[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 20 08:01:53 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60ab5106 by Moritz Muehlenhoff at 2024-06-20T08:49:39+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,17 +13,17 @@ CVE-2024-38356 (TinyMCE is an open source rich text editor. A cross-site scripti
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph
 	NOTE: https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d
 CVE-2024-38355 (Socket.IO is an open source, real-time, bidirectional, event-based, co ...)
-	TODO: check
+	NOT-FOR-US: Socket.IO
 CVE-2024-38352
 	REJECTED
 CVE-2024-38329 (IBM Storage Protect for Virtual Environments: Data Protection for VMwa ...)
 	NOT-FOR-US: IBM
 CVE-2024-36117 (Reposilite is an open source, lightweight and easy-to-use repository m ...)
-	TODO: check
+	NOT-FOR-US: Reposilite
 CVE-2024-36116 (Reposilite is an open source, lightweight and easy-to-use repository m ...)
-	TODO: check
+	NOT-FOR-US: Reposilite
 CVE-2024-36115 (Reposilite is an open source, lightweight and easy-to-use repository m ...)
-	TODO: check
+	NOT-FOR-US: Reposilite
 CVE-2024-35780 (Deserialization of Untrusted Data vulnerability in Live Composer Team  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-35765 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -35,9 +35,9 @@ CVE-2024-34444 (Missing Authorization vulnerability in ThemePunch OHG Slider Rev
 CVE-2024-34443 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32030 (Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka U ...)
-	TODO: check
+	NOT-FOR-US: Kafka UI
 CVE-2024-22263 (Spring Cloud Data Flow is a microservices-based Streaming and Batch da ...)
-	TODO: check
+	NOT-FOR-US: Kafka UISpring Cloud Data Flow
 CVE-2024-0383 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6495 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for WordPress ...)
@@ -75,7 +75,7 @@ CVE-2023-41805 (Missing Authorization vulnerability in Brainstorm Force Premium
 CVE-2023-40608 (Missing Authorization vulnerability in Paid Memberships Pro Paid Membe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-40004 (Missing Authorization vulnerability in ServMask All-in-One WP Migratio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-39998 (Missing Authorization vulnerability in Muffingroup Betheme.This issue  ...)
 	NOT-FOR-US: WordPress theme
 CVE-2023-39993 (Missing Authorization vulnerability in Wpmet Elements kit Elementor ad ...)
@@ -1763,9 +1763,11 @@ CVE-2024-36396 (Verint - CWE-434: Unrestricted Upload of File with Dangerous Typ
 CVE-2024-36395 (Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags i ...)
 	NOT-FOR-US: Verint
 CVE-2024-35328 (libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the fu ...)
-	TODO: check
+	NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
+	NOTE: https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
 CVE-2024-35326 (libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issu ...)
-	TODO: check
+	NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
+	NOTE: https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
 CVE-2024-35325 (A vulnerability was found in libyaml up to 0.2.5. Affected by this iss ...)
 	NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
 	NOTE: https://github.com/yaml/libyaml/issues/297
@@ -2419,7 +2421,7 @@ CVE-2024-36454 (Use of uninitialized resource issue exists in IPCOM EX2 Series (
 CVE-2024-36103 (OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlie ...)
 	NOT-FOR-US: WRC-X5400GS-B
 CVE-2024-35225 (Jupyter Server Proxy allows users to run arbitrary external processes  ...)
-	TODO: check
+	NOT-FOR-US: Jupyter Server Proxy
 CVE-2024-33606 (An attacker could retrieve sensitive files (medical images) as well as ...)
 	NOT-FOR-US: MicroDicom DICOM Viewer system
 CVE-2024-28970 (Dell Client BIOS contains an Out-of-bounds Write vulnerability. A loca ...)
@@ -188326,7 +188328,7 @@ CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD \u03bcP
 CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP is enabl ...)
 	NOT-FOR-US: AMD
 CVE-2022-23829 (A potential weakness in AMD SPI protection features may allow a malici ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2022-23828
 	RESERVED
 CVE-2022-23827



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ab51060779f204820882c47229eee791d3ceae

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ab51060779f204820882c47229eee791d3ceae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240620/b74d188d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list