Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9bf1d023 by Moritz Muehlenhoff at 2024-04-27T20:34:16+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,113 +1,113 @@
CVE-2024-4245 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4244 (A vulnerability classified as critical was found in Tenda W9
1.0.0.7(4 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4243 (A vulnerability classified as critical has been found in Tenda
W9 1.0. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4242 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has
been rated ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4241 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has
been decla ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4240 (A vulnerability was found in Tenda W9 1.0.0.7(4456). It has
been class ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4239 (A vulnerability was found in Tenda AX1806 1.0.0.1 and
classified as cr ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-3052 (Malformed S2 Nonce Get command classes can be sent to crash the
gatewa ...)
- TODO: check
+ NOT-FOR-US: silabs
CVE-2024-3051 (Malformed Device Reset Locally command classes can be sent to
temporar ...)
- TODO: check
+ NOT-FOR-US: silabs
CVE-2024-3034 (The BackUpWordPress plugin for WordPress is vulnerable to
Directory Tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32887 (Sidekiq is simple, efficient background processing for Ruby.
Sidekiq i ...)
TODO: check
CVE-2024-32883 (MCUboot is a secure bootloader for 32-bits microcontrollers.
MCUboot u ...)
- TODO: check
+ NOT-FOR-US: mcuboot
CVE-2024-32881 (Danswer is the AI Assistant connected to company's docs, apps,
and peo ...)
- TODO: check
+ NOT-FOR-US: Danswer
CVE-2024-32878 (Llama.cpp is LLM inference in C/C++. There is a use of
uninitialized h ...)
- TODO: check
+ NOT-FOR-US: llama.cpp
CVE-2024-31828 (Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0
allows att ...)
- TODO: check
+ NOT-FOR-US: Lavalite CMS
CVE-2024-31741 (Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2024-31601 (An issue in Beijing Panabit Network Software Co., Ltd Panalog
big data ...)
- TODO: check
+ NOT-FOR-US: Panabit
CVE-2024-31551 (Directory Traversal vulnerability in lib/admin/image.admin.php
in cmse ...)
- TODO: check
+ NOT-FOR-US: cmseasy
CVE-2024-31502 (An issue in Insurance Management System v.1.0.0 and before
allows a re ...)
- TODO: check
+ NOT-FOR-US: Insurance Management System
CVE-2024-30804 (An issue discovered in the DeviceIoControl component in ASUS
Fan_Xpert ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-2859 (By default, SANnav OVA is shipped with root user login enabled.
While ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2024-2838 (The WPC Composite Products for WooCommerce plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2258 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop
Contact For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-28322 (SQL Injection vulnerability in
/event-management-master/backend/regist ...)
- TODO: check
+ NOT-FOR-US: PuneethReddyHC Event Management
CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and
classified ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4237 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4236 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear
DG834Gv ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Sayful Islam Filterable Portfolio
CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before
8.1.12 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before
8.1.12 ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1,
9.5.x bef ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before
9.4.5, and ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have
CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in
OptinMonster Popup ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio
Financio. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli,
Tony Ha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend
Themes Telur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic
Hide Da ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie
Information ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP
MainWP Child ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes
FameThem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease
ClickCea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo
Johnson Conta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in fte ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in Chg ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in Set ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion
Failure ...)
TODO: check
CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a
segmentation vi ...)
@@ -119,75 +119,75 @@ CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered
to contain a segmentat
CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an
Assertion Fail ...)
TODO: check
CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page
Builder ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport`
does no ...)
- TODO: check
+ - rust-gitoxide <itp> (bug #1043208)
CVE-2024-32880 (pyload is an open-source Download Manager written in pure
Python. An a ...)
- TODO: check
+ - pyload <itp> (bug #1001980)
CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables
Generator ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32828 (Missing Authorization vulnerability in Octolize Flexible
Shipping.This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32826 (Missing Authorization vulnerability in Vektor,Inc. VK Block
Patterns.T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32822 (Missing Authorization vulnerability in impleCode Reviews
Plus.This iss ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-32766 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32764 (A missing authentication for critical function vulnerability
has been ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32730 (SAP Enable Now Manager does not perform necessary
authorization checks ...)
NOT-FOR-US: SAP
CVE-2024-32476 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2024-32046 (Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <=
9.4.4 and ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-28328 (CSV Injection vulnerability in the Asus RT-N12+ router allows
administ ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext,
which could ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows
local attac ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which
could al ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2024-27790 (Claris International has resolved an issue of potentially
allowing una ...)
