[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 20 Jun 2024 00:02:03 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
60ab5106 by Moritz Muehlenhoff at 2024-06-20T08:49:39+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,17 +13,17 @@ CVE-2024-38356 (TinyMCE is an open source rich text editor. 
A cross-site scripti
        NOTE: 
https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph
        NOTE: 
https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d
 CVE-2024-38355 (Socket.IO is an open source, real-time, bidirectional, 
event-based, co ...)
-       TODO: check
+       NOT-FOR-US: Socket.IO
 CVE-2024-38352
        REJECTED
 CVE-2024-38329 (IBM Storage Protect for Virtual Environments: Data Protection 
for VMwa ...)
        NOT-FOR-US: IBM
 CVE-2024-36117 (Reposilite is an open source, lightweight and easy-to-use 
repository m ...)
-       TODO: check
+       NOT-FOR-US: Reposilite
 CVE-2024-36116 (Reposilite is an open source, lightweight and easy-to-use 
repository m ...)
-       TODO: check
+       NOT-FOR-US: Reposilite
 CVE-2024-36115 (Reposilite is an open source, lightweight and easy-to-use 
repository m ...)
-       TODO: check
+       NOT-FOR-US: Reposilite
 CVE-2024-35780 (Deserialization of Untrusted Data vulnerability in Live 
Composer Team  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-35765 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
@@ -35,9 +35,9 @@ CVE-2024-34444 (Missing Authorization vulnerability in 
ThemePunch OHG Slider Rev
 CVE-2024-34443 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32030 (Kafka UI is an Open-Source Web UI for Apache Kafka Management. 
Kafka U ...)
-       TODO: check
+       NOT-FOR-US: Kafka UI
 CVE-2024-22263 (Spring Cloud Data Flow is a microservices-based Streaming and 
Batch da ...)
-       TODO: check
+       NOT-FOR-US: Kafka UISpring Cloud Data Flow
 CVE-2024-0383 (The WP Recipe Maker plugin for WordPress is vulnerable to 
Stored Cross ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-6495 (The YARPP \u2013 Yet Another Related Posts Plugin plugin for 
WordPress ...)
@@ -75,7 +75,7 @@ CVE-2023-41805 (Missing Authorization vulnerability in 
Brainstorm Force Premium
 CVE-2023-40608 (Missing Authorization vulnerability in Paid Memberships Pro 
Paid Membe ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-40004 (Missing Authorization vulnerability in ServMask All-in-One WP 
Migratio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-39998 (Missing Authorization vulnerability in Muffingroup 
Betheme.This issue  ...)
        NOT-FOR-US: WordPress theme
 CVE-2023-39993 (Missing Authorization vulnerability in Wpmet Elements kit 
Elementor ad ...)
@@ -1763,9 +1763,11 @@ CVE-2024-36396 (Verint - CWE-434: Unrestricted Upload of 
File with Dangerous Typ
 CVE-2024-36395 (Verint - CWE-80: Improper Neutralization of Script-Related 
HTML Tags i ...)
        NOT-FOR-US: Verint
 CVE-2024-35328 (libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue 
is the fu ...)
-       TODO: check
+       NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
+       NOTE: https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
 CVE-2024-35326 (libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by 
this issu ...)
-       TODO: check
+       NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
+       NOTE: https://github.com/yaml/libyaml/issues/298#issuecomment-2167684233
 CVE-2024-35325 (A vulnerability was found in libyaml up to 0.2.5. Affected by 
this iss ...)
        NOT-FOR-US: libyaml non issue (misuse of API is not a vulerability)
        NOTE: https://github.com/yaml/libyaml/issues/297
@@ -2419,7 +2421,7 @@ CVE-2024-36454 (Use of uninitialized resource issue 
exists in IPCOM EX2 Series (
 CVE-2024-36103 (OS command injection vulnerability in WRC-X5400GS-B v1.0.10 
and earlie ...)
        NOT-FOR-US: WRC-X5400GS-B
 CVE-2024-35225 (Jupyter Server Proxy allows users to run arbitrary external 
processes  ...)
-       TODO: check
+       NOT-FOR-US: Jupyter Server Proxy
 CVE-2024-33606 (An attacker could retrieve sensitive files (medical images) as 
well as ...)
        NOT-FOR-US: MicroDicom DICOM Viewer system
 CVE-2024-28970 (Dell Client BIOS contains an Out-of-bounds Write 
vulnerability. A loca ...)
@@ -188326,7 +188328,7 @@ CVE-2022-23831 (Insufficient validation of the IOCTL 
input buffer in AMD \u03bcP
 CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP 
is enabl ...)
        NOT-FOR-US: AMD
 CVE-2022-23829 (A potential weakness in AMD SPI protection features may allow 
a malici ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2022-23828
        RESERVED
 CVE-2022-23827



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ab51060779f204820882c47229eee791d3ceae

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60ab51060779f204820882c47229eee791d3ceae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to