[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 06 Dec 2024 01:38:00 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
475acb13 by Salvatore Bonaccorso at 2024-12-06T10:37:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-9769 (The Video Gallery \u2013 Best WordPress YouTube Gallery plugin 
for Wor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6219 (Mark Laing discovered in LXD's PKI mode, until version 5.21.1, 
that a  ...)
        TODO: check
 CVE-2024-6156 (Mark Laing discovered that LXD's PKI mode, until version 
5.21.2, could ...)
@@ -9,13 +9,13 @@ CVE-2024-54140 (sigstore-java is a sigstore java client for 
interacting with sig
 CVE-2024-53589 (GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD 
(Binary F ...)
        TODO: check
 CVE-2024-53523 (JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: JSFinder
 CVE-2024-53457 (A stored cross-site scripting (XSS) vulnerability in the 
Device Settin ...)
-       TODO: check
+       NOT-FOR-US: LibreNMS
 CVE-2024-52798 (path-to-regexp turns path strings into a regular expressions. 
In certa ...)
        TODO: check
 CVE-2024-49041 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-38920 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
        TODO: check
 CVE-2024-38910 (Open Robotics Robotic Operating System 2 (ROS2) and Nav2 
humble versio ...)
@@ -39,27 +39,27 @@ CVE-2024-30961 (Insecure Permissions vulnerability in Open 
Robotics Robotic Oper
 CVE-2024-12064
        REJECTED
 CVE-2024-11585 (The WP Hide & Security Enhancer plugin for WordPress is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11379 (The Broadcast plugin for WordPress is vulnerable to Reflected 
Cross-Si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11201 (The myCred \u2013 Loyalty Points and Rewards plugin for 
WordPress and  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11178 (The Login With OTP plugin for WordPress is vulnerable to 
authenticatio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-11149 (In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR 
limits p ...)
        TODO: check
 CVE-2024-10933 (In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 
022, ex ...)
        TODO: check
 CVE-2024-10836 (The Flixita theme for WordPress is vulnerable to Reflected 
Cross-Site  ...)
-       TODO: check
+       NOT-FOR-US: WordPress theme
 CVE-2024-10578 (The Pubnews theme for WordPress is vulnerable to unauthorized 
arbitrar ...)
-       TODO: check
+       NOT-FOR-US: WordPress theme
 CVE-2024-10551 (The Sticky Social Icons WordPress plugin through 1.2.1 does 
not saniti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10480 (The 3DPrint Lite WordPress plugin before 2.1 does not have 
CSRF check  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10247 (The Video Gallery \u2013 Best WordPress YouTube Gallery Plugin 
plugin  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6784 (Server-Side Request Forgery vulnerabilities were found 
providing a pot ...)
        NOT-FOR-US: ABB
 CVE-2024-6516 (Cross Site Scripting vulnerabilities where found providing a 
potential ...)
@@ -208,15 +208,15 @@ CVE-2024-11155 (A \u201cuse after free\u201d  code 
execution vulnerability exist
 CVE-2024-11148 (In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 
020, ht ...)
        TODO: check
 CVE-2024-10937 (The Related Posts, Inline Related Posts, Contextual Related 
Posts, Rel ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10848 (The NewsMunch theme for WordPress is vulnerable to Stored 
Cross-Site S ...)
-       TODO: check
+       NOT-FOR-US: WordPress theme
 CVE-2024-10777 (The AnyWhere Elementor plugin for WordPress is vulnerable to 
Informati ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-10716 (Pega Platform versions 8.1 to Infinity 24.2.0 are affected by 
an XSS i ...)
-       TODO: check
+       NOT-FOR-US: Pega Platform
 CVE-2024-10056 (The Contact Form Builder by vcita plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-50913 (Oxide control plane software before 5 allows SSRF.)
        TODO: check
 CVE-2023-48010 (STMicroelectronics SPC58 is vulnerable to Missing Protection 
Mechanism ...)
