[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 11 Jun 2024 07:15:06 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dcd582f1 by Moritz Muehlenhoff at 2024-06-11T16:14:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-5530 (The ShopLentor \u2013 WooCommerce Builder for Elementor & 
Gutenberg +1 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-5090 (The SiteOrigin Widgets Bundle plugin for WordPress is 
vulnerable to St ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-4319 (The Advanced Contact form 7 DB plugin for WordPress is 
vulnerable to u ...)
@@ -19,9 +19,9 @@ CVE-2024-37177 (SAP Financial Consolidation allows data to 
enter a Web applicati
 CVE-2024-37176 (SAP BW/4HANA Transformation and Data Transfer Process (DTP) 
allows an  ...)
        NOT-FOR-US: SAP
 CVE-2024-37169 (@jmondi/url-to-png is a self-hosted URL to PNG utility. 
Versions prior ...)
-       TODO: check
+       NOT-FOR-US: @jmondi/url-to-png
 CVE-2024-37168 (@grpc/grps-js implements the core functionality of gRPC purely 
in Java ...)
-       TODO: check
+       NOT-FOR-US: @grpc/grps-js
 CVE-2024-37166 (ghtml is software that uses tagged templates for template 
engine funct ...)
        TODO: check
 CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and 
prior, con ...)
@@ -29,7 +29,7 @@ CVE-2024-37130 (Dell OpenManage Server Administrator, 
versions 11.0.1.0 and prio
 CVE-2024-36473 (Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is 
vulnerabl ...)
        NOT-FOR-US: Trend Micro
 CVE-2024-36471 (Import functionality is vulnerable to DNS rebinding attacks 
between ve ...)
-       TODO: check
+       NOT-FOR-US: Apache Allura
 CVE-2024-36419 (SuiteCRM is an open-source Customer Relationship Management 
(CRM) soft ...)
        NOT-FOR-US: SuiteCRM
 CVE-2024-36418 (SuiteCRM is an open-source Customer Relationship Management 
(CRM) soft ...)
@@ -37,7 +37,7 @@ CVE-2024-36418 (SuiteCRM is an open-source Customer 
Relationship Management (CRM
 CVE-2024-36416 (SuiteCRM is an open-source Customer Relationship Management 
(CRM) soft ...)
        NOT-FOR-US: SuiteCRM
 CVE-2024-36360 (OS command injection vulnerability exists in awkblog v0.0.1 
(commit ha ...)
-       TODO: check
+       NOT-FOR-US: awkblog
 CVE-2024-36359 (A cross-site scripting (XSS) vulnerability in Trend Micro 
InterScan We ...)
        NOT-FOR-US: Trend Micro
 CVE-2024-36358 (A link following vulnerability in Trend Micro Deep Security 
20.x agent ...)
@@ -101,85 +101,85 @@ CVE-2024-29855 (Hard-coded JWT secret allows 
authentication bypass in Veeam Reco
 CVE-2024-28164 (SAP NetWeaver AS Java (CAF - Guided Procedures) allows an 
unauthentica ...)
        NOT-FOR-US: SAP
 CVE-2024-27885 (This issue was addressed with improved validation of symlinks. 
This is ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27857 (An out-of-bounds access issue was addressed with improved 
bounds check ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27855 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27851 (The issue was addressed with improved bounds checks. This 
issue is fix ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27850 (This issue was addressed with improvements to the noise 
injection algo ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27848 (This issue was addressed with improved permissions checking. 
This issu ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27845 (A privacy issue was addressed with improved handling of 
temporary file ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27844 (The issue was addressed with improved checks. This issue is 
fixed in v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27840 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27838 (The issue was addressed by adding additional logic. This issue 
is fixe ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27836 (The issue was addressed with improved checks. This issue is 
fixed in v ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27833 (An integer overflow was addressed with improved input 
validation. This ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27832 (The issue was addressed with improved checks. This issue is 
fixed in t ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27831 (An out-of-bounds write issue was addressed with improved input 
validat ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27830 (This issue was addressed through improved state management. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27828 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27820 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27819 (The issue was addressed by restricting options offered on a 
locked dev ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27817 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27815 (An out-of-bounds write issue was addressed with improved input 
validat ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27814 (This issue was addressed through improved state management. 
This issue ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27812 (The issue was addressed with improvements to the file handling 
protoco ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27811 (The issue was addressed with improved checks. This issue is 
fixed in t ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27808 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27807 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27806 (This issue was addressed with improved environment 
sanitization. This  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27805 (An issue was addressed with improved validation of environment 
variabl ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27802 (An out-of-bounds read was addressed with improved input 
validation. Th ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27801 (The issue was addressed with improved checks. This issue is 
fixed in t ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27800 (This issue was addressed by removing the vulnerable code. This 
issue i ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-27799 (This issue was addressed with additional entitlement checks. 
This issu ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-23282 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-23251 (An authentication issue was addressed with improved state 
management.  ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2024-22261 (SQL-Injection in Harbor allows priviledge users to leak the 
task IDs)
-       TODO: check
+       NOT-FOR-US: Harbor
 CVE-2024-22244 (Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may 
redirect ...)
-       TODO: check
+       NOT-FOR-US: Harbor
 CVE-2024-0653 (The Custom Field Template plugin for WordPress is vulnerable to 
Stored ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0627 (The Custom Field Template plugin for WordPress is vulnerable to 
Stored ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-7264 (The Build App Online plugin for WordPress is vulnerable to 
account tak ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6748 (The Custom Field Template plugin for WordPress is vulnerable to 
Sensit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to 
Stored ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-5203
        NOT-FOR-US: Keycloak
 CVE-2024-3183



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd582f1fef21a351eda96eb05f52415af312061

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd582f1fef21a351eda96eb05f52415af312061
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to