[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 8 21:12:41 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82289868 by security tracker role at 2024-04-08T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,159 @@
-CVE-2024-26811 [ksmbd: validate payload size in ipc response]
+CVE-2024-3464 (A vulnerability was found in SourceCodester Laundry Management System  ...)
+	TODO: check
+CVE-2024-3463 (A vulnerability has been found in SourceCodester Laundry Management Sy ...)
+	TODO: check
+CVE-2024-3458 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...)
+	TODO: check
+CVE-2024-3457 (A vulnerability classified as critical has been found in Netentsec NS- ...)
+	TODO: check
+CVE-2024-3456 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
+	TODO: check
+CVE-2024-3455 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
+	TODO: check
+CVE-2024-3445 (A vulnerability was found in SourceCodester Laundry Management System  ...)
+	TODO: check
+CVE-2024-3444 (A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It  ...)
+	TODO: check
+CVE-2024-3443 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2024-3442 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2024-3441 (A vulnerability was found in SourceCodester Prison Management System 1 ...)
+	TODO: check
+CVE-2024-3440 (A vulnerability was found in SourceCodester Prison Management System 1 ...)
+	TODO: check
+CVE-2024-3439 (A vulnerability was found in SourceCodester Prison Management System 1 ...)
+	TODO: check
+CVE-2024-3438 (A vulnerability was found in SourceCodester Prison Management System 1 ...)
+	TODO: check
+CVE-2024-31817 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...)
+	TODO: check
+CVE-2024-31816 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...)
+	TODO: check
+CVE-2024-31815 (In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the c ...)
+	TODO: check
+CVE-2024-31814 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login ...)
+	TODO: check
+CVE-2024-31813 (TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authenticati ...)
+	TODO: check
+CVE-2024-31812 (In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensi ...)
+	TODO: check
+CVE-2024-31811 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...)
+	TODO: check
+CVE-2024-31809 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...)
+	TODO: check
+CVE-2024-31808 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...)
+	TODO: check
+CVE-2024-31807 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remo ...)
+	TODO: check
+CVE-2024-31806 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Deni ...)
+	TODO: check
+CVE-2024-31805 (TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Te ...)
+	TODO: check
+CVE-2024-31447 (Shopware 6 is an open commerce platform based on Symfony Framework and ...)
+	TODO: check
+CVE-2024-31442 (Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In al ...)
+	TODO: check
+CVE-2024-31375 (Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.T ...)
+	TODO: check
+CVE-2024-31357 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-31224 (GPT Academic provides interactive interfaces for large language models ...)
+	TODO: check
+CVE-2024-31221 (Sunshine is a self-hosted game stream host for Moonlight. Starting in  ...)
+	TODO: check
+CVE-2024-31205 (Saleor is an e-commerce platform. Starting in version 3.10.0 and prior ...)
+	TODO: check
+CVE-2024-30269 (DataEase, an open source data visualization and analysis tool, has a d ...)
+	TODO: check
+CVE-2024-2834 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified  ...)
+	TODO: check
+CVE-2024-28732 (An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu ver ...)
+	TODO: check
+CVE-2024-28270 (An issue discovered in web-flash v3.0 allows attackers to reset passwo ...)
+	TODO: check
+CVE-2024-28224 (Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadve ...)
+	TODO: check
+CVE-2024-28066 (In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a h ...)
+	TODO: check
+CVE-2024-27897 (Input verification vulnerability in the call module. Impact: Successfu ...)
+	TODO: check
+CVE-2024-27896 (Input verification vulnerability in the log module. Impact: Successful ...)
+	TODO: check
+CVE-2024-27895 (Vulnerability of permission control in the window module. Successful e ...)
+	TODO: check
+CVE-2024-26574 (Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 al ...)
+	TODO: check
+CVE-2024-24279 (An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint  ...)
+	TODO: check
+CVE-2024-23192 (RSS feeds that contain malicious data- attributes could be abused to i ...)
+	TODO: check
+CVE-2024-23191 (Upsell advertisement information of an account can be manipulated to e ...)
+	TODO: check
+CVE-2024-23190 (Upsell shop information of an account can be manipulated to execute sc ...)
+	TODO: check
+CVE-2024-23189 (Embedded content references at tasks could be used to temporarily exec ...)
+	TODO: check
+CVE-2024-23086 (Apfloat v1.10.1 was discovered to contain a stack overflow via the com ...)
+	TODO: check
+CVE-2024-23085 (Apfloat v1.10.1 was discovered to contain a NullPointerException via t ...)
+	TODO: check
+CVE-2024-23082 (ThreeTen Backport v1.6.8 was discovered to contain an integer overflow ...)
+	TODO: check
+CVE-2024-23078 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...)
+	TODO: check
+CVE-2023-7164 (The BackWPup WordPress plugin before 4.0.4 does not prevent visitors f ...)
+	TODO: check
+CVE-2023-52554 (Permission control vulnerability in the Bluetooth module. Impact: Succ ...)
+	TODO: check
+CVE-2023-52553 (Race condition vulnerability in the Wi-Fi module. Impact: Successful e ...)
+	TODO: check
+CVE-2023-52552 (Input verification vulnerability in the power module. Impact: Successf ...)
+	TODO: check
+CVE-2023-52551 (Vulnerability of data verification errors in the kernel module. Impact ...)
