[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 17 Apr 2024 04:48:26 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
409e87f7 by Moritz Muehlenhoff at 2024-04-17T13:47:47+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,7 +29,7 @@ CVE-2024-3867 (The archive-tainacan-collection theme for 
WordPress is vulnerable
 CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to 
Stored Cr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras 
framewo ...)
-       TODO: check
+       - tensorflow <itp> (bug #804612)
 CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 
2.0.0, 2.1. ...)
        - check-mk <removed>
 CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is 
vulnerabl ...)
@@ -37,15 +37,15 @@ CVE-2024-3243 (The Customer Reviews for WooCommerce plugin 
for WordPress is vuln
 CVE-2024-3067 (The WooCommerce Google Feed Manager plugin for WordPress is 
vulnerable ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32634 (In huge memory get unmapped area check, code can never be 
reached beca ...)
-       TODO: check
+       NOT-FOR-US: ASR Falcon
 CVE-2024-32633 (An unsigned value can never be negative, so eMMC full disk 
test will a ...)
-       TODO: check
+       NOT-FOR-US: ASR Falcon
 CVE-2024-32632 (A value in ATCMD will be misinterpreted by printf, causing 
incorrect o ...)
-       TODO: check
+       NOT-FOR-US: ASR Falcon
 CVE-2024-32631 (Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause 
incorrect compu ...)
-       TODO: check
+       NOT-FOR-US: ASR Falcon
 CVE-2024-32625 (In OffloadAMRWriter, a scalar field is not initialized so will 
contain ...)
-       TODO: check
+       NOT-FOR-US: ASR Falcon
 CVE-2024-32532 (Missing Authorization vulnerability in SiteGround Speed 
Optimizer.This ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32525 (Missing Authorization vulnerability in Theme My Login.This 
issue affec ...)
@@ -113,7 +113,7 @@ CVE-2024-30380 (An Improper Handling of Exceptional 
Conditions vulnerability in
 CVE-2024-30378 (A Use After Free vulnerability in command processing of 
Juniper Networ ...)
        NOT-FOR-US: Juniper
 CVE-2024-30256 (Open WebUI is a user-friendly WebUI for LLMs. Open-webui is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: Open WebUI
 CVE-2024-2309 (The WP STAGING WordPress Backup Plugin  WordPress plugin before 
3.4.0, ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-2118 (The Social Media Share Buttons & Social Sharing Icons WordPress 
plugin ...)
@@ -127,7 +127,7 @@ CVE-2024-29402 (cskefu v7 suffers from Insufficient Session 
Expiration, which al
 CVE-2024-29291 (An issue in Laravel Framework 8 through 11 might allow a 
remote attack ...)
        TODO: check
 CVE-2024-27086 (The MSAL library enabled acquisition of security tokens to 
call protec ...)
-       TODO: check
+       NOT-FOR-US: microsoft-authentication-library-for-dotnet
 CVE-2024-25911 (Missing Authorization vulnerability in Skymoon Labs 
MoveTo.This issue  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-22440 (A potential security vulnerability has been identified in HPE 
Compute  ...)
@@ -179,7 +179,7 @@ CVE-2024-21103 (Vulnerability in the Oracle VM VirtualBox 
product of Oracle Virt
 CVE-2024-21102 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2024-21101 (Vulnerability in the MySQL Cluster product of Oracle MySQL 
(component: ...)
-       TODO: check
+       NOT-FOR-US: MySQL Cluster
 CVE-2024-21100 (Vulnerability in the Oracle Commerce Platform product of 
Oracle Commer ...)
        NOT-FOR-US: Oracle
 CVE-2024-21099 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
@@ -423,13 +423,13 @@ CVE-2024-1219 (The Easy Social Feed  WordPress plugin 
before 6.5.6 does not vali
 CVE-2024-0868 (The coreActivity: Activity Logging plugin for WordPress plugin 
before  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-51391 (A bug in Micrium OS Network HTTP Server permits an invalid 
pointer der ...)
-       TODO: check
+       NOT-FOR-US: Micrium OS Network HTTP Server
 CVE-2023-50872 (The API in Accredible Credential.net December 6th, 2023 allows 
an Inse ...)
-       TODO: check
+       NOT-FOR-US: Accredible Credential.net API
 CVE-2023-45000 (Missing Authorization vulnerability in LiteSpeed Technologies 
LiteSpee ...)
-       TODO: check
+       NOT-FOR-US: LiteSpeed Technologies
 CVE-2023-40000 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: LiteSpeed Technologies
 CVE-2024-XXXX [gix-transport indirect code execution via malicious username]
        - rust-gix-transport 0.42.0-1
        NOTE: https://github.com/advisories/GHSA-98p4-xjmm-8mfh



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/409e87f713d2b6df0358a32712d6ff1b48156eb4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/409e87f713d2b6df0358a32712d6ff1b48156eb4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to