[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Apr 27 19:34:34 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9bf1d023 by Moritz Muehlenhoff at 2024-04-27T20:34:16+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,113 +1,113 @@
CVE-2024-4245 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4243 (A vulnerability classified as critical has been found in Tenda W9 1.0. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4242 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4241 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been decla ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4240 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been class ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4239 (A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as cr ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3052 (Malformed S2 Nonce Get command classes can be sent to crash the gatewa ...)
- TODO: check
+ NOT-FOR-US: silabs
CVE-2024-3051 (Malformed Device Reset Locally command classes can be sent to temporar ...)
- TODO: check
+ NOT-FOR-US: silabs
CVE-2024-3034 (The BackUpWordPress plugin for WordPress is vulnerable to Directory Tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32887 (Sidekiq is simple, efficient background processing for Ruby. Sidekiq i ...)
TODO: check
CVE-2024-32883 (MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot u ...)
- TODO: check
+ NOT-FOR-US: mcuboot
CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps, and peo ...)
- TODO: check
+ NOT-FOR-US: Danswer
CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of uninitialized h ...)
- TODO: check
+ NOT-FOR-US: llama.cpp
CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows att ...)
- TODO: check
+ NOT-FOR-US: Lavalite CMS
CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote a ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2024-31601 (An issue in Beijing Panabit Network Software Co., Ltd Panalog big data ...)
- TODO: check
+ NOT-FOR-US: Panabit
CVE-2024-31551 (Directory Traversal vulnerability in lib/admin/image.admin.php in cmse ...)
- TODO: check
+ NOT-FOR-US: cmseasy
CVE-2024-31502 (An issue in Insurance Management System v.1.0.0 and before allows a re ...)
- TODO: check
+ NOT-FOR-US: Insurance Management System
CVE-2024-30804 (An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-2859 (By default, SANnav OVA is shipped with root user login enabled. While ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2024-2838 (The WPC Composite Products for WooCommerce plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2258 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28322 (SQL Injection vulnerability in /event-management-master/backend/regist ...)
- TODO: check
+ NOT-FOR-US: PuneethReddyHC Event Management
CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4236 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear DG834Gv ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Sayful Islam Filterable Portfolio
CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x bef ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Ha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Telur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Da ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameThem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Conta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in fte ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Chg ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Set ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion Failure ...)
TODO: check
CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...)
@@ -119,75 +119,75 @@ CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a segmentat
CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an Assertion Fail ...)
TODO: check
CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page Builder ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport` does no ...)
- TODO: check
+ - rust-gitoxide <itp> (bug #1043208)
CVE-2024-32880 (pyload is an open-source Download Manager written in pure Python. An a ...)
- TODO: check
+ - pyload <itp> (bug #1001980)
CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables Generator ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32828 (Missing Authorization vulnerability in Octolize Flexible Shipping.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32826 (Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32822 (Missing Authorization vulnerability in impleCode Reviews Plus.This iss ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32766 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32764 (A missing authentication for critical function vulnerability has been ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32730 (SAP Enable Now Manager does not perform necessary authorization checks ...)
NOT-FOR-US: SAP
CVE-2024-32476 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-32046 (Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-28328 (CSV Injection vulnerability in the Asus RT-N12+ router allows administ ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext, which could ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows local attac ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which could al ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-27790 (Claris International has resolved an issue of potentially allowing una ...)
- TODO: check
+ NOT-FOR-US: Claris
CVE-2024-27124 (An OS command injection vulnerability has been reported to affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-25343 (Tenda N300 F3 router vulnerability allows users to bypass intended sec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-22091 (Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 an ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-21905 (An integer overflow or wraparound vulnerability has been reported to a ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection via th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (RSE) v ...)
- TODO: check
+ NOT-FOR-US: Eclipse Target Management: Terminal and Remote System Explorer
CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
TODO: check
CVE-2023-51365 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-51364 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50364 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50363 (An incorrect authorization vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50362 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50361 (A buffer copy without checking size of input vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47222 (An exposure of sensitive information vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-42955 (Claris International has successfully resolved an issue of potentially ...)
- TODO: check
+ NOT-FOR-US: Claris
CVE-2023-41291 (A path traversal vulnerability has been reported to affect QuFirewall. ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41290 (A path traversal vulnerability has been reported to affect QuFirewall. ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-48611 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-52646 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
@@ -232,7 +232,7 @@ CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An authenticated
CVE-2024-33666 (An issue was discovered in Zammad before 6.3.0. Users with customer ac ...)
- zammad <itp> (bug #841355)
CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key that is ...)
- TODO: check
+ NOT-FOR-US: angular-translate
CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial of servic ...)
- python-jose <unfixed>
NOTE: https://github.com/mpdavis/python-jose/issues/344
@@ -257,11 +257,11 @@ CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based One-Time-Pass ...)
NOT-FOR-US: Zitadel
CVE-2024-32651 (changedetection.io is an open source web page change detection, websit ...)
- TODO: check
+ NOT-FOR-US: changedetection.io
CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...)
- TODO: check
+ NOT-FOR-US: inducer relate
CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...)
- TODO: check
+ NOT-FOR-US: inducer relate
CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...)
- cjson <unfixed>
NOTE: https://github.com/DaveGamble/cJSON/issues/839
@@ -292,17 +292,17 @@ CVE-2024-22633 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.)
CVE-2024-22632 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...)
NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.)
CVE-2024-0916 (Unauthenticatedfile upload allows remote code execution. This issue af ...)
- TODO: check
+ NOT-FOR-US: UvDesk Community
CVE-2024-0905 (The Fancy Product Designer WordPress plugin before 6.1.8 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6116 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...)
- TODO: check
+ NOT-FOR-US: Hanwha Vision Co
CVE-2023-6096 (Vladimir Kononovich, a Security Researcher has found a flaw that using ...)
- TODO: check
+ NOT-FOR-US: Hanwha Vision Co
CVE-2023-6095 (Vladimir Kononovich, a Security Researcher has found a flaw that allow ...)
- TODO: check
+ NOT-FOR-US: Hanwha Vision Co
CVE-2023-47252 (An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 ...)
- TODO: check
+ NOT-FOR-US: InsydeH2O
CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows ...)
TODO: check
CVE-2024-27282
@@ -442,11 +442,11 @@ CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection') vulner
CVE-2024-1347 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- gitlab <unfixed>
CVE-2023-52220 (Missing Authorization vulnerability in MonsterInsights Google Analytic ...)
- TODO: check
+ NOT-FOR-US: MonsterInsights Google Analytics
CVE-2023-51484 (Improper Authentication vulnerability in wp-buy Login as User or Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51482 (Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manag ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4173 (A vulnerability in Brocade SANnav exposes Kafka in the wan interface. ...)
NOT-FOR-US: Brocade
CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic receiv ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf1d0239dcf852290cc6cea24b1b8b99ff232d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf1d0239dcf852290cc6cea24b1b8b99ff232d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240427/265788c6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list