[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 24 15:33:40 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8c0a5ec by Moritz Muehlenhoff at 2024-05-24T16:32:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,79 +13,79 @@ CVE-2024-4691
CVE-2024-5273
NOT-FOR-US: Jenkins plugin
CVE-2024-5299 (D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code E ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5298 (D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5297 (D-Link D-View executeWmicCmd Command Injection Remote Code Execution V ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5296 (D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypas ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5295 (D-Link G416 flupl self Command Injection Remote Code Execution Vulnera ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5294 (D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Ser ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5293 (D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code E ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5292 (D-Link Network Assistant Uncontrolled Search Path Element Local Privil ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5291 (D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-5279 (A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been de ...)
- TODO: check
+ NOT-FOR-US: Qiwen Netdisk
CVE-2024-5247 (NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted F ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-5246 (NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-5245 (NETGEAR ProSAFE Network Management System Default Credentials Local Pr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-5244 (TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-5243 (TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-5242 (TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-5228 (TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer O ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-5227 (TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Ex ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2024-5205 (The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5142 (Stored Cross-Site Scripting vulnerability in Social Module in M-Files ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-5060 (The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Ele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4544 (The Pie Register - Social Sites Login (Add on) plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4485 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4484 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4409 (The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4366 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3718 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3557 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-36361 (Pug through 3.0.2 allows JavaScript code execution if an application a ...)
- TODO: check
+ NOT-FOR-US: Node pug
CVE-2024-2784 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2618 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1376 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1332 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-1134 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0893 (The Schema App Structured Data plugin for WordPress is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticated Ho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...)
- TODO: check
+ NOT-FOR-US: zzdevelop lenosp
CVE-2024-5274
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -189,7 +189,7 @@ CVE-2024-2861 (The ProfilePress plugin for WordPress is vulnerable to Stored Cro
CVE-2024-2301 (Certain HP LaserJet Pro devices are potentially vulnerable to a Cross- ...)
NOT-FOR-US: HP
CVE-2024-28188 (Jupyter Scheduler is collection of extensions for programming jobs to ...)
- TODO: check
+ NOT-FOR-US: Jupyter Scheduler
CVE-2024-26139 (OpenCTI is an open source platform allowing organizations to manage th ...)
NOT-FOR-US: OpenCTI
CVE-2024-1815 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...)
@@ -5130,7 +5130,7 @@ CVE-2024-4991 (Vulnerability in SiAdmin 1.1 that allows SQL injection via the /m
CVE-2024-4984 (The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4976 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing obj ...)
- TODO: check
+ NOT-FOR-US: xpdf (Debian uses poppler, which forked a long time ago)
CVE-2024-4975 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: code-projects Simple Chat System
CVE-2024-4974 (A vulnerability, which was classified as problematic, was found in cod ...)
@@ -5357,7 +5357,7 @@ CVE-2024-34751 (Deserialization of Untrusted Data vulnerability in WebToffee Ord
CVE-2024-34582 (Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPa ...)
NOT-FOR-US: Sunhillo SureLine
CVE-2024-34273 (njwt up to v0.4.0 was discovered to contain a prototype pollution in t ...)
- TODO: check
+ NOT-FOR-US: njwt
CVE-2024-31226 (Sunshine is a self-hosted game stream host for Moonlight. Users who ra ...)
NOT-FOR-US: Sunshine
CVE-2024-30314 (Dreamweaver Desktop versions 21.3 and earlier are affected by an Impro ...)
@@ -5501,7 +5501,7 @@ CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injecti
CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...)
NOT-FOR-US: Code-projects Budget Management
CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...)
- TODO: check
+ NOT-FOR-US: r-pan-scaffolding
CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...)
NOT-FOR-US: KYKMS
CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...)
@@ -5543,7 +5543,7 @@ CVE-2024-31410 (The devices which CyberPower PowerPanel manages use identical ce
CVE-2024-31409 (Certain MQTT wildcards are not blocked on the CyberPower PowerPanel ...)
NOT-FOR-US: CyberPower PowerPanel
CVE-2024-31216 (The source-controller is a Kubernetes operator, specialised in artifac ...)
- TODO: check
+ NOT-FOR-US: source-controller Kubernetes operator
CVE-2024-30312 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
NOT-FOR-US: Adobe
CVE-2024-30311 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...)
@@ -5715,7 +5715,7 @@ CVE-2024-31466 (There are buffer overflow vulnerabilities in the underlying CLI
CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password Protect Your ...)
NOT-FOR-US: WordPress plugin
CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of social tech ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in affected Lib ...)
{DSA-5690-1}
- libreoffice 4:24.2.3~rc1-2
@@ -5772,7 +5772,7 @@ CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hopp
CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...)
NOT-FOR-US: cea-hpc sshproxy
CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...)
- TODO: check
+ NOT-FOR-US: Oceanic
CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...)
NOT-FOR-US: TYPO3
CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version ...)
@@ -6132,7 +6132,7 @@ CVE-2023-40720 (An authorization bypass through user-controlled key vulnerabilit
CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
NOT-FOR-US: FortiNet
CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs showed e ...)
- firefox 126.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8c0a5eca5d5186f34ebf0ca4243cc367293f070
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8c0a5eca5d5186f34ebf0ca4243cc367293f070
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240524/bcf1cca3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list