[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 08 Apr 2024 13:12:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
82289868 by security tracker role at 2024-04-08T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,159 @@
-CVE-2024-26811 [ksmbd: validate payload size in ipc response]
+CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management 
System  ...)
+       TODO: check
+CVE-2024-3463 (A vulnerability has been found in SourceCodester Laundry 
Management Sy ...)
+       TODO: check
+CVE-2024-3458 (A vulnerability classified as critical was found in Netentsec 
NS-ASG A ...)
+       TODO: check
+CVE-2024-3457 (A vulnerability classified as critical has been found in 
Netentsec NS- ...)
+       TODO: check
+CVE-2024-3456 (A vulnerability was found in Netentsec NS-ASG Application 
Security Gat ...)
+       TODO: check
+CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application 
Security Gat ...)
+       TODO: check
+CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management 
System  ...)
+       TODO: check
+CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 
20240408. It  ...)
+       TODO: check
+CVE-2024-3443 (A vulnerability classified as problematic was found in 
SourceCodester  ...)
+       TODO: check
+CVE-2024-3442 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
+       TODO: check
+CVE-2024-3441 (A vulnerability was found in SourceCodester Prison Management 
System 1 ...)
+       TODO: check
+CVE-2024-3440 (A vulnerability was found in SourceCodester Prison Management 
System 1 ...)
+       TODO: check
+CVE-2024-3439 (A vulnerability was found in SourceCodester Prison Management 
System 1 ...)
+       TODO: check
+CVE-2024-3438 (A vulnerability was found in SourceCodester Prison Management 
System 1 ...)
+       TODO: check
+CVE-2024-31817 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can 
obtain sensi ...)
+       TODO: check
+CVE-2024-31816 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can 
obtain sensi ...)
+       TODO: check
+CVE-2024-31815 (In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can 
obtain the c ...)
+       TODO: check
+CVE-2024-31814 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to 
bypass login ...)
+       TODO: check
+CVE-2024-31813 (TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an 
authenticati ...)
+       TODO: check
+CVE-2024-31812 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can 
obtain sensi ...)
+       TODO: check
+CVE-2024-31811 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to 
contain a remo ...)
+       TODO: check
+CVE-2024-31809 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to 
contain a remo ...)
+       TODO: check
+CVE-2024-31808 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to 
contain a remo ...)
+       TODO: check
+CVE-2024-31807 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to 
contain a remo ...)
+       TODO: check
+CVE-2024-31806 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to 
contain a Deni ...)
+       TODO: check
+CVE-2024-31805 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to 
start the Te ...)
+       TODO: check
+CVE-2024-31447 (Shopware 6 is an open commerce platform based on Symfony 
Framework and ...)
+       TODO: check
+CVE-2024-31442 (Redon Hub is a Roblox Product Delivery Bot, also known as a 
Hub. In al ...)
+       TODO: check
+CVE-2024-31375 (Missing Authorization vulnerability in Saleswonder.Biz Team 
WP2LEADS.T ...)
+       TODO: check
+CVE-2024-31357 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31224 (GPT Academic provides interactive interfaces for large 
language models ...)
+       TODO: check
+CVE-2024-31221 (Sunshine is a self-hosted game stream host for Moonlight. 
Starting in  ...)
+       TODO: check
+CVE-2024-31205 (Saleor is an e-commerce platform. Starting in version 3.10.0 
and prior ...)
+       TODO: check
+CVE-2024-30269 (DataEase, an open source data visualization and analysis tool, 
has a d ...)
+       TODO: check
+CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been 
identified  ...)
+       TODO: check
+CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN 
Ryu ver ...)
+       TODO: check
+CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to 
reset passwo ...)
+       TODO: check
+CVE-2024-28224 (Ollama before 0.1.29 has a DNS rebinding vulnerability that 
can inadve ...)
+       TODO: check
+CVE-2024-28066 (In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are 
used (a h ...)
+       TODO: check
+CVE-2024-27897 (Input verification vulnerability in the call module. Impact: 
Successfu ...)
