[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e7a23322 by Salvatore Bonaccorso at 2024-06-25T10:48:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2024-6297 (Several plugins for WordPress hosted on WordPress.org have been 
compro ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6295 (udn News Android APP stores the unencrypted user session in the 
local  ...)
-       TODO: check
+       NOT-FOR-US: udn News Android APP
 CVE-2024-6294 (udn News Android APP stores the user session in logcat file 
when user  ...)
-       TODO: check
+       NOT-FOR-US: udn News Android APP
 CVE-2024-5431 (The WPCafe \u2013 Online Food Ordering, Restaurant Menu, 
Delivery, and ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4759 (The Mime Types Extended WordPress plugin through 0.11 does not 
sanitis ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4757 (The Logo Manager For Enamad WordPress plugin through 0.7.0 does 
not ha ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4197 (An unrestrictedfile upload vulnerability in Avaya IP Officewas 
discove ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2024-4196 (An improper input validation vulnerability  was discovered in 
Avaya IP ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2024-3249 (The Zita Elementor Site Library plugin for WordPress is 
vulnerable to  ...)
        TODO: check
 CVE-2024-38903 (H3C Magic R230 V100R002's udpserver opens port 9034, allowing 
attacker ...)
@@ -21,41 +21,41 @@ CVE-2024-38903 (H3C Magic R230 V100R002's udpserver opens 
port 9034, allowing at
 CVE-2024-38902 (H3C Magic R230 V100R002 was discovered to contain a hardcoded 
password ...)
        TODO: check
 CVE-2024-38897 (WAVLINK WN551K1'live_check.shtml enables attackers to obtain 
sensitive ...)
-       TODO: check
+       NOT-FOR-US: WAVLINK
 CVE-2024-38896 (WAVLINK WN551K1 found a command injection vulnerability 
through the st ...)
-       TODO: check
+       NOT-FOR-US: WAVLINK
 CVE-2024-38895 (WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain 
sensitive r ...)
-       TODO: check
+       NOT-FOR-US: WAVLINK
 CVE-2024-38894 (WAVLINK WN551K1 found a command injection vulnerability 
through the IP ...)
-       TODO: check
+       NOT-FOR-US: WAVLINK
 CVE-2024-38892 (An issue in Wavlink WN551K1 allows a remote attacker to obtain 
sensiti ...)
-       TODO: check
+       NOT-FOR-US: WAVLINK
 CVE-2024-37759 (DataGear v5.0.0 and earlier was discovered to contain a SpEL 
(Spring E ...)
        TODO: check
 CVE-2024-37007 (A maliciously crafted X_B and X_T file, when parsed in 
pskernel.DLL th ...)
        TODO: check
 CVE-2024-37006 (A maliciously crafted CATPRODUCT file, when parsed in 
CC5Dll.dll throu ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-37005 (A maliciously crafted X_B and X_T file, when parsed in 
pskernel.DLL th ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-37004 (A maliciously crafted SLDPRT file, when parsed in 
ASMKERN229A.dll thro ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-37003 (A maliciously crafted DWG and SLDPRT file, when parsed in 
opennurbs.dl ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-37002 (A maliciously crafted MODEL file, when parsed in 
ASMkern229A.dllthroug ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-37001 ([A maliciously crafted 3DM file, when parsed in opennurbs.dll 
through  ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-37000 (A maliciously crafted X_B file, when parsed in pskernel.DLL 
through Au ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-36999 (A maliciously crafted 3DM file, when parsed in opennurbs.dll 
through A ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2024-36683 (SQL injection vulnerability in the module "Products Alert" 
(productsal ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2024-36682 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 
from Promok ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2024-36681 (SQL Injection vulnerability in the module "Isotope" 
(pk_isotope) <=1.7 ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2024-34992 (SQL Injection vulnerability in the module "Help Desk - 
Customer Suppor ...)
        TODO: check
 CVE-2024-34991 (In the module "Axepta" (axepta) before 1.3.4 from Quadra 
Informatique  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7a23322ec055c5a14daabe0bb95787728e7e633

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7a23322ec055c5a14daabe0bb95787728e7e633
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits