[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
409e87f7 by Moritz Muehlenhoff at 2024-04-17T13:47:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2024-3867 (The archive-tainacan-collection theme for WordPress is vulnerable
 CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...)
 	- check-mk <removed>
 CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
@@ -37,15 +37,15 @@ CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vuln
 CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32634 (In huge memory get unmapped area check, code can never be reached beca ...)
-	TODO: check
+	NOT-FOR-US: ASR Falcon
 CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk test will a ...)
-	TODO: check
+	NOT-FOR-US: ASR Falcon
 CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing incorrect o ...)
-	TODO: check
+	NOT-FOR-US: ASR Falcon
 CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect compu ...)
-	TODO: check
+	NOT-FOR-US: ASR Falcon
 CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will contain ...)
-	TODO: check
+	NOT-FOR-US: ASR Falcon
 CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed Optimizer.This ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This issue affec ...)
@@ -113,7 +113,7 @@ CVE-2024-30380 (An Improper Handling of Exceptional Conditions vulnerability in
 CVE-2024-30378 (A Use After Free vulnerability in command processing of Juniper Networ ...)
 	NOT-FOR-US: Juniper
 CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2024-2309 (The WP STAGING WordPress Backup Plugin  WordPress plugin before 3.4.0, ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress plugin ...)
@@ -127,7 +127,7 @@ CVE-2024-29402 (cskefu v7 suffers from Insufficient Session Expiration, which al
 CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a remote attack ...)
 	TODO: check
 CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to call protec ...)
-	TODO: check
+	NOT-FOR-US: microsoft-authentication-library-for-dotnet
 CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-22440 (A potential security vulnerability has been identified in HPE Compute  ...)
@@ -179,7 +179,7 @@ CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
 CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
-	TODO: check
+	NOT-FOR-US: MySQL Cluster
 CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
 	NOT-FOR-US: Oracle
 CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
@@ -423,13 +423,13 @@ CVE-2024-1219 (The Easy Social Feed  WordPress plugin before 6.5.6 does not vali
 CVE-2024-0868 (The coreActivity: Activity Logging plugin for WordPress plugin before  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51391 (A bug in Micrium OS Network HTTP Server permits an invalid pointer der ...)
-	TODO: check
+	NOT-FOR-US: Micrium OS Network HTTP Server
 CVE-2023-50872 (The API in Accredible Credential.net December 6th, 2023 allows an Inse ...)
-	TODO: check
+	NOT-FOR-US: Accredible Credential.net API
 CVE-2023-45000 (Missing Authorization vulnerability in LiteSpeed Technologies LiteSpee ...)
-	TODO: check
+	NOT-FOR-US: LiteSpeed Technologies
 CVE-2023-40000 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: LiteSpeed Technologies
 CVE-2024-XXXX [gix-transport indirect code execution via malicious username]
 	- rust-gix-transport 0.42.0-1
 	NOTE: https://github.com/advisories/GHSA-98p4-xjmm-8mfh



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/409e87f713d2b6df0358a32712d6ff1b48156eb4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/409e87f713d2b6df0358a32712d6ff1b48156eb4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240417/7bcd6225/attachment-0001.htm>