+       TODO: check
+CVE-2024-27896 (Input verification vulnerability in the log module. Impact: 
Successful ...)
+       TODO: check
+CVE-2024-27895 (Vulnerability of permission control in the window module. 
Successful e ...)
+       TODO: check
+CVE-2024-26574 (Insecure Permissions vulnerability in Wondershare Filmora 
v.13.0.51 al ...)
+       TODO: check
+CVE-2024-24279 (An issue in secdiskapp 1.5.1 (management program for NewQ 
Fingerprint  ...)
+       TODO: check
+CVE-2024-23192 (RSS feeds that contain malicious data- attributes could be 
abused to i ...)
+       TODO: check
+CVE-2024-23191 (Upsell advertisement information of an account can be 
manipulated to e ...)
+       TODO: check
+CVE-2024-23190 (Upsell shop information of an account can be manipulated to 
execute sc ...)
+       TODO: check
+CVE-2024-23189 (Embedded content references at tasks could be used to 
temporarily exec ...)
+       TODO: check
+CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via 
the com ...)
+       TODO: check
+CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a 
NullPointerException via t ...)
+       TODO: check
+CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer 
overflow ...)
+       TODO: check
+CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a 
NullPointerException v ...)
+       TODO: check
+CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent 
visitors f ...)
+       TODO: check
+CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. 
Impact: Succ ...)
+       TODO: check
+CVE-2023-52553 (Race condition vulnerability in the Wi-Fi module. Impact: 
Successful e ...)
+       TODO: check
+CVE-2023-52552 (Input verification vulnerability in the power module. Impact: 
Successf ...)
+       TODO: check
+CVE-2023-52551 (Vulnerability of data verification errors in the kernel 
module. Impact ...)
+       TODO: check
+CVE-2023-52550 (Vulnerability of data verification errors in the kernel 
module. Impact ...)
+       TODO: check
+CVE-2023-52549 (Vulnerability of data verification errors in the kernel 
module. Impact ...)
+       TODO: check
+CVE-2023-52546 (Vulnerability of package name verification being bypassed in 
the Calen ...)
+       TODO: check
+CVE-2023-52545 (Vulnerability of undefined permissions in the Calendar app. 
Impact: Su ...)
+       TODO: check
+CVE-2023-52544 (Vulnerability of file path verification being bypassed in the 
email mo ...)
+       TODO: check
+CVE-2023-52543 (Permission verification vulnerability in the system module. 
Impact: Su ...)
+       TODO: check
+CVE-2023-52542 (Permission verification vulnerability in the system module. 
Impact: Su ...)
+       TODO: check
+CVE-2023-52541 (Authentication vulnerability in the API for app pre-loading. 
Impact: S ...)
+       TODO: check
+CVE-2023-52540 (Vulnerability of improper authentication in the Iaware module. 
Impact: ...)
+       TODO: check
+CVE-2023-52539 (Permission verification vulnerability in the Settings module. 
Impact:  ...)
+       TODO: check
+CVE-2023-52538 (Vulnerability of package name verification being bypassed in 
the HwIms ...)
+       TODO: check
+CVE-2023-52537 (Vulnerability of package name verification being bypassed in 
the HwIms ...)
+       TODO: check
+CVE-2023-52388 (Permission control vulnerability in the clock module. Impact: 
Successf ...)
+       TODO: check
+CVE-2023-52386 (Out-of-bounds write vulnerability in the RSMC module. Impact: 
Successf ...)
+       TODO: check
+CVE-2023-52385 (Out-of-bounds write vulnerability in the RSMC module. Impact: 
Successf ...)
+       TODO: check
+CVE-2023-52364 (Vulnerability of input parameters being not strictly verified 
in the R ...)
+       TODO: check
+CVE-2023-52359 (Vulnerability of permission verification in some APIs in the 
ActivityT ...)
+       TODO: check
+CVE-2014-125111 (A vulnerability was found in namithjawahar Wp-Insert up to 
2.0.8 and c ...)
+       TODO: check
+CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64. 
It has  ...)
