[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d38387d by Salvatore Bonaccorso at 2024-07-09T10:53:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,21 +61,21 @@ CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires enabli
 CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise ...)
 	TODO: check
 CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows contains t ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver Application Ser ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39598 (SAP CRM (WebClient UI Framework) allows an authenticated attacker to e ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39597 (In SAP Commerce, a user can misuse the forgotten password functionalit ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39596 (Due to missing authorization checks, SAP Enable Now allows an author t ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39595 (SAP Business Warehouse - Business Planning and Simulation application  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39594 (SAP Business Warehouse - Business Planning and Simulation application  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read confiden ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-39592 (Elements of PDCE does not perform necessary authorization checks for a ...)
 	TODO: check
 CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Depend ...)
@@ -85,25 +85,25 @@ CVE-2024-37923 (Cross-Site Request Forgery (CSRF) vulnerability in Cliengo \u201
 CVE-2024-37555 (Unrestricted Upload of File with Dangerous Type vulnerability in Zealo ...)
 	TODO: check
 CVE-2024-37180 (Under certain conditions SAP NetWeaver Application Server for ABAP and ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-37175 (SAP CRM WebClient does not perform necessary authorization check for a ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-37174 (Custom CSS support option in SAP CRM WebClient UI does not sufficientl ...)
 	TODO: check
 CVE-2024-37173 (Due to insufficient input validation, SAP   CRM WebClient UI allows an ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment Management) does not perform nec ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-37171 (SAP Transportation Management (Collaboration Portal) allows an attacke ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-34786 (UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation  ...)
 	TODO: check
 CVE-2024-34692 (Due to missing verification of file type or content, SAP Enable Now al ...)
 	TODO: check
 CVE-2024-34689 (WebFlow Services of SAP Business Workflow allows an authenticated atta ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-34685 (Due to weak encoding of user-controlled input in SAP NetWeaver Knowled ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2024-28751 (An high privileged remote attacker can enable telnet access that accep ...)
 	TODO: check
 CVE-2024-28750 (A remote attacker with high privileges may use a deleting file functio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d38387dc74f94e3887a37b6f0657104b44fffe9

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d38387dc74f94e3887a37b6f0657104b44fffe9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240709/71c9dd83/attachment-0001.htm>