[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 24 May 2024 07:33:48 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c8c0a5ec by Moritz Muehlenhoff at 2024-05-24T16:32:44+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,79 +13,79 @@ CVE-2024-4691
 CVE-2024-5273
        NOT-FOR-US: Jenkins plugin
 CVE-2024-5299 (D-Link D-View execMonitorScript Exposed Dangerous Method Remote 
Code E ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5298 (D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous 
Method  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5297 (D-Link D-View executeWmicCmd Command Injection Remote Code 
Execution V ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5296 (D-Link D-View Use of Hard-coded Cryptographic Key 
Authentication Bypas ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5295 (D-Link G416 flupl self Command Injection Remote Code Execution 
Vulnera ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5294 (D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak 
Denial-of-Ser ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5293 (D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote 
Code E ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5292 (D-Link Network Assistant Uncontrolled Search Path Element Local 
Privil ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5291 (D-Link DIR-2150 GetDeviceSettings Target Command Injection 
Remote Code ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2024-5279 (A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has 
been de ...)
-       TODO: check
+       NOT-FOR-US: Qiwen Netdisk
 CVE-2024-5247 (NETGEAR ProSAFE Network Management System UpLoadServlet 
Unrestricted F ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2024-5246 (NETGEAR ProSAFE Network Management System Tomcat Remote Code 
Execution ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2024-5245 (NETGEAR ProSAFE Network Management System Default Credentials 
Local Pr ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2024-5244 (TP-Link Omada ER605 Reliance on Security Through Obscurity 
Vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2024-5243 (TP-Link Omada ER605 Buffer Overflow Remote Code Execution 
Vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2024-5242 (TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code 
Execution  ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2024-5228 (TP-Link Omada ER605  Comexe DDNS Response Handling Heap-based 
Buffer O ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2024-5227 (TP-Link Omada ER605 PPTP VPN username Command Injection Remote 
Code Ex ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2024-5205 (The Videojs HTML5 Player plugin for WordPress is vulnerable to 
Stored  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-5142 (Stored Cross-Site Scripting vulnerability in Social Module in 
M-Files  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-5060 (The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin 
for Ele ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4544 (The Pie Register - Social Sites Login (Add on) plugin for 
WordPress is ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4485 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page 
Templa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4484 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page 
Templa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4409 (The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site 
Reques ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4366 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for 
WordPress is  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-3718 (The The Plus Addons for Elementor plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-3557 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-36361 (Pug through 3.0.2 allows JavaScript code execution if an 
application a ...)
-       TODO: check
+       NOT-FOR-US: Node pug
 CVE-2024-2784 (The The Plus Addons for Elementor plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-2618 (The Elementor Header & Footer Builder plugin for WordPress is 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1376 (The Event post plugin for WordPress is vulnerable to 
unauthorized bulk ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1332 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1134 (The SEOPress \u2013 On-site SEO plugin for WordPress is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0893 (The Schema App Structured Data plugin for WordPress is 
vulnerable to u ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to 
Unauthenticated Ho ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up 
to 202 ...)
-       TODO: check
+       NOT-FOR-US: zzdevelop lenosp
 CVE-2024-5274
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -189,7 +189,7 @@ CVE-2024-2861 (The ProfilePress plugin for WordPress is 
vulnerable to Stored Cro
 CVE-2024-2301 (Certain HP LaserJet Pro devices are potentially vulnerable to a 
Cross- ...)
        NOT-FOR-US: HP
 CVE-2024-28188 (Jupyter Scheduler is collection of extensions for programming 
jobs to  ...)
-       TODO: check
+       NOT-FOR-US: Jupyter Scheduler
 CVE-2024-26139 (OpenCTI is an open source platform allowing organizations to 
manage th ...)
        NOT-FOR-US: OpenCTI
 CVE-2024-1815 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for 
WordPress is  ...)
@@ -5130,7 +5130,7 @@ CVE-2024-4991 (Vulnerability in SiAdmin 1.1 that allows 
SQL injection via the /m
 CVE-2024-4984 (The Yoast SEO plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-4976 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to 
missing obj ...)
-       TODO: check
+       NOT-FOR-US: xpdf (Debian uses poppler, which forked a long time ago)
 CVE-2024-4975 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: code-projects Simple Chat System
 CVE-2024-4974 (A vulnerability, which was classified as problematic, was found 
in cod ...)
@@ -5357,7 +5357,7 @@ CVE-2024-34751 (Deserialization of Untrusted Data 
vulnerability in WebToffee Ord
 CVE-2024-34582 (Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows 
cgi/usrPa ...)
        NOT-FOR-US: Sunhillo SureLine
 CVE-2024-34273 (njwt up to v0.4.0 was discovered to contain a prototype 
pollution in t ...)
-       TODO: check
+       NOT-FOR-US: njwt
 CVE-2024-31226 (Sunshine is a self-hosted game stream host for Moonlight. 
Users who ra ...)
        NOT-FOR-US: Sunshine
 CVE-2024-30314 (Dreamweaver Desktop versions 21.3 and earlier are affected by 
an Impro ...)
@@ -5501,7 +5501,7 @@ CVE-2024-34955 (Code-projects Budget Management 1.0 is 
vulnerable to SQL Injecti
 CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross 
Site Script ...)
        NOT-FOR-US: Code-projects Budget Management
 CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding 
v5.0 and b ...)
-       TODO: check
+       NOT-FOR-US: r-pan-scaffolding
 CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and 
below allow ...)
        NOT-FOR-US: KYKMS
 CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 
allows atta ...)
@@ -5543,7 +5543,7 @@ CVE-2024-31410 (The devices which CyberPower PowerPanel 
manages use identical ce
 CVE-2024-31409 (Certain MQTT wildcards are not blocked on the  CyberPower 
PowerPanel   ...)
        NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31216 (The source-controller is a Kubernetes operator, specialised in 
artifac ...)
-       TODO: check
+       NOT-FOR-US: source-controller Kubernetes operator
 CVE-2024-30312 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
Answer: ...)
        NOT-FOR-US: Adobe
 CVE-2024-30311 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier 
Answer: ...)
@@ -5715,7 +5715,7 @@ CVE-2024-31466 (There are buffer overflow vulnerabilities 
in the underlying CLI
 CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password 
Protect Your ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of 
social tech ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in 
affected Lib ...)
        {DSA-5690-1}
        - libreoffice 4:24.2.3~rc1-2
@@ -5772,7 +5772,7 @@ CVE-2024-34714 (The Hoppscotch Browser Extension is a 
browser extension for Hopp
 CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user 
SSH connec ...)
        NOT-FOR-US: cea-hpc sshproxy
 CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. 
Prior to ver ...)
-       TODO: check
+       NOT-FOR-US: Oceanic
 CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in 
version  ...)
        NOT-FOR-US: TYPO3
 CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in 
version  ...)
@@ -6132,7 +6132,7 @@ CVE-2023-40720 (An authorization bypass through 
user-controlled key vulnerabilit
 CVE-2023-36640 (A use of externally-controlled format string in Fortinet 
FortiProxy ve ...)
        NOT-FOR-US: FortiNet
 CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix 
WinFlash Dri ...)
-       TODO: check
+       NOT-FOR-US: Phoenix
 CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs 
showed e ...)
        - firefox 126.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8c0a5eca5d5186f34ebf0ca4243cc367293f070

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8c0a5eca5d5186f34ebf0ca4243cc367293f070
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to