[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue, 09 Jul 2024 11:51:59 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
627d4cf2 by Salvatore Bonaccorso at 2024-07-09T20:51:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -125,7 +125,7 @@ CVE-2024-3653 (A vulnerability was found in Undertow. This 
issue requires enabli
        - undertow <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274437
 CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not 
sanitise ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows 
contains t ...)
        NOT-FOR-US: SAP
 CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver 
Application Ser ...)
@@ -143,19 +143,19 @@ CVE-2024-39594 (SAP Business Warehouse - Business 
Planning and Simulation applic
 CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read 
confiden ...)
        NOT-FOR-US: SAP
 CVE-2024-39592 (Elements of PDCE does not perform necessary authorization 
checks for a ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for 
Node.js. Depend ...)
        TODO: check
 CVE-2024-37923 (Cross-Site Request Forgery (CSRF) vulnerability in Cliengo 
\u2013 Chat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-37555 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Zealo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-37180 (Under certain conditions SAP NetWeaver Application Server for 
ABAP and ...)
        NOT-FOR-US: SAP
 CVE-2024-37175 (SAP CRM WebClient does not perform necessary authorization 
check for a ...)
        NOT-FOR-US: SAP
 CVE-2024-37174 (Custom CSS support option in SAP CRM WebClient UI does not 
sufficientl ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-37173 (Due to insufficient input validation, SAP   CRM WebClient UI 
allows an ...)
        NOT-FOR-US: SAP
 CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment Management) does not 
perform nec ...)
@@ -163,25 +163,25 @@ CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment 
Management) does not perfo
 CVE-2024-37171 (SAP Transportation Management (Collaboration Portal) allows an 
attacke ...)
        NOT-FOR-US: SAP
 CVE-2024-34786 (UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd 
Generation  ...)
-       TODO: check
+       NOT-FOR-US: UniFi iOS app
 CVE-2024-34692 (Due to missing verification of file type or content, SAP 
Enable Now al ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2024-34689 (WebFlow Services of SAP Business Workflow allows an 
authenticated atta ...)
        NOT-FOR-US: SAP
 CVE-2024-34685 (Due to weak encoding of user-controlled input in SAP NetWeaver 
Knowled ...)
        NOT-FOR-US: SAP
 CVE-2024-28751 (An high privileged remote attacker can enable telnet access 
that accep ...)
-       TODO: check
+       NOT-FOR-US: ifm electronic GmbH
 CVE-2024-28750 (A remote attacker with high privileges may use a deleting file 
functio ...)
-       TODO: check
+       NOT-FOR-US: ifm electronic GmbH
 CVE-2024-28749 (A remote attacker with high privileges may use a writing file 
function ...)
-       TODO: check
+       NOT-FOR-US: ifm electronic GmbH
 CVE-2024-28748 (A remote attacker with high privileges may use a reading file 
function ...)
-       TODO: check
+       NOT-FOR-US: ifm electronic GmbH
 CVE-2024-28747 (An unauthenticated remote attacker can use the hard-coded 
credentials  ...)
-       TODO: check
+       NOT-FOR-US: ifm electronic GmbH
 CVE-2024-22062 (There is a permissions and access control vulnerability in 
ZXCLOUD IRA ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2024-37372
        - nodejs <not-affected> (Only affect Node.js on Windows)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
@@ -231,7 +231,7 @@ CVE-2024-39677 (NHibernate is an object-relational mapper 
for the .NET framework
 CVE-2024-39312 (Botan is a C++ cryptography library. X.509 certificates can 
identify e ...)
        TODO: check
 CVE-2024-39308 (RailsAdmin is a Rails engine that provides an interface for 
managing d ...)
-       TODO: check
+       NOT-FOR-US: RailsAdmin
 CVE-2024-39203 (A cross-site scripting (XSS) vulnerability in the Backend 
Theme Manage ...)
        NOT-FOR-US: Backend Theme Management module of Z-BlogPHP
 CVE-2024-39202 (D-Link DIR-823X firmware - 240126 was discovered to contain a 
remote c ...)
@@ -249,56 +249,56 @@ CVE-2024-27459 (The interactive service in OpenVPN 2.6.9 
and earlier allows an a
        - openvpn <not-affected> (Only affects Windows)
        NOTE: 
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
 CVE-2024-25639 (Khoj is an application that creates personal AI agents. The 
Khoj Obsid ...)
-       TODO: check
+       NOT-FOR-US: Khoj
 CVE-2024-24974 (The interactive service in OpenVPN 2.6.9 and earlier allows 
the OpenVP ...)
        - openvpn <not-affected> (Only affects Windows)
        NOTE: 
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
 CVE-2024-23562 (A security vulnerability in HCL Domino could allow disclosure 
of sensi ...)
        NOT-FOR-US: HCL Domino
 CVE-2024-21778 (A heap-based buffer overflow vulnerability exists in the 
configuration ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2024-1305 (tap-windows6 driver version 9.26 and earlier does not properly  
check  ...)
        TODO: check
 CVE-2023-50383 (Three os command injection vulnerabilities exist in the boa 
formWsc fu ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-50382 (Three os command injection vulnerabilities exist in the boa 
formWsc fu ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-50381 (Three os command injection vulnerabilities exist in the boa 
formWsc fu ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-50330 (A stack-based buffer overflow vulnerability exists in the boa 
getInfo  ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-50244 (Two stack-based buffer overflow vulnerabilities exist in the 
boa formI ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-50243 (Two stack-based buffer overflow vulnerabilities exist in the 
boa formI ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-50240 (Two stack-based buffer overflow vulnerabilities exist in the 
boa set_R ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-50239 (Two stack-based buffer overflow vulnerabilities exist in the 
boa set_R ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-49867 (A stack-based buffer overflow vulnerability exists in the boa 
formWsc  ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-49595 (A stack-based buffer overflow vulnerability exists in the boa 
rollback ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-49593 (Leftover debug code exists in the boa formSysCmd functionality 
of Leve ...)
-       TODO: check
+       NOT-FOR-US: LevelOne WBR-6013
 CVE-2023-49073 (A stack-based buffer overflow vulnerability exists in the boa 
formFilt ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-48270 (A stack-based buffer overflow vulnerability exists in the boa 
formDnsv ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-47856 (A stack-based buffer overflow vulnerability exists in the boa 
set_Radv ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-47677 (A cross-site request forgery (csrf) vulnerability exists in 
the boa CS ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-46685 (A hard-coded password vulnerability exists in the telnetd 
functionalit ...)
-       TODO: check
+       NOT-FOR-US: LevelOne WBR-6013
 CVE-2023-45742 (An integer overflow vulnerability exists in the boa 
updateConfigIntoFl ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-45215 (A stack-based buffer overflow vulnerability exists in the boa 
setRepea ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-41251 (A stack-based buffer overflow vulnerability exists in the boa 
formRout ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2023-34435 (A firmware update vulnerability exists in the boa formUpload 
functiona ...)
-       TODO: check
+       NOT-FOR-US: Realtek rtl819x Jungle SDK
 CVE-2024-6539 (A vulnerability classified as problematic has been found in 
heyewei Sp ...)
        NOT-FOR-US: heyewei SpringBootCMS
 CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository 
stitionai/dev ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627d4cf29b0334e92f1bdea6d7016c267d5e5993

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/627d4cf29b0334e92f1bdea6d7016c267d5e5993
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to