+	TODO: check
+CVE-2023-52550 (Vulnerability of data verification errors in the kernel module. Impact ...)
+	TODO: check
+CVE-2023-52549 (Vulnerability of data verification errors in the kernel module. Impact ...)
+	TODO: check
+CVE-2023-52546 (Vulnerability of package name verification being bypassed in the Calen ...)
+	TODO: check
+CVE-2023-52545 (Vulnerability of undefined permissions in the Calendar app. Impact: Su ...)
+	TODO: check
+CVE-2023-52544 (Vulnerability of file path verification being bypassed in the email mo ...)
+	TODO: check
+CVE-2023-52543 (Permission verification vulnerability in the system module. Impact: Su ...)
+	TODO: check
+CVE-2023-52542 (Permission verification vulnerability in the system module. Impact: Su ...)
+	TODO: check
+CVE-2023-52541 (Authentication vulnerability in the API for app pre-loading. Impact: S ...)
+	TODO: check
+CVE-2023-52540 (Vulnerability of improper authentication in the Iaware module. Impact: ...)
+	TODO: check
+CVE-2023-52539 (Permission verification vulnerability in the Settings module. Impact:  ...)
+	TODO: check
+CVE-2023-52538 (Vulnerability of package name verification being bypassed in the HwIms ...)
+	TODO: check
+CVE-2023-52537 (Vulnerability of package name verification being bypassed in the HwIms ...)
+	TODO: check
+CVE-2023-52388 (Permission control vulnerability in the clock module. Impact: Successf ...)
+	TODO: check
+CVE-2023-52386 (Out-of-bounds write vulnerability in the RSMC module. Impact: Successf ...)
+	TODO: check
+CVE-2023-52385 (Out-of-bounds write vulnerability in the RSMC module. Impact: Successf ...)
+	TODO: check
+CVE-2023-52364 (Vulnerability of input parameters being not strictly verified in the R ...)
+	TODO: check
+CVE-2023-52359 (Vulnerability of permission verification in some APIs in the ActivityT ...)
+	TODO: check
+CVE-2014-125111 (A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and c ...)
+	TODO: check
+CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has  ...)
+	TODO: check
+CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
-CVE-2024-2511 [openssl: Unbounded memory growth with session handling in TLSv1.3]
+CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...)
 	- openssl <unfixed> (bug #1068658)
 	NOTE: https://www.openssl.org/news/secadv/20240408.txt
 	NOTE: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08 (openssl-3.2.y)
@@ -66,7 +218,7 @@ CVE-2024-27488 (Incorrect Access Control vulnerability in ZLMediaKit versions 1.
 	NOT-FOR-US: ZLMediaKit
 CVE-2024-23658 (In camera driver, there is a possible use after free due to a logic er ...)
 	NOT-FOR-US: Unisoc
-CVE-2024-1958 (The wpb-show-core WordPress plugin before 2.7 does not sanitise and es ...)
+CVE-2024-1958 (The WPB Show Core WordPress plugin before 2.7 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1956 (The wpb-show-core WordPress plugin before 2.7 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
@@ -76,7 +228,7 @@ CVE-2024-1589 (The SendPress Newsletters WordPress plugin through 1.23.11.6 does
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1588 (The SendPress Newsletters WordPress plugin through 1.23.11.6 does not  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-1292 (The wpb-show-core WordPress plugin before 2.6 does not sanitise and es ...)
+CVE-2024-1292 (The WPB Show Core WordPress plugin before 2.7 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-52536 (In faceid service, there is a possible out of bounds read due to a mis ...)
 	NOT-FOR-US: Unisoc
@@ -509,7 +661,7 @@ CVE-2024-30270 (mailcow: dockerized is an open source groupware/email suite base
 	NOT-FOR-US: mailcow
 CVE-2024-30264 (Typebot is an open-source chatbot builder. A reflected cross-site scri ...)
 	NOT-FOR-US: Typebot
-CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks  WordPress plugin before 3.2.26 ...)
+CVE-2024-2509 (The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2115 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
@@ -1869,7 +2021,7 @@ CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to St
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2024-2369 (The Page Builder Gutenberg Blocks  WordPress plugin before 3.1.7 does  ...)
+CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does n ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote attackers ...)
 	NOT-FOR-US: seeyonOA
@@ -9625,7 +9777,8 @@ CVE-2024-25016 (IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD co
 	NOT-FOR-US: IBM
 CVE-2024-24307 (Path Traversal vulnerability in Tunis Soft "Product Designer" (product ...)
 	NOT-FOR-US: PrestaShop module
-CVE-2024-0968 (Cross-site Scripting (XSS) - DOM in GitHub repository langchain-ai/cha ...)
+CVE-2024-0968
+	REJECTED
 	NOT-FOR-US: LanChain-ai Langchain
 CVE-2024-0795 (If an attacked was given access to an instance with the admin or manag ...)
 	NOT-FOR-US: AnythingLLM
@@ -105915,8 +106068,8 @@ CVE-2022-43218
 	RESERVED
 CVE-2022-43217
 	RESERVED
-CVE-2022-43216
-	RESERVED
+CVE-2022-43216 (AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a ...)
+	TODO: check
 CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL injection  ...)
 	NOT-FOR-US: Billing System Project
 CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL injection  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/822898689e73859d3036828429126535ea9f141c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/822898689e73859d3036828429126535ea9f141c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240408/accf3402/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list