[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 17 Jul 2024 13:08:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
24e2f140 by Salvatore Bonaccorso at 2024-07-17T22:07:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2024-5252 (The Ultimate Addons for WPBakery plugin for 
WordPress is vulnerab
 CVE-2024-5251 (The Ultimate Addons for WPBakery plugin for WordPress is 
vulnerable to ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-40637 (dbt enables data analysts and engineers to transform their 
data using  ...)
-       TODO: check
+       NOT-FOR-US: dbt-core
 CVE-2024-40536 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were 
discovere ...)
        NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T400
 CVE-2024-40535 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was 
discovered ...)
@@ -316,7 +316,7 @@ CVE-2024-39908 (REXML is an XML toolkit for Ruby. The REXML 
gem before 3.3.1 has
 CVE-2024-39887 (An SQL Injection vulnerability in Apache Superset exists due 
to improp ...)
        NOT-FOR-US: Apache Superset
 CVE-2024-39700 (JupyterLab extension template is a  `copier` template for 
JupyterLab e ...)
-       TODO: check
+       NOT-FOR-US: JupyterLab extension template
 CVE-2024-39036 (SeaCMS v12.9 is vulnerable to Arbitrary File Read via 
admin_safe.php.)
        NOT-FOR-US: SeaCMS
 CVE-2024-35338 (Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded 
password  ...)
@@ -328,7 +328,7 @@ CVE-2024-33181 (Tenda AC18 V15.03.3.10_EN was discovered to 
contain a stack-base
 CVE-2024-33180 (Tenda AC18 V15.03.3.10_EN was discovered to contain a 
stack-based buff ...)
        NOT-FOR-US: Tenda
 CVE-2024-32861 (Under certain circumstances the Software House C\u25cfCURE 
9000 Site S ...)
-       TODO: check
+       NOT-FOR-US: Johnson Controls
 CVE-2024-2691 (The WP Event Manager \u2013 Events Calendar, Registrations, 
Sell Ticke ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-22442 (The vulnerability could be remotely exploited to bypass 
authentication ...)
@@ -735,9 +735,9 @@ CVE-2024-41008 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.9.7-1
        NOTE: 
https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)
 CVE-2024-40632 (Linkerd is an open source, ultralight, security-first service 
mesh for ...)
-       TODO: check
+       NOT-FOR-US: Linkerd
 CVE-2024-40524 (Directory Traversal vulnerability in xmind2testcase v.1.5 
allows a rem ...)
-       TODO: check
+       NOT-FOR-US: xmind2testcase
 CVE-2023-52290 (In streampark-console the list pages(e.g: application pages), 
users ca ...)
        NOT-FOR-US: Apache StreamPark
 CVE-2024-6746 (A vulnerability classified as problematic was found in 
NaiboWang EasyS ...)
@@ -757,7 +757,7 @@ CVE-2024-6398 (An information disclosure vulnerability in 
SWG in versions 12.x p
 CVE-2024-5402 (Unquoted Search Path or Element vulnerability in ABB Mint 
Workbench.   ...)
        NOT-FOR-US: ABB
 CVE-2024-40631 (Plate media is an open source, rich-text editor for React. 
Editors tha ...)
-       TODO: check
+       NOT-FOR-US: Plate media
 CVE-2024-40630 (OpenImageIO is a toolset for reading, writing, and 
manipulating image  ...)
        - openimageio <unfixed>
        NOTE: 
https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-jjm9-9m4m-c8p2
@@ -781,13 +781,13 @@ CVE-2024-40415 (A vulnerability in 
/goform/SetStaticRouteCfg in the sub_519F4 fu
 CVE-2024-40414 (A vulnerability in /goform/SetNetControlList in the sub_656BC 
function ...)
        NOT-FOR-US: Tenda
 CVE-2024-39919 (@jmondi/url-to-png is an open source URL to PNG utility 
featuring para ...)
-       TODO: check
+       NOT-FOR-US: jasonraimondi/url-to-png
 CVE-2024-39918 (@jmondi/url-to-png is an open source URL to PNG utility 
featuring para ...)
-       TODO: check
+       NOT-FOR-US: jasonraimondi/url-to-png
 CVE-2024-39915 (Thruk is a multibackend monitoring webinterface for Naemon, 
Nagios, Ic ...)
        NOT-FOR-US: Thruk
 CVE-2024-39912 (web-auth/webauthn-lib is an open source set of PHP libraries 
and a Sym ...)
-       TODO: check
+       NOT-FOR-US: web-auth/webauthn-lib PHP libraries and Symfony bundle
 CVE-2024-39827 (Improper input validation in the installer for Zoom Workplace 
Desktop  ...)
        NOT-FOR-US: Zoom
 CVE-2024-39826 (Path traversal in Team Chat for some Zoom Workplace Apps and 
SDKs for  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24e2f14047b59dfd92754edddb842db7f8c5b9a2

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24e2f14047b59dfd92754edddb842db7f8c5b9a2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to