+       TODO: check
+CVE-2024-26811 (In the Linux kernel, the following vulnerability has been 
resolved:  k ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
-CVE-2024-2511 [openssl: Unbounded memory growth with session handling in 
TLSv1.3]
+CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can 
cause un ...)
        - openssl <unfixed> (bug #1068658)
        NOTE: https://www.openssl.org/news/secadv/20240408.txt
        NOTE: 
https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
 (openssl-3.2.y)
@@ -66,7 +218,7 @@ CVE-2024-27488 (Incorrect Access Control vulnerability in 
ZLMediaKit versions 1.
        NOT-FOR-US: ZLMediaKit
 CVE-2024-23658 (In camera driver, there is a possible use after free due to a 
logic er ...)
        NOT-FOR-US: Unisoc
-CVE-2024-1958 (The wpb-show-core WordPress plugin before 2.7 does not sanitise 
and es ...)
+CVE-2024-1958 (The WPB Show Core WordPress plugin before 2.7 does not sanitise 
and es ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-1956 (The wpb-show-core WordPress plugin before 2.7 does not sanitise 
and es ...)
        NOT-FOR-US: WordPress plugin
@@ -76,7 +228,7 @@ CVE-2024-1589 (The SendPress Newsletters WordPress plugin 
through 1.23.11.6 does
        NOT-FOR-US: WordPress plugin
 CVE-2024-1588 (The SendPress Newsletters WordPress plugin through 1.23.11.6 
does not  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-1292 (The wpb-show-core WordPress plugin before 2.6 does not sanitise 
and es ...)
+CVE-2024-1292 (The WPB Show Core WordPress plugin before 2.7 does not sanitise 
and es ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-52536 (In faceid service, there is a possible out of bounds read due 
to a mis ...)
        NOT-FOR-US: Unisoc
@@ -509,7 +661,7 @@ CVE-2024-30270 (mailcow: dockerized is an open source 
groupware/email suite base
        NOT-FOR-US: mailcow
 CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected 
cross-site scri ...)
        NOT-FOR-US: Typebot
-CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks  WordPress plugin before 
3.2.26 ...)
+CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks WordPress plugin before 
3.2.26  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress 
is vul ...)
        NOT-FOR-US: WordPress plugin
@@ -1869,7 +2021,7 @@ CVE-2024-2839 (The Colibri Page Builder plugin for 
WordPress is vulnerable to St
        NOT-FOR-US: WordPress plugin
 CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress 
is vul ...)
        NOT-FOR-US: WordPress plugin
-CVE-2024-2369 (The Page Builder Gutenberg Blocks  WordPress plugin before 
3.1.7 does  ...)
+CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 
does n ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote 
attackers ...)
        NOT-FOR-US: seeyonOA
@@ -9625,7 +9777,8 @@ CVE-2024-25016 (IBM MQ and IBM MQ Appliance 9.0, 9.1, 
9.2, 9.3 LTS and 9.3 CD co
        NOT-FOR-US: IBM
 CVE-2024-24307 (Path Traversal vulnerability in Tunis Soft "Product Designer" 
(product ...)
        NOT-FOR-US: PrestaShop module
-CVE-2024-0968 (Cross-site Scripting (XSS) - DOM in GitHub repository 
langchain-ai/cha ...)
+CVE-2024-0968
+       REJECTED
        NOT-FOR-US: LanChain-ai Langchain
 CVE-2024-0795 (If an attacked was given access to an instance with the admin 
or manag ...)
        NOT-FOR-US: AnythingLLM
@@ -105915,8 +106068,8 @@ CVE-2022-43218
        RESERVED
 CVE-2022-43217
        RESERVED
-CVE-2022-43216
-       RESERVED
+CVE-2022-43216 (AbrhilSoft Employee's Portal before v5.6.2 was discovered to 
contain a ...)
+       TODO: check
 CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)
        NOT-FOR-US: Billing System Project
 CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL 
injection  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/822898689e73859d3036828429126535ea9f141c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/822898689e73859d3036828429126535ea9f141c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to