[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 1 10:56:12 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5351f44 by Moritz Mühlenhoff at 2024-08-01T11:55:38+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,103 +1,103 @@
 CVE-2024-7343 (A vulnerability was found in Baidu UEditor 1.4.2. It has been declared ...)
-	TODO: check
+	NOT-FOR-US: Baidu UEditor
 CVE-2024-7342 (A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classi ...)
-	TODO: check
+	NOT-FOR-US: Baidu UEditor
 CVE-2024-7339 (A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS- ...)
-	TODO: check
+	NOT-FOR-US: TVT DVRs
 CVE-2024-7338 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-7337 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-7336 (A vulnerability classified as critical was found in TOTOLINK EX200 4.0 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-7335 (A vulnerability classified as critical has been found in TOTOLINK EX20 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-7334 (A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. I ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-7333 (A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-7332 (A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It  ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-7331 (A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 an ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-7330 (A vulnerability has been found in YouDianCMS 7 and classified as criti ...)
-	TODO: check
+	NOT-FOR-US: YouDianCMS
 CVE-2024-7329 (A vulnerability, which was classified as critical, was found in YouDia ...)
-	TODO: check
+	NOT-FOR-US: YouDianCMS
 CVE-2024-7328 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: YouDianCMS
 CVE-2024-7327 (A vulnerability classified as critical was found in Xinhu RockOA 2.6.2 ...)
-	TODO: check
+	NOT-FOR-US: Xinhu RockOA
 CVE-2024-7326 (A vulnerability classified as critical has been found in IObit DualSaf ...)
-	TODO: check
+	NOT-FOR-US: IObit
 CVE-2024-7302 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6698 (The FundEngine plugin for WordPress is vulnerable to privilege escalat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6687 (The CTT Expresso para WooCommerce plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6529 (The Ultimate Classified Listings WordPress plugin before 1.4 does not  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-6496 (The Light Poll WordPress plugin through 1.0.0 does not have CSRF check ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5678 (Zohocorp ManageEngine Applications Manager versions170900 and below ar ...)
-	TODO: check
+	NOT-FOR-US: Zohocorp ManageEngine
 CVE-2024-5331 (The Breakdance plugin for WordPress is vulnerable to unauthorized acce ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5330 (The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4187 (Stored XSS vulnerability has been discovered in OpenText\u2122 Filr pr ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2024-4090 (The Floating Notification Bar, Sticky Menu on Scroll, Announcement Ban ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-41262 (mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetric ...)
-	TODO: check
+	NOT-FOR-US: mmudb
 CVE-2024-41258 (An issue was discovered in filestash v0.4. The usage of the ssh.Insecu ...)
-	TODO: check
+	NOT-FOR-US: filestash
 CVE-2024-41256 (Default configurations in the ShareProofVerifier function of filestash ...)
-	TODO: check
+	NOT-FOR-US: filestash
 CVE-2024-41255 (filestash v0.4 is configured to skip TLS certificate verification when ...)
-	TODO: check
+	NOT-FOR-US: filestash
 CVE-2024-41254 (An issue was discovered in litestream v0.3.13. The usage of the ssh.In ...)
-	TODO: check
+	NOT-FOR-US: litestream
 CVE-2024-41253 (goframe v2.7.2 is configured to skip TLS certificate verification, pos ...)
-	TODO: check
+	NOT-FOR-US: goframe
 CVE-2024-40883 (Cross-site request forgery vulnerability exists in ELECOM wireless LAN ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2024-40465 (An issue in beego v.2.2.0 and before allows a remote attacker to escal ...)
-	TODO: check
+	NOT-FOR-US: beego
 CVE-2024-40464 (An issue in beego v.2.2.0 and before allows a remote attacker to escal ...)
-	TODO: check
+	NOT-FOR-US: beego
 CVE-2024-3983 (The WooCommerce Customers Manager WordPress plugin before 30.1 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-39607 (OS command injection vulnerability exists in ELECOM wireless LAN route ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2024-38490 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-38489 (Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bo ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-38481 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-38182 (Weak authentication in Microsoft Dynamics 365 allows an unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2024-34021 (Unrestricted upload of file with dangerous type vulnerability exists i ...)
-	TODO: check
+	NOT-FOR-US: ELECOM
 CVE-2024-2872 (The socialdriver-framework WordPress plugin before 2024.04.30 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2843 (The WooCommerce Customers Manager WordPress plugin before 30.1 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2090 (The Remote Content Shortcode plugin for WordPress is vulnerable to Ser ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-28972 (Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryp ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-25948 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-25947 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2024-1747 (The WooCommerce Customers Manager WordPress plugin before 30.2 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1715 (The AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt plugin for WordPr ...)
-	TODO: check
+	NOT-FOR-US: AdFoxly
 CVE-2024-7340 (The Weave server API allows remote users to fetch files from a specifi ...)
 	NOT-FOR-US: Weave server
 CVE-2024-7325 (A vulnerability was found in IObit Driver Booster 11.0.0.0. It has bee ...)
@@ -195,7 +195,7 @@ CVE-2024-31199 (A \u201cCWE-79: Improper Neutralization of Input During Web Page
 CVE-2024-2508 (The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-23444 (It was discovered by Elastic engineering that when elasticsearch-certu ...)
-	TODO: check
+	- elasticsearch <removed>
 CVE-2024-7306 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester Establishment Billing Management System
 CVE-2024-7303 (A vulnerability was found in itsourcecode Online Blood Bank Management ...)
@@ -292,9 +292,9 @@ CVE-2024-7226 (A vulnerability was found in SourceCodester Medicine Tracker Syst
 CVE-2024-7225 (A vulnerability was found in SourceCodester Insurance Management Syste ...)
 	NOT-FOR-US: SourceCodester Insurance Management System
 CVE-2024-7209 (A vulnerability exists in the use of shared SPF records in multi-tenan ...)
-	TODO: check
+	NOT-FOR-US: Some hosted mail provider setups using SPF
 CVE-2024-7208 (Hosted services do not verify the sender of an email against authentic ...)
-	TODO: check
+	NOT-FOR-US: Some hosted mail provider setups using SPF
 CVE-2024-7127 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
 	NOT-FOR-US: Stackposts Social Marketing Tool
 CVE-2024-6699 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5351f44077137adc443c08ed7920b08d6e3a83f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5351f44077137adc443c08ed7920b08d6e3a83f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240801/d6f2f5c6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list