[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 24 09:12:11 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb4a9746 by security tracker role at 2024-05-24T08:11:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2024-5299 (D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code E ...)
+	TODO: check
+CVE-2024-5298 (D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method  ...)
+	TODO: check
+CVE-2024-5297 (D-Link D-View executeWmicCmd Command Injection Remote Code Execution V ...)
+	TODO: check
+CVE-2024-5296 (D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypas ...)
+	TODO: check
+CVE-2024-5295 (D-Link G416 flupl self Command Injection Remote Code Execution Vulnera ...)
+	TODO: check
+CVE-2024-5294 (D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Ser ...)
+	TODO: check
+CVE-2024-5293 (D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code E ...)
+	TODO: check
+CVE-2024-5292 (D-Link Network Assistant Uncontrolled Search Path Element Local Privil ...)
+	TODO: check
+CVE-2024-5291 (D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code ...)
+	TODO: check
+CVE-2024-5279 (A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been de ...)
+	TODO: check
+CVE-2024-5247 (NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted F ...)
+	TODO: check
+CVE-2024-5246 (NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution ...)
+	TODO: check
+CVE-2024-5245 (NETGEAR ProSAFE Network Management System Default Credentials Local Pr ...)
+	TODO: check
+CVE-2024-5244 (TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerabili ...)
+	TODO: check
+CVE-2024-5243 (TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerabilit ...)
+	TODO: check
+CVE-2024-5242 (TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution  ...)
+	TODO: check
+CVE-2024-5228 (TP-Link Omada ER605  Comexe DDNS Response Handling Heap-based Buffer O ...)
+	TODO: check
+CVE-2024-5227 (TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Ex ...)
+	TODO: check
+CVE-2024-5205 (The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2024-5142 (Stored Cross-Site Scripting vulnerability in Social Module in M-Files  ...)
+	TODO: check
+CVE-2024-5060 (The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Ele ...)
+	TODO: check
+CVE-2024-4544 (The Pie Register - Social Sites Login (Add on) plugin for WordPress is ...)
+	TODO: check
+CVE-2024-4485 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
+	TODO: check
+CVE-2024-4484 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
+	TODO: check
+CVE-2024-4409 (The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Reques ...)
+	TODO: check
+CVE-2024-4366 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is  ...)
+	TODO: check
+CVE-2024-3718 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-3557 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2024-36361 (Pug through 3.0.2 allows JavaScript code execution if an application a ...)
+	TODO: check
+CVE-2024-2784 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2024-2618 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-1376 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...)
+	TODO: check
+CVE-2024-1332 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress i ...)
+	TODO: check
+CVE-2024-1134 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-0893 (The Schema App Structured Data plugin for WordPress is vulnerable to u ...)
+	TODO: check
+CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticated Ho ...)
+	TODO: check
+CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...)
+	TODO: check
 CVE-2024-5274
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -90230,8 +90304,8 @@ CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System
 	NOT-FOR-US: SourceCodester Simple Payroll System
 CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload Contac ...)
 	NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form
-CVE-2023-1111
-	RESERVED
+CVE-2023-1111 (A vulnerability was found in FastCMS up to 0.1.5 and classified as pro ...)
+	TODO: check
 CVE-2023-1110 (The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not vali ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on Android ...)
@@ -92448,8 +92522,8 @@ CVE-2023-1003 (A vulnerability, which was classified as critical, was found in T
 	NOT-FOR-US: Typora
 CVE-2023-1002 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: MuYuCMS
-CVE-2023-1001
-	RESERVED
+CVE-2023-1001 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
 CVE-2023-1000 (A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has be ...)
 	NOT-FOR-US: dcnnt-py
 CVE-2023-0999 (A vulnerability classified as problematic was found in SourceCodester  ...)
@@ -122295,7 +122369,8 @@ CVE-2023-20241 (Multiple vulnerabilities in Cisco Secure Client Software, former
 	NOT-FOR-US: Cisco
 CVE-2023-20240 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20239 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+CVE-2023-20239
+	REJECTED
 	TODO: check
 CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...)
 	NOT-FOR-US: Cisco



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb4a974685b93692ec4917da4157e469f64ac596

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb4a974685b93692ec4917da4157e469f64ac596
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240524/c0e1fa4a/attachment.htm>

More information about the debian-security-tracker-commits mailing list