[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 14 Sep 2024 02:25:31 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c415fca2 by Salvatore Bonaccorso at 2024-09-14T11:24:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
 CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for 
WordPress is  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8775 (A flaw was found in Ansible, where sensitive information stored 
in Ans ...)
        TODO: check
 CVE-2024-8724 (The Waitlist Woocommerce ( Back in stock notifier ) plugin for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8669 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin 
for Word ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8479 (The The Simple Spoiler plugin for WordPress is vulnerable to 
arbitrary ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8271 (The The FOX \u2013 Currency Switcher Professional for 
WooCommerce plug ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8246 (The Post Form \u2013 Registration Form \u2013 Profile Form for 
User Pr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8039 (Improper permission configurationDomain configuration 
vulnerability of ...)
-       TODO: check
+       NOT-FOR-US: mobile application (com.afmobi.boomplayer)
 CVE-2024-6259 (BT: HCI: adv_ext_report Improper discarding in adv_ext_report)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-44096 (there is a possible arbitrary read due to an insecure default 
value. T ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2024-44095 (In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a 
possible corrup ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2024-44094 (In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a 
possible memory ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2024-44093 (In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a 
possible memory ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2024-44092 (In TBD of TBD, there is a possible LCS signing enforcement 
missing  du ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2024-29779 (there is a possible escalation of privilege due to an unusual 
root cau ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2024-8784 (A vulnerability classified as critical was found in QDocs Smart 
School ...)
        NOT-FOR-US: QDocs Smart School Management System
 CVE-2024-8783 (A vulnerability classified as problematic has been found in 
OpenTibiaB ...)
@@ -79,15 +79,15 @@ CVE-2024-6582 (A broken access control vulnerability exists 
in the latest versio
 CVE-2024-6544 (The Custom Post Limits plugin for WordPress is vulnerable to 
full path ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6258 (BT: Missing length checks of net_buf in rfcomm_handle_data)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-6137 (BT: Classic: SDP OOB access in get_att_search_list)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-6135 (BT:Classic: Multiple missing buf length checks)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-6087 (An improper access control vulnerability exists in 
lunary-ai/lunary at ...)
        NOT-FOR-US: lunary-ai/lunary
 CVE-2024-5931 (BT: Unchecked user input in bap_broadcast_assistant)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-5884 (The Beauty theme for WordPress is vulnerable to Stored 
Cross-Site Scri ...)
        NOT-FOR-US: WordPress theme
 CVE-2024-5870 (The Tweaker5 theme for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
@@ -99,7 +99,7 @@ CVE-2024-5867 (The Delicate theme for WordPress is vulnerable 
to Stored Cross-Si
 CVE-2024-5789 (The Triton Lite theme for WordPress is vulnerable to Stored 
Cross-Site ...)
        NOT-FOR-US: WordPress theme
 CVE-2024-5754 (BT: Encryption procedure host vulnerability)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2024-4550 (A potential buffer overflow vulnerability was reported in some 
Lenovo  ...)
        NOT-FOR-US: Lenovo
 CVE-2024-46049 (Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack 
overflow vulner ...)
@@ -115,7 +115,7 @@ CVE-2024-46045 (Tenda CH22 V1.0.0.6(468) has a stack 
overflow vulnerability loca
 CVE-2024-46044 (CH22 V1.0.0.6(468) has a stack overflow vulnerability located 
in the f ...)
        NOT-FOR-US: CH22
 CVE-2024-45368 (The H2-DM1E PLC's authentication protocol appears to utilize 
either a  ...)
-       TODO: check
+       NOT-FOR-US: H2-DM1E PLC
 CVE-2024-45113 (ColdFusion versions 2023.6, 2021.12 and earlier are affected 
by an Imp ...)
        TODO: check
 CVE-2024-45112 (Acrobat Reader versions 24.002.21005, 24.001.30159, 
20.005.30655, 24.0 ...)
@@ -149,9 +149,9 @@ CVE-2024-43758 (Illustrator versions 28.6, 27.9.5 and 
earlier are affected by a
 CVE-2024-43756 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are 
affected by a ...)
        NOT-FOR-US: Adobe
 CVE-2024-43099 (The session hijacking attack targets the application layer's 
control m ...)
-       TODO: check
+       NOT-FOR-US: DirectLogic H2-DM1E
 CVE-2024-42025 (A Command Injection vulnerability found in a Self-Hosted UniFi 
Network ...)
-       TODO: check
+       NOT-FOR-US: UniFi Network Application
 CVE-2024-41874 (ColdFusion versions 2023.9, 2021.15 and earlier are affected 
by a Dese ...)
        TODO: check
 CVE-2024-41869 (Acrobat Reader versions 24.002.21005, 24.001.30159, 
20.005.30655, 24.0 ...)
@@ -154301,7 +154301,7 @@ CVE-2022-3461 (In PHOENIX CONTACT Automationworx 
Software Suite up to version 1.
 CVE-2022-3460 (In affected versions of Octopus Deploy it is possible for 
certain type ...)
        NOT-FOR-US: Octopus Deploy
 CVE-2022-3459 (The WooCommerce Multiple Free Gift plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource 
Manage ...)
        NOT-FOR-US: SourceCodester
 CVE-2022-42867 (A use after free issue was addressed with improved memory 
management.  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c415fca2941850409d9c0b58e0e360d5fed80ca9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c415fca2941850409d9c0b58e0e360d5fed80ca9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to