[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) Tue, 06 Aug 2024 02:36:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d0ca2fda by Salvatore Bonaccorso at 2024-08-06T11:35:21+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,33 +31,33 @@ CVE-2024-7009 (Unsanitized user-input in Calibre <= 7.15.0 
allow users with perm
 CVE-2024-7008 (Unsanitized user-input in Calibre <= 7.15.0 allow attackers to 
perform ...)
        TODO: check
 CVE-2024-6886 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       - gitea <removed>
 CVE-2024-6782 (Improper access control in Calibre 6.9.0 ~ 7.14.0 allow 
unauthenticate ...)
        TODO: check
 CVE-2024-6781 (Path traversal in Calibre <= 7.14.0 allow unauthenticated 
attackers to ...)
        TODO: check
 CVE-2024-6766 (The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does 
not val ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6651 (The WordPress File Upload WordPress plugin before 4.24.8 does 
not sani ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6315 (The Blox Page Builder plugin for WordPress is vulnerable to 
arbitrary  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6203 (HaloITSM versions up to 2.146.1 are affected by a Password 
Reset Poiso ...)
-       TODO: check
+       NOT-FOR-US: HaloITSM
 CVE-2024-6202 (HaloITSM versions up to 2.146.1 are affected by a SAML XML 
Signature W ...)
-       TODO: check
+       NOT-FOR-US: HaloITSM
 CVE-2024-6201 (HaloITSM versions up to 2.146.1 are affected by a Template 
Injection v ...)
-       TODO: check
+       NOT-FOR-US: HaloITSM
 CVE-2024-6200 (HaloITSM versions up to 2.146.1 are affected by a Stored 
Cross-Site Sc ...)
-       TODO: check
+       NOT-FOR-US: HaloITSM
 CVE-2024-5963 (Unquoted Executable Path vulnerability in Hitachi Device 
Manager on Wi ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2024-5828 (Expression Language Injection vulnerability in Hitachi Tuning 
Manager  ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2024-5709 (The WPBakery Visual Composer plugin for WordPress is vulnerable 
to Loc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-5708 (The WPBakery Visual Composer plugin for WordPress is vulnerable 
to Sto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-42352 (Nuxt is a free and open-source framework to create full-stack 
web appl ...)
        TODO: check
 CVE-2024-41995 (Initialization of a resource with an insecure default 
vulnerability ex ...)
@@ -65,21 +65,21 @@ CVE-2024-41995 (Initialization of a resource with an 
insecure default vulnerabil
 CVE-2024-41820 (Kubean is a cluster lifecycle management toolchain based on 
kubespray  ...)
        TODO: check
 CVE-2024-41816 (Cooked is a recipe plugin for WordPress. The Cooked plugin for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-41811 (ipl/web is a set of common web components for php projects. 
Some of th ...)
        TODO: check
 CVE-2024-39817 (Insertion of sensitive information into sent data issue exists 
in Cybo ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Office
 CVE-2024-34344 (Nuxt is a free and open-source framework to create full-stack 
web appl ...)
        TODO: check
 CVE-2024-34343 (Nuxt is a free and open-source framework to create full-stack 
web appl ...)
        TODO: check
 CVE-2024-28962 (Dell Command | Update, Dell Update, and Alienware Update UWP, 
versions ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-23657 (Nuxt is a free and open-source framework to create full-stack 
web appl ...)
        TODO: check
 CVE-2023-5000 (The Horizontal scrolling announcements plugin for WordPress is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-7547 (oFono SMS Decoder Stack-based Buffer Overflow Privilege 
Escalation Vul ...)
        - ofono <unfixed>
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1087/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0ca2fdae4f0eae54720b34b92f47ffc5ada9300

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0ca2fdae4f0eae54720b34b92f47ffc5ada9300
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Reply via email to