[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 01 Aug 2024 02:56:21 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d5351f44 by Moritz Mühlenhoff at 2024-08-01T11:55:38+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,103 +1,103 @@
 CVE-2024-7343 (A vulnerability was found in Baidu UEditor 1.4.2. It has been 
declared ...)
-       TODO: check
+       NOT-FOR-US: Baidu UEditor
 CVE-2024-7342 (A vulnerability was found in Baidu UEditor 1.4.3.3. It has been 
classi ...)
-       TODO: check
+       NOT-FOR-US: Baidu UEditor
 CVE-2024-7339 (A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR 
TD-2108TS- ...)
-       TODO: check
+       NOT-FOR-US: TVT DVRs
 CVE-2024-7338 (A vulnerability, which was classified as critical, was found in 
TOTOLI ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-7337 (A vulnerability, which was classified as critical, has been 
found in T ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-7336 (A vulnerability classified as critical was found in TOTOLINK 
EX200 4.0 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-7335 (A vulnerability classified as critical has been found in 
TOTOLINK EX20 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-7334 (A vulnerability was found in TOTOLINK EX1200L 
9.3.5u.6146_B20201023. I ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-7333 (A vulnerability was found in TOTOLINK N350RT 
9.3.5u.6139_B20201216. It ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-7332 (A vulnerability was found in TOTOLINK CP450 
4.1.0cu.747_B20191224. It  ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-7331 (A vulnerability was found in TOTOLINK A3300R 
17.0.0cu.557_B20221024 an ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2024-7330 (A vulnerability has been found in YouDianCMS 7 and classified 
as criti ...)
-       TODO: check
+       NOT-FOR-US: YouDianCMS
 CVE-2024-7329 (A vulnerability, which was classified as critical, was found in 
YouDia ...)
-       TODO: check
+       NOT-FOR-US: YouDianCMS
 CVE-2024-7328 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: YouDianCMS
 CVE-2024-7327 (A vulnerability classified as critical was found in Xinhu 
RockOA 2.6.2 ...)
-       TODO: check
+       NOT-FOR-US: Xinhu RockOA
 CVE-2024-7326 (A vulnerability classified as critical has been found in IObit 
DualSaf ...)
-       TODO: check
+       NOT-FOR-US: IObit
 CVE-2024-7302 (The Blog2Social: Social Media Auto Post & Scheduler plugin for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6698 (The FundEngine plugin for WordPress is vulnerable to privilege 
escalat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6687 (The CTT Expresso para WooCommerce plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6529 (The Ultimate Classified Listings WordPress plugin before 1.4 
does not  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-6496 (The Light Poll WordPress plugin through 1.0.0 does not have 
CSRF check ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-5678 (Zohocorp ManageEngine Applications Manager versions170900 and 
below ar ...)
-       TODO: check
+       NOT-FOR-US: Zohocorp ManageEngine
 CVE-2024-5331 (The Breakdance plugin for WordPress is vulnerable to 
unauthorized acce ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-5330 (The Breakdance plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-4187 (Stored XSS vulnerability has been discovered in OpenText\u2122 
Filr pr ...)
-       TODO: check
+       NOT-FOR-US: OpenText
 CVE-2024-4090 (The Floating Notification Bar, Sticky Menu on Scroll, 
Announcement Ban ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-41262 (mmudb v1.9.3 was discovered to use the HTTP protocol in the 
ShowMetric ...)
-       TODO: check
+       NOT-FOR-US: mmudb
 CVE-2024-41258 (An issue was discovered in filestash v0.4. The usage of the 
ssh.Insecu ...)
-       TODO: check
+       NOT-FOR-US: filestash
 CVE-2024-41256 (Default configurations in the ShareProofVerifier function of 
filestash ...)
-       TODO: check
+       NOT-FOR-US: filestash
 CVE-2024-41255 (filestash v0.4 is configured to skip TLS certificate 
verification when ...)
-       TODO: check
+       NOT-FOR-US: filestash
 CVE-2024-41254 (An issue was discovered in litestream v0.3.13. The usage of 
the ssh.In ...)
