE-2024-42025 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...)
-	TODO: check
+	NOT-FOR-US: UniFi Network Application
 CVE-2024-41874 (ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Dese ...)
 	TODO: check
 CVE-2024-41869 (Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.0 ...)
@@ -154301,7 +154301,7 @@ CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.
 CVE-2022-3460 (In affected versions of Octopus Deploy it is possible for certain type ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2022-3459 (The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource Manage ...)
 	NOT-FOR-US: SourceCodester
 CVE-2022-42867 (A use after free issue was addressed with improved memory management.  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c415fca2941850409d9c0b58e0e360d5fed80ca9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c415fca2941850409d9c0b58e0e360d5fed80ca9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240914/7406b8cf/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list