[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 11 09:03:44 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff4f9407 by Moritz Muehlenhoff at 2024-06-11T10:02:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2024-5203
+	NOT-FOR-US: Keycloak
 CVE-2024-3183
 	- freeipa <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
@@ -21,19 +23,19 @@ CVE-2024-4403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the r
 CVE-2024-3850 (Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting ...)
 	NOT-FOR-US: Uniview NVR301-04S2-P4
 CVE-2024-3700 (Use of hard-coded password to the patients' database allows an attacke ...)
-	TODO: check
+	NOT-FOR-US: Simple Care
 CVE-2024-3699 (Use of hard-coded password to the patients' database allows an attacke ...)
-	TODO: check
+	NOT-FOR-US: drEryk Gabinet
 CVE-2024-37393 (Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA befor ...)
 	NOT-FOR-US: SecurEnvoy MFA
 CVE-2024-37051 (GitHub access token could be exposed to third-party sites in JetBrains ...)
-	TODO: check
+	- intellij-idea <itp> (bug #747616)
 CVE-2024-37014 (Langflow through 0.6.19 allows remote code execution if untrusted user ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2024-36531 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vu ...)
-	TODO: check
+	NOT-FOR-US: nukeviet
 CVE-2024-36528 (nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a ...)
-	TODO: check
+	NOT-FOR-US: nukeviet
 CVE-2024-36417 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2024-36415 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
@@ -111,31 +113,31 @@ CVE-2024-31612 (Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF)
 CVE-2024-31611 (SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.)
 	NOT-FOR-US: SeaCMS
 CVE-2024-28833 (Improper restriction of excessive authentication attempts with two fac ...)
-	TODO: check
+	- check-mk <removed>
 CVE-2024-27792 (This issue was addressed by adding an additional prompt for user conse ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-26507 (An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, ...)
 	NOT-FOR-US: FinalWire
 CVE-2024-23524 (Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-23299 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-22298 (Missing Authorization vulnerability in TMS Amelia ameliabooking.This i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-22296 (Missing Authorization vulnerability in Code for Recovery 12 Step Meeti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-22279 (Improper handling of requests in Routing Release > v0.273.0 and <= v0. ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2024-21751 (Missing Authorization vulnerability in RabbitLoader.This issue affects ...)
 	TODO: check
 CVE-2024-1228 (Use of hard-coded password to the patients' database allows an attacke ...)
-	TODO: check
+	NOT-FOR-US: Eurosoft Przychodnia
 CVE-2023-40389 (The issue was addressed with improved restriction of data container ac ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2022-48683 (An access issue was addressed with additional sandbox restrictions. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2022-48578 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-36972 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux <unfixed>
 	[bullseye] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff4f940718ebc2a300bceef0b7971a1ceafb3240

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff4f940718ebc2a300bceef0b7971a1ceafb3240
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240611/7f638c89/attachment.htm>

More information about the debian-security-tracker-commits mailing list