-       TODO: check
+       NOT-FOR-US: litestream
 CVE-2024-41253 (goframe v2.7.2 is configured to skip TLS certificate 
verification, pos ...)
-       TODO: check
+       NOT-FOR-US: goframe
 CVE-2024-40883 (Cross-site request forgery vulnerability exists in ELECOM 
wireless LAN ...)
-       TODO: check
+       NOT-FOR-US: ELECOM
 CVE-2024-40465 (An issue in beego v.2.2.0 and before allows a remote attacker 
to escal ...)
-       TODO: check
+       NOT-FOR-US: beego
 CVE-2024-40464 (An issue in beego v.2.2.0 and before allows a remote attacker 
to escal ...)
-       TODO: check
+       NOT-FOR-US: beego
 CVE-2024-3983 (The WooCommerce Customers Manager WordPress plugin before 30.1 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-39607 (OS command injection vulnerability exists in ELECOM wireless 
LAN route ...)
-       TODO: check
+       NOT-FOR-US: ELECOM
 CVE-2024-38490 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a 
Out of  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-38489 (Dell iDRAC Service Module version 5.3.0.0 and prior contains 
Out of bo ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-38481 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a 
Out of  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-38182 (Weak authentication in Microsoft Dynamics 365 allows an 
unauthenticate ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-34021 (Unrestricted upload of file with dangerous type vulnerability 
exists i ...)
-       TODO: check
+       NOT-FOR-US: ELECOM
 CVE-2024-2872 (The socialdriver-framework WordPress plugin before 2024.04.30 
does not ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-2843 (The WooCommerce Customers Manager WordPress plugin before 30.1 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-2090 (The Remote Content Shortcode plugin for WordPress is vulnerable 
to Ser ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-28972 (Dell InsightIQ, Verion 5.0.0, contains a use of a broken or 
risky cryp ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-25948 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain a 
Out of  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-25947 (Dell iDRAC Service Module version 5.3.0.0 and prior, contain 
an Out of ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2024-1747 (The WooCommerce Customers Manager WordPress plugin before 30.2 
does no ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-1715 (The AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt plugin for 
WordPr ...)
-       TODO: check
+       NOT-FOR-US: AdFoxly
 CVE-2024-7340 (The Weave server API allows remote users to fetch files from a 
specifi ...)
        NOT-FOR-US: Weave server
 CVE-2024-7325 (A vulnerability was found in IObit Driver Booster 11.0.0.0. It 
has bee ...)
@@ -195,7 +195,7 @@ CVE-2024-31199 (A \u201cCWE-79: Improper Neutralization of 
Input During Web Page
 CVE-2024-2508 (The WP Mobile Menu plugin for WordPress is vulnerable to 
unauthorized  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-23444 (It was discovered by Elastic engineering that when 
elasticsearch-certu ...)
-       TODO: check
+       - elasticsearch <removed>
 CVE-2024-7306 (A vulnerability, which was classified as critical, was found in 
Source ...)
        NOT-FOR-US: SourceCodester Establishment Billing Management System
 CVE-2024-7303 (A vulnerability was found in itsourcecode Online Blood Bank 
Management ...)
@@ -292,9 +292,9 @@ CVE-2024-7226 (A vulnerability was found in SourceCodester 
Medicine Tracker Syst
 CVE-2024-7225 (A vulnerability was found in SourceCodester Insurance 
Management Syste ...)
        NOT-FOR-US: SourceCodester Insurance Management System
 CVE-2024-7209 (A vulnerability exists in the use of shared SPF records in 
multi-tenan ...)
-       TODO: check
+       NOT-FOR-US: Some hosted mail provider setups using SPF
 CVE-2024-7208 (Hosted services do not verify the sender of an email against 
authentic ...)
-       TODO: check
+       NOT-FOR-US: Some hosted mail provider setups using SPF
 CVE-2024-7127 (Improper Neutralization of Input During Web Page Generation 
vulnerabil ...)
        NOT-FOR-US: Stackposts Social Marketing Tool
 CVE-2024-6699 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5351f44077137adc443c08ed7920b08d6e3a83f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5351f44077137adc443c08ed7920b08d6e3a83f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to