[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 1 09:11:52 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48e029f9 by security tracker role at 2024-04-01T08:11:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...)
+	TODO: check
+CVE-2024-2278 (Themify  WordPress plugin before 1.4.4 does not sanitise and escape so ...)
+	TODO: check
+CVE-2024-2263 (Themify  WordPress plugin before 1.4.4 does not sanitise and escape a  ...)
+	TODO: check
+CVE-2024-2262 (Themify  WordPress plugin before 1.4.4 does not have CSRF check in its ...)
+	TODO: check
+CVE-2024-28895 ('Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' A ...)
+	TODO: check
+CVE-2024-27609 (Bonita before 2023.2-u2 allows stored XSS via a UI screen in the admin ...)
+	TODO: check
+CVE-2024-20055 (In imgsys, there is a possible information disclosure due to a missing ...)
+	TODO: check
+CVE-2024-20054 (In gnss, there is a possible escalation of privilege due to a missing  ...)
+	TODO: check
+CVE-2024-20053 (In flashc, there is a possible out of bounds write due to an uncaught  ...)
+	TODO: check
+CVE-2024-20052 (In flashc, there is a possible information disclosure due to an uncaug ...)
+	TODO: check
+CVE-2024-20051 (In flashc, there is a possible system crash due to an uncaught excepti ...)
+	TODO: check
+CVE-2024-20050 (In flashc, there is a possible information disclosure due to an uncaug ...)
+	TODO: check
+CVE-2024-20049 (In flashc, there is a possible information disclosure due to an uncaug ...)
+	TODO: check
+CVE-2024-20048 (In flashc, there is a possible information disclosure due to an uncaug ...)
+	TODO: check
+CVE-2024-20047 (In battery, there is a possible out of bounds read due to an integer o ...)
+	TODO: check
+CVE-2024-20046 (In battery, there is a possible escalation of privilege due to an inte ...)
+	TODO: check
+CVE-2024-20045 (In audio, there is a possible out of bounds read due to an incorrect c ...)
+	TODO: check
+CVE-2024-20044 (In da, there is a possible out of bounds write due to a missing bounds ...)
+	TODO: check
+CVE-2024-20043 (In da, there is a possible out of bounds write due to a missing bounds ...)
+	TODO: check
+CVE-2024-20042 (In da, there is a possible out of bounds write due to a missing bounds ...)
+	TODO: check
+CVE-2024-20041 (In da, there is a possible out of bounds read due to a missing bounds  ...)
+	TODO: check
+CVE-2024-20040 (In wlan firmware, there is a possible out of bounds write due to impro ...)
+	TODO: check
+CVE-2024-20039 (In modem protocol, there is a possible out of bounds write due to a mi ...)
+	TODO: check
+CVE-2024-1526 (The Hubbub Lite  WordPress plugin before 1.33.1 does not ensure that u ...)
+	TODO: check
+CVE-2023-51803 (LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons tha ...)
+	TODO: check
+CVE-2016-15038 (A vulnerability, which was classified as critical, was found in NUUO N ...)
+	TODO: check
+CVE-2014-125110 (A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on ...)
+	TODO: check
 CVE-2024-31123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-31122 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -15796,7 +15850,7 @@ CVE-2022-48622 (In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Wi
 	[bullseye] - gdk-pixbuf <postponed> (Revisit once fixed upstream)
 	[buster] - gdk-pixbuf <postponed> (Minor issue, recheck when fixed upstream)
 	NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202
-CVE-2024-24399 (An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows auth ...)
+CVE-2024-24399 (An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authent ...)
 	NOT-FOR-US: LeptonCMS
 CVE-2024-23630 (An arbitrary firmware upload vulnerability exists in the Motorola  MR2 ...)
 	NOT-FOR-US: Motorola



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48e029f998289f54754651f75175f22d56b9d2fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48e029f998289f54754651f75175f22d56b9d2fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240401/32b52383/attachment.htm>

More information about the debian-security-tracker-commits mailing list