[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 24 15:33:40 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8c0a5ec by Moritz Muehlenhoff at 2024-05-24T16:32:44+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,79 +13,79 @@ CVE-2024-4691
 CVE-2024-5273
 	NOT-FOR-US: Jenkins plugin
 CVE-2024-5299 (D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code E ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5298 (D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5297 (D-Link D-View executeWmicCmd Command Injection Remote Code Execution V ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5296 (D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypas ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5295 (D-Link G416 flupl self Command Injection Remote Code Execution Vulnera ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5294 (D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Ser ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5293 (D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code E ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5292 (D-Link Network Assistant Uncontrolled Search Path Element Local Privil ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5291 (D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2024-5279 (A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been de ...)
-	TODO: check
+	NOT-FOR-US: Qiwen Netdisk
 CVE-2024-5247 (NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted F ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-5246 (NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-5245 (NETGEAR ProSAFE Network Management System Default Credentials Local Pr ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2024-5244 (TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-5243 (TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-5242 (TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-5228 (TP-Link Omada ER605  Comexe DDNS Response Handling Heap-based Buffer O ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-5227 (TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Ex ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2024-5205 (The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5142 (Stored Cross-Site Scripting vulnerability in Social Module in M-Files  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-5060 (The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Ele ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4544 (The Pie Register - Social Sites Login (Add on) plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4485 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4484 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4409 (The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Reques ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4366 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3718 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3557 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-36361 (Pug through 3.0.2 allows JavaScript code execution if an application a ...)
-	TODO: check
+	NOT-FOR-US: Node pug
 CVE-2024-2784 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-2618 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1376 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1332 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-1134 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0893 (The Schema App Structured Data plugin for WordPress is vulnerable to u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticated Ho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...)
-	TODO: check
+	NOT-FOR-US: zzdevelop lenosp
 CVE-2024-5274
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -189,7 +189,7 @@ CVE-2024-2861 (The ProfilePress plugin for WordPress is vulnerable to Stored Cro
 CVE-2024-2301 (Certain HP LaserJet Pro devices are potentially vulnerable to a Cross- ...)
 	NOT-FOR-US: HP
 CVE-2024-28188 (Jupyter Scheduler is collection of extensions for programming jobs to  ...)
-	TODO: check
+	NOT-FOR-US: Jupyter Scheduler
 CVE-2024-26139 (OpenCTI is an open source platform allowing organizations to manage th ...)
 	NOT-FOR-US: OpenCTI
 CVE-2024-1815 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is  ...)
@@ -5130,7 +5130,7 @@ CVE-2024-4991 (Vulnerability in SiAdmin 1.1 that allows SQL injection via the /m
 CVE-2024-4984 (The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4976 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing obj ...)
-	TODO: check
+	NOT-FOR-US: xpdf (Debian uses poppler, which forked a long time ago)
 CVE-2024-4975 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: code-projects Simple Chat System
 CVE-2024-4974 (A vulnerability, which was classified as problematic, was found in cod ...)
@@ -5357,7 +5357,7 @@ CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee Ord
 CVE-2024-34582 (Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPa ...)
 	NOT-FOR-US: Sunhillo SureLine
 CVE-2024-34273 (njwt up to v0.4.0 was discovered to contain a prototype pollution in t ...)
-	TODO: check
+	NOT-FOR-US: njwt
 CVE-2024-31226 (Sunshine is a self-hosted game stream host for Moonlight. Users who ra ...)
 	NOT-FOR-US: Sunshine
 CVE-2024-30314 (Dreamweaver Desktop versions 21.3 and earlier are affected by an Impro ...)
@@ -5501,7 +5501,7 @@ CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injecti
 CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...)
 	NOT-FOR-US: Code-projects Budget Management
 CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...)
-	TODO: check
+	NOT-FOR-US: r-pan-scaffolding
 CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...)
 	NOT-FOR-US: KYKMS
 CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...)
@@ -5543,7 +5543,7 @@ CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical ce
 CVE-2024-31409 (Certain MQTT wildcards are not blocked on the  CyberPower PowerPanel   ...)
 	NOT-FOR-US: CyberPower PowerPanel
 CVE-2024-31216 (The source-controller is a Kubernetes operator, specialised in artifac ...)
-	TODO: check
+	NOT-FOR-US: source-controller Kubernetes operator
 CVE-2024-30312 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
 	NOT-FOR-US: Adobe
 CVE-2024-30311 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
@@ -5715,7 +5715,7 @@ CVE-2024-31466 (There are buffer overflow vulnerabilities in the underlying CLI
 CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password Protect Your ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of social tech ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in affected Lib ...)
 	{DSA-5690-1}
 	- libreoffice 4:24.2.3~rc1-2
@@ -5772,7 +5772,7 @@ CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hopp
 CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...)
 	NOT-FOR-US: cea-hpc sshproxy
 CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Oceanic
 CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version  ...)
 	NOT-FOR-US: TYPO3
 CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version  ...)
@@ -6132,7 +6132,7 @@ CVE-2023-40720 (An authorization bypass through user-controlled key vulnerabilit
 CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
 	NOT-FOR-US: FortiNet
 CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...)
-	TODO: check
+	NOT-FOR-US: Phoenix
 CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs showed e ...)
 	- firefox 126.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8c0a5eca5d5186f34ebf0ca4243cc367293f070

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8c0a5eca5d5186f34ebf0ca4243cc367293f070
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240524/bcf1cca3/attachment.htm>


More information about the debian-security-tracker-commits mailing list