[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 10 09:22:23 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8dc491d by Moritz Muehlenhoff at 2024-05-10T10:18:56+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,7 +39,7 @@ CVE-2024-4571
 CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 ...)
-	TODO: check
+	NOT-FOR-US: EnterpriseDB
 CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...)
@@ -138,9 +138,9 @@ CVE-2024-3068 (The Custom Field Suite plugin for WordPress is vulnerable to Stor
 CVE-2024-34559 (Insertion of Sensitive Information into Log File vulnerability in Ghos ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34557 (Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34556 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-34550 (Insertion of Sensitive Information into Log File vulnerability in Alex ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34549 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -192,15 +192,15 @@ CVE-2024-34417 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2024-34415 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34354 (CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tai ...)
-	TODO: check
+	NOT-FOR-US: CMSaaSStarter
 CVE-2024-34352 (1Panel is an open source Linux server operation and maintenance manage ...)
-	TODO: check
+	NOT-FOR-US: 1Panel
 CVE-2024-34351 (Next.js is a React framework that can provide building blocks to creat ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2024-34350 (Next.js is a React framework that can provide building blocks to creat ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2024-34345 (The CycloneDX JavaScript library contains the core functionality of OW ...)
-	TODO: check
+	NOT-FOR-US: CycloneDX
 CVE-2024-34338 (A Blind command injection vulnerability in Tenda O3V2 V1.0.0.12 and ea ...)
 	NOT-FOR-US: Tenda
 CVE-2024-34220 (Sourcecodester Human Resource Management System 1.0 is vulnerable to S ...)
@@ -214,7 +214,7 @@ CVE-2024-34217 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain
 CVE-2024-34215 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2024-34213 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2024-34212 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stac ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2024-34211 (TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hard ...)
@@ -252,27 +252,27 @@ CVE-2024-33874 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__m
 CVE-2024-33873 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__s ...)
 	TODO: check
 CVE-2024-33454 (Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacke ...)
-	TODO: check
+	NOT-FOR-US: esp-idf
 CVE-2024-32874 (Frigate is a network video recorder (NVR) with realtime local object d ...)
-	TODO: check
+	NOT-FOR-US: Frigate
 CVE-2024-32739 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32738 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32737 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32736 (A sql injection vulnerability exists in CyberPower PowerPanel Enterpri ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32735 (An issue regarding missing authentication for certain utilities exists ...)
-	TODO: check
+	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-32724 (Missing Authorization vulnerability in Woo product importer Sharkdrops ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32719 (Missing Authorization vulnerability in WP Club Manager.This issue affe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32717 (Missing Authorization vulnerability in WPDeveloper SchedulePress.This  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32712 (Missing Authorization vulnerability in Podlove Podlove Podcast Publish ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. In 8.0.2 and earlier, ...)
 	TODO: check
 CVE-2024-32624 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
@@ -314,13 +314,13 @@ CVE-2024-32606 (HDF5 Library through 1.14.3 may attempt to dereference uninitial
 CVE-2024-32605 (HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_ ...)
 	TODO: check
 CVE-2024-31954 (An issue was discovered in the installer in Samsung Portable SSD for T ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-31953 (An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-31952 (An issue was discovered in Samsung Magician 8.0.0 on macOS. Because sy ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2024-31803 (Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attack ...)
-	TODO: check
+	NOT-FOR-US: emp-ot
 CVE-2024-2923 (The Magical Addons For Elementor ( Header Footer Builder, Free Element ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2846 (The Visual Footer Credit Remover plugin for WordPress is vulnerable to ...)
@@ -330,7 +330,7 @@ CVE-2024-2785 (The The Plus Addons for Elementor plugin for WordPress is vulnera
 CVE-2024-2290 (The Advanced Ads plugin for WordPress is vulnerable to PHP Object Inje ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-29800 (Deserialization of Untrusted Data vulnerability in Timber Team & Contr ...)
-	TODO: check
+	NOT-FOR-US: Timber
 CVE-2024-29166 (HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, r ...)
 	TODO: check
 CVE-2024-29165 (HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher ...)
@@ -358,7 +358,7 @@ CVE-2024-24157 (Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e0
 CVE-2024-23473 (The SolarWinds Access Rights Manager was found to contain a hard-coded ...)
 	NOT-FOR-US: SolarWinds
 CVE-2024-22910 (Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10 ...)
-	TODO: check
+	NOT-FOR-US: CrushFTP
 CVE-2024-1693 (The SP Project & Document Manager plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1467 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...)
@@ -1328,11 +1328,11 @@ CVE-2023-49676 (An unauthenticated local attacker may trick a user to open corru
 CVE-2023-49675 (An unauthenticated local attacker may trick a user to open corrupted p ...)
 	NOT-FOR-US: CODESYS
 CVE-2023-43531 (Memory corruption while verifying the serialized header when the key p ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-43530 (Memory corruption in HLOS while checking for the storage type.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-43529 (Transient DOS while processing IKEv2 Informational request messages, w ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2023-43528 (Information disclosure when the ADSP payload size received in HLOS in  ...)
 	TODO: check
 CVE-2023-43527 (Information disclosure while parsing dts header atom in Video.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8dc491d14937662a574f3ed33add18120812f22

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8dc491d14937662a574f3ed33add18120812f22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240510/c40b9c07/attachment.htm>

More information about the debian-security-tracker-commits mailing list