[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 25 Apr 2024 00:41:15 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
410bf268 by Moritz Muehlenhoff at 2024-04-25T09:40:17+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81,11 +81,11 @@ CVE-2024-4069 (A vulnerability, which was classified as 
critical, was found in K
 CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda 
AC8 16. ...)
        NOT-FOR-US: Tenda
 CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated 
input from ...)
-       TODO: check
+       NOT-FOR-US: MongoDB Compass
 CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not 
valida ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all 
JWT-parsi ...)
-       TODO: check
+       NOT-FOR-US: lua-resty-jwt
 CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos 
Sarigiannid ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -121,7 +121,7 @@ CVE-2024-32872 (Umbraco workflow provides workflows for the 
Umbraco content mana
 CVE-2024-32869 (Hono is a Web application framework that provides support for 
any Java ...)
        NOT-FOR-US: Hono
 CVE-2024-32866 (Conform, a type-safe form validation library, allows the 
parsing of ne ...)
-       TODO: check
+       NOT-FOR-US: Conform
 CVE-2024-32836 (Unrestricted Upload of File with Dangerous Type vulnerability 
in WP La ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32835 (Deserialization of Untrusted Data vulnerability in WebToffee 
Import Ex ...)
@@ -226,17 +226,17 @@ CVE-2024-32078 (URL Redirection to Untrusted Site ('Open 
Redirect') vulnerabilit
 CVE-2024-32051 (Insertion of sensitive information into log file issue exists 
in RoamW ...)
        NOT-FOR-US: RoamWiFi
 CVE-2024-31616 (An issue discovered in RG-RSR10-01G-T(W)-S and 
RG-RSR10-01G-T(WA)-S ro ...)
-       TODO: check
+       NOT-FOR-US: RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers
 CVE-2024-31406 (Active debug code vulnerability exists in RoamWiFi R10 prior 
to 4.8.45 ...)
        NOT-FOR-US: RoamWiFi
 CVE-2024-30886 (A stored cross-site scripting (XSS) vulnerability in the 
remotelink fu ...)
        NOT-FOR-US: HadSky
 CVE-2024-2972 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, 
Telegram Chat, ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-2404 (The Better Comments WordPress plugin before 1.5.6 does not 
sanitise an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-2402 (The Better Comments WordPress plugin before 1.5.6 does not 
sanitise an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-28977 (Dell Repository Manager, versions 3.4.2 through 3.4.4,contains 
a Path  ...)
        NOT-FOR-US: Dell
 CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a 
Path Trav ...)
@@ -244,61 +244,61 @@ CVE-2024-28976 (Dell Repository Manager, versions prior 
to 3.4.5, contains a Pat
 CVE-2024-28963 (Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a 
sensitive ...)
        NOT-FOR-US: Dell
 CVE-2024-28825 (Improper restriction of excessive authentication attempts on 
some auth ...)
-       TODO: check
+       - check-mk <removed>
 CVE-2024-28613 (SQL Injection vulnerability in PHP Task Management System 
v.1.0 allows ...)
        NOT-FOR-US: PHP Task Management System
 CVE-2024-27791 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27537
        REJECTED
 CVE-2024-27536
        REJECTED
 CVE-2024-23271 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-23228 (This issue was addressed through improved state management. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-20359 (A vulnerability in a legacy capability that allowed for the 
preloading ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20358 (A vulnerability in the Cisco Adaptive Security Appliance (ASA) 
restore ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20356 (A vulnerability in the web-based management interface of Cisco 
Integra ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20353 (A vulnerability in the management and VPN web servers for 
Cisco Adapti ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-20295 (A vulnerability in the CLI of the Cisco Integrated Management 
Controll ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2024-1756 (The WooCommerce Customers Manager WordPress plugin before 29.8 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1743 (The WooCommerce Customers Manager WordPress plugin before 29.8 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0151 (Insufficient argument checking in Secure state Entry functions 
in soft ...)
        TODO: check
 CVE-2023-7253 (The Import WP  WordPress plugin before 2.13.1 does not prevent 
users w ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51477 (Improper Authentication vulnerability in BUDDYBOSS DMCC 
BuddyBoss Them ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51472 (Improper Authentication vulnerability in Mestres do WP 
Checkout Mestre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51471 (Improper Authentication vulnerability in Mestres do WP 
Checkout Mestre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51425 (Improper Privilege Management vulnerability in Jacques 
Malgrange Renco ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51405 (Improper Authentication vulnerability in Repute Infosystems 
BookingPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-48939
        REJECTED
 CVE-2023-48938
        REJECTED
 CVE-2023-48763 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47774 (Improper Restriction of Rendered UI Layers or Frames 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47504 (Improper Authentication vulnerability in Elementor Elementor 
Website B ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47357
        REJECTED
 CVE-2023-32127 (Missing Authorization vulnerability in Daniel Powney Multi 
Rating allo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-25583
        - pdns-recursor 4.9.5-1 (bug #1069762)
        NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/410bf268f2a554728f8d4831d0fa0910f54c05d9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/410bf268f2a554728f8d4831d0fa0910f54c05d9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to