[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 25 21:30:19 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c42d594 by Salvatore Bonaccorso at 2024-09-25T22:30:03+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2024-9169 (The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8996 (Unquoted Search Path or Element vulnerability in Grafana Agent (Flow m ...)
-	TODO: check
+	NOT-FOR-US: Grafana Agent
 CVE-2024-8975 (Unquoted Search Path or Element vulnerability in Grafana Alloy on Wind ...)
-	TODO: check
+	NOT-FOR-US: Grafana Alloy
 CVE-2024-8858 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8546 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
@@ -31,7 +31,7 @@ CVE-2024-6592 (Incorrect Authorization vulnerability in the protocol communicati
 CVE-2024-6512 (Authorization bypass in thePAM access request approval mechanism in De ...)
 	NOT-FOR-US: Devolutions Server
 CVE-2024-4657 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Talent Software BAP Automation
 CVE-2024-47315 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-47305 (Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any ...)
@@ -41,32 +41,32 @@ CVE-2024-47082 (Strawberry GraphQL is a library for creating GraphQL APIs. Prior
 CVE-2024-47078 (Meshtastic is an open source, off-grid, decentralized, mesh network. M ...)
 	TODO: check
 CVE-2024-46655 (A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.3 ...)
-	TODO: check
+	NOT-FOR-US: Ellevo
 CVE-2024-46600 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
-	TODO: check
+	NOT-FOR-US: dingfanzu CMS
 CVE-2024-46489 (A remote command execution (RCE) vulnerability in promptr v6.0.7 allow ...)
-	TODO: check
+	NOT-FOR-US: promptr
 CVE-2024-46488 (sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via ...)
 	TODO: check
 CVE-2024-46485 (dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forge ...)
-	TODO: check
+	NOT-FOR-US: dingfanzu CMS
 CVE-2024-46461 (VLC media player 3.0.20 and earlier is vulnerable to denial of service ...)
 	- vlc 3.0.21-1
 	NOTE: https://www.videolan.org/security/sb-vlc3021.html
 CVE-2024-45750 (An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and olde ...)
-	TODO: check
+	NOT-FOR-US: TheGreenBow
 CVE-2024-45613 (CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0. ...)
 	TODO: check
 CVE-2024-44825 (Directory Traversal vulnerability in Centro de Tecnologia da Informaco ...)
 	TODO: check
 CVE-2024-44678 (Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injec ...)
-	TODO: check
+	NOT-FOR-US: Gigastone TR1 Travel Router R101
 CVE-2024-43990 (Insertion of Sensitive Information into Log File vulnerability in Styl ...)
-	TODO: check
+	NOT-FOR-US: StylemixThemes Masterstudy LMS Starter
 CVE-2024-43959 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Themepoints Testimonials
 CVE-2024-43237 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-41708 (An issue was discovered in AdaCore ada_web_services 20.0 allows an att ...)
 	TODO: check
 CVE-2024-41445 (Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overrea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c42d594c682e36c77d46ea23ceb7295c5f7145e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c42d594c682e36c77d46ea23ceb7295c5f7145e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240925/ad6c59c2/attachment.htm>


More information about the debian-security-tracker-commits mailing list