[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 11 15:14:59 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcd582f1 by Moritz Muehlenhoff at 2024-06-11T16:14:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-5530 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5090 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4319 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to u ...)
@@ -19,9 +19,9 @@ CVE-2024-37177 (SAP Financial Consolidation allows data to enter a Web applicati
 CVE-2024-37176 (SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an  ...)
 	NOT-FOR-US: SAP
 CVE-2024-37169 (@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior ...)
-	TODO: check
+	NOT-FOR-US: @jmondi/url-to-png
 CVE-2024-37168 (@grpc/grps-js implements the core functionality of gRPC purely in Java ...)
-	TODO: check
+	NOT-FOR-US: @grpc/grps-js
 CVE-2024-37166 (ghtml is software that uses tagged templates for template engine funct ...)
 	TODO: check
 CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...)
@@ -29,7 +29,7 @@ CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prio
 CVE-2024-36473 (Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerabl ...)
 	NOT-FOR-US: Trend Micro
 CVE-2024-36471 (Import functionality is vulnerable to DNS rebinding attacks between ve ...)
-	TODO: check
+	NOT-FOR-US: Apache Allura
 CVE-2024-36419 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2024-36418 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
@@ -37,7 +37,7 @@ CVE-2024-36418 (SuiteCRM is an open-source Customer Relationship Management (CRM
 CVE-2024-36416 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2024-36360 (OS command injection vulnerability exists in awkblog v0.0.1 (commit ha ...)
-	TODO: check
+	NOT-FOR-US: awkblog
 CVE-2024-36359 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...)
 	NOT-FOR-US: Trend Micro
 CVE-2024-36358 (A link following vulnerability in Trend Micro Deep Security 20.x agent ...)
@@ -101,85 +101,85 @@ CVE-2024-29855 (Hard-coded JWT secret allows authentication bypass in Veeam Reco
 CVE-2024-28164 (SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthentica ...)
 	NOT-FOR-US: SAP
 CVE-2024-27885 (This issue was addressed with improved validation of symlinks. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27857 (An out-of-bounds access issue was addressed with improved bounds check ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27855 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27851 (The issue was addressed with improved bounds checks. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27850 (This issue was addressed with improvements to the noise injection algo ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27848 (This issue was addressed with improved permissions checking. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27845 (A privacy issue was addressed with improved handling of temporary file ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27844 (The issue was addressed with improved checks. This issue is fixed in v ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27840 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27838 (The issue was addressed by adding additional logic. This issue is fixe ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27836 (The issue was addressed with improved checks. This issue is fixed in v ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27833 (An integer overflow was addressed with improved input validation. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27832 (The issue was addressed with improved checks. This issue is fixed in t ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27831 (An out-of-bounds write issue was addressed with improved input validat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27830 (This issue was addressed through improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27828 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27820 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27819 (The issue was addressed by restricting options offered on a locked dev ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27817 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27815 (An out-of-bounds write issue was addressed with improved input validat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27814 (This issue was addressed through improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27812 (The issue was addressed with improvements to the file handling protoco ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27811 (The issue was addressed with improved checks. This issue is fixed in t ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27808 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27807 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27806 (This issue was addressed with improved environment sanitization. This  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27805 (An issue was addressed with improved validation of environment variabl ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27802 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27801 (The issue was addressed with improved checks. This issue is fixed in t ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27800 (This issue was addressed by removing the vulnerable code. This issue i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-27799 (This issue was addressed with additional entitlement checks. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-23282 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-23251 (An authentication issue was addressed with improved state management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-22261 (SQL-Injection in Harbor allows priviledge users to leak the task IDs)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2024-22244 (Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect ...)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2024-0653 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0627 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7264 (The Build App Online plugin for WordPress is vulnerable to account tak ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6748 (The Custom Field Template plugin for WordPress is vulnerable to Sensit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5203
 	NOT-FOR-US: Keycloak
 CVE-2024-3183



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd582f1fef21a351eda96eb05f52415af312061

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcd582f1fef21a351eda96eb05f52415af312061
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240611/ba4e070f/attachment.htm>


More information about the debian-security-tracker-commits mailing list