@@ -476532,7 +476532,7 @@ CVE-2018-9464
 CVE-2018-9463 (In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there 
is a pos ...)
        TODO: check
 CVE-2018-9462 (In store_cmd of ftm4_pdc.c, there is a possible out of bounds 
write du ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9461
        RESERVED
 CVE-2018-9460
@@ -476578,7 +476578,7 @@ CVE-2018-9441 (In sdp_copy_raw_data of 
sdp_discovery.cc, there is a possible out
 CVE-2018-9440 (In parse of M3UParser.cpp there is a possible resource 
exhaustion due  ...)
        NOT-FOR-US: Android Media Framework
 CVE-2018-9439 (In __unregister_prot_hook and packet_release of af_packet.c, 
there is  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9438 (When a device connects only over WiFi VPN, the device may not 
receive  ...)
        NOT-FOR-US: Android
 CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read 
due to  ...)
@@ -476647,31 +476647,31 @@ CVE-2018-9410 (In analyzeAxes of FontUtils.cpp, 
there is a possible out of bound
 CVE-2018-9409 (In HWCSession::SetColorModeById of hwc_session.cpp, there is a 
possibl ...)
        NOT-FOR-US: Android
 CVE-2018-9408 (In m3326_gps_write and m3326_gps_read of gps.s, there is a 
possible Ou ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9407 (In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information 
Disclosure  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9406
        RESERVED
 CVE-2018-9405
        RESERVED
 CVE-2018-9404 (In oemCallback of ril.cpp, there is a possible out of bounds 
write due ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9403 (In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of 
flp2hal_-     i ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9402 (In multiple functions of gl_proc.c, there is a buffer overwrite 
due to ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9401
        RESERVED
 CVE-2018-9400 (In gt1x_debug_write_proc and gt1x_tool_write of     
drivers/input/touc ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9399 (In /proc/driver/wmt_dbg driver, there are several possible out 
of boun ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9398 (In fm_set_stat of mediatek FM radio driver, there is a possible 
OOB wr ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9397 (In WMT_unlocked_ioctl of MTK WMT device driver, there is a 
possible OO ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9396 (In rpc_msg_handler and related handlers of 
drivers/misc/mediatek/eccci ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9395 (In mtk_cfg80211_vendor_packet_keep_alive_start and 
mtk_cfg80211_vendor ...)
        NOT-FOR-US: Android
 CVE-2018-9394 (In mtk_p2p_wext_set_key of 
drivers/misc/mediatek/connectivity/wlan/gen ...)
@@ -476681,17 +476681,17 @@ CVE-2018-9393 (In procfile_write of 
drivers/misc/mediatek/connectivity/wlan/gen2
 CVE-2018-9392 (In get_binary of 
vendor/mediatek/proprietary/hardware/connectivity/gps ...)
        NOT-FOR-US: Android
 CVE-2018-9391 (In update_gps_sv and output_vzw_debug of     
vendor/mediatek/proprieta ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9390 (In procfile_write of gl_proc.c, there is a possible out of  
bounds rea ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9389
        RESERVED
 CVE-2018-9388 (In store_upgrade and store_cmd of 
drivers/input/touchscreen/stm/ftm4_p ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9387
        RESERVED
 CVE-2018-9386 (In reboot_block_command of htc reboot_block driver, there is a 
possibl ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of 
bounds w ...)
        - linux 4.16.12-1
        [stretch] - linux 4.9.107-1
@@ -515612,7 +515612,7 @@ CVE-2017-13310 (In createFromParcel of 
ViewPager.java, there is a possible read/
 CVE-2017-13309 (In readEncryptedData of ConscryptEngine.java, there is a 
possible plai ...)
        NOT-FOR-US: Android
 CVE-2017-13308 (In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, 
there i ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel 
pci sysf ...)
        NOT-FOR-US: Android kernel (no source release, so apparently not in 
mainline)
 CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel 
mnh driv ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475acb1375fe6f891558f0325d66534936fe61e8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/475acb1375fe6f891558f0325d66534936fe61e8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to