- TODO: check
+ NOT-FOR-US: Claris
CVE-2024-27124 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-25343 (Tenda N300 F3 router vulnerability allows users to bypass
intended sec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2024-22091 (Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <=
9.5.2 an ...)
- TODO: check
+ - mattermost-server <itp> (bug #823556)
CVE-2024-21905 (An integer overflow or wraparound vulnerability has been
reported to a ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection
via th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer
(RSE) v ...)
- TODO: check
+ NOT-FOR-US: Eclipse Target Management: Terminal and Remote System
Explorer
CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
TODO: check
CVE-2023-51365 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-51364 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50364 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50363 (An incorrect authorization vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50362 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-50361 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-47222 (An exposure of sensitive information vulnerability has been
reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-42955 (Claris International has successfully resolved an issue of
potentially ...)
- TODO: check
+ NOT-FOR-US: Claris
CVE-2023-41291 (A path traversal vulnerability has been reported to affect
QuFirewall. ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-41290 (A path traversal vulnerability has been reported to affect
QuFirewall. ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2022-48611 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2023-52646 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
@@ -232,7 +232,7 @@ CVE-2024-33667 (An issue was discovered in Zammad before
6.3.0. An authenticated
CVE-2024-33666 (An issue was discovered in Zammad before 6.3.0. Users with
customer ac ...)
- zammad <itp> (bug #841355)
CVE-2024-33665 (angular-translate through 2.19.1 allows XSS via a crafted key
that is ...)
- TODO: check
+ NOT-FOR-US: angular-translate
CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial
of servic ...)
- python-jose <unfixed>
NOTE: https://github.com/mpdavis/python-jose/issues/344
@@ -257,11 +257,11 @@ CVE-2024-33598 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based
One-Time-Pass ...)
NOT-FOR-US: Zitadel
CVE-2024-32651 (changedetection.io is an open source web page change
detection, websit ...)
- TODO: check
+ NOT-FOR-US: changedetection.io
CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer
relate ...)
- TODO: check
+ NOT-FOR-US: inducer relate
CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer
relate ...)
- TODO: check
+ NOT-FOR-US: inducer relate
CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation
violation, whic ...)
- cjson <unfixed>
NOTE: https://github.com/DaveGamble/cJSON/issues/839
@@ -292,17 +292,17 @@ CVE-2024-22633 (Setor Informatica Sistema Inteligente
para Laboratorios (S.I.L.)
CVE-2024-22632 (Setor Informatica Sistema Inteligente para Laboratorios
(S.I.L.) 388 w ...)
NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios
(S.I.L.)
CVE-2024-0916 (Unauthenticatedfile upload allows remote code execution. This
issue af ...)
- TODO: check
+ NOT-FOR-US: UvDesk Community
CVE-2024-0905 (The Fancy Product Designer WordPress plugin before 6.1.8 does
not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6116 (Team ENVY, a Security Research TEAM has found a flaw that
allows for a ...)
- TODO: check
+ NOT-FOR-US: Hanwha Vision Co
CVE-2023-6096 (Vladimir Kononovich, a Security Researcher has found a flaw
that using ...)
- TODO: check
+ NOT-FOR-US: Hanwha Vision Co
CVE-2023-6095 (Vladimir Kononovich, a Security Researcher has found a flaw
that allow ...)
- TODO: check
+ NOT-FOR-US: Hanwha Vision Co
CVE-2023-47252 (An issue was discovered in PnpSmm in Insyde InsydeH2O with
kernel 5.0 ...)
- TODO: check
+ NOT-FOR-US: InsydeH2O
CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition
allows ...)
TODO: check
CVE-2024-27282
@@ -442,11 +442,11 @@ CVE-2024-22144 (Improper Control of Generation of Code
('Code Injection') vulner
CVE-2024-1347 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- gitlab <unfixed>
CVE-2023-52220 (Missing Authorization vulnerability in MonsterInsights Google
Analytic ...)
- TODO: check
+ NOT-FOR-US: MonsterInsights Google Analytics
CVE-2023-51484 (Improper Authentication vulnerability in wp-buy Login as User
or Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51482 (Improper Authentication vulnerability in EazyPlugins Eazy
Plugin Manag ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4173 (A vulnerability in Brocade SANnav exposes Kafka in the wan
interface. ...)
NOT-FOR-US: Brocade
CVE-2024-4161 (In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic
receiv ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf1d0239dcf852290cc6cea24b1b8b99ff232d5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf1d0239dcf852290cc6cea24b1b8b99ff232d5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
