[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 26 21:12:28 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c638f00 by security tracker role at 2024-04-26T20:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,146 @@
-CVE-2023-52646 [aio: fix mremap after fork null-deref]
+CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified  ...)
+	TODO: check
+CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2024-4236 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear DG834Gv ...)
+	TODO: check
+CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...)
+	TODO: check
+CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...)
+	TODO: check
+CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x bef ...)
+	TODO: check
+CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and ...)
+	TODO: check
+CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for WordPress is vu ...)
+	TODO: check
+CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable ...)
+	TODO: check
+CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have CSRF c ...)
+	TODO: check
+CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup  ...)
+	TODO: check
+CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio. ...)
+	TODO: check
+CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Ha ...)
+	TODO: check
+CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Telur ...)
+	TODO: check
+CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Da ...)
+	TODO: check
+CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information  ...)
+	TODO: check
+CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child ...)
+	TODO: check
+CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameThem ...)
+	TODO: check
+CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCea ...)
+	TODO: check
+CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Conta ...)
+	TODO: check
+CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in fte ...)
+	TODO: check
+CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Chg ...)
+	TODO: check
+CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Set ...)
+	TODO: check
+CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion Failure  ...)
+	TODO: check
+CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...)
+	TODO: check
+CVE-2024-33259 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...)
+	TODO: check
+CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a segmentation vi ...)
+	TODO: check
+CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an Assertion Fail ...)
+	TODO: check
+CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page Builder ...)
+	TODO: check
+CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport` does no ...)
+	TODO: check
+CVE-2024-32880 (pyload is an open-source Download Manager written in pure Python. An a ...)
+	TODO: check
+CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables Generator ...)
+	TODO: check
+CVE-2024-32828 (Missing Authorization vulnerability in Octolize Flexible Shipping.This ...)
+	TODO: check
+CVE-2024-32826 (Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.T ...)
+	TODO: check
+CVE-2024-32822 (Missing Authorization vulnerability in impleCode Reviews Plus.This iss ...)
+	TODO: check
+CVE-2024-32766 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
+CVE-2024-32764 (A missing authentication for critical function vulnerability has been  ...)
+	TODO: check
+CVE-2024-32730 (SAP Enable Now Manager does not perform necessary authorization checks ...)
+	TODO: check
+CVE-2024-32476 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+	TODO: check
+CVE-2024-32046 (Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and ...)
+	TODO: check
+CVE-2024-28328 (CSV Injection vulnerability in the Asus RT-N12+ router allows administ ...)
+	TODO: check
+CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext, which could ...)
+	TODO: check
+CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows local attac ...)
+	TODO: check
+CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which could al ...)
+	TODO: check
+CVE-2024-27790 (Claris International has resolved an issue of potentially allowing una ...)
+	TODO: check
+CVE-2024-27124 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
+CVE-2024-25343 (Tenda N300 F3 router vulnerability allows users to bypass intended sec ...)
+	TODO: check
+CVE-2024-22091 (Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 an ...)
+	TODO: check
+CVE-2024-21905 (An integer overflow or wraparound vulnerability has been reported to a ...)
+	TODO: check
+CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection via th ...)
+	TODO: check
+CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (RSE) v ...)
+	TODO: check
+CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...)
+	TODO: check
+CVE-2023-51365 (A path traversal vulnerability has been reported to affect several QNA ...)
+	TODO: check
+CVE-2023-51364 (A path traversal vulnerability has been reported to affect several QNA ...)
+	TODO: check
+CVE-2023-50364 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2023-50363 (An incorrect authorization vulnerability has been reported to affect s ...)
+	TODO: check
+CVE-2023-50362 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2023-50361 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2023-47222 (An exposure of sensitive information vulnerability has been reported t ...)
+	TODO: check
+CVE-2023-42955 (Claris International has successfully resolved an issue of potentially ...)
+	TODO: check
+CVE-2023-41291 (A path traversal vulnerability has been reported to affect QuFirewall. ...)
+	TODO: check
+CVE-2023-41290 (A path traversal vulnerability has been reported to affect QuFirewall. ...)
+	TODO: check
+CVE-2022-48611 (A logic issue was addressed with improved checks. This issue is fixed  ...)
+	TODO: check
+CVE-2023-52646 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.1.15-1
 	[bullseye] - linux 5.10.178-1
 	[buster] - linux 4.19.282-1
@@ -295,14 +437,17 @@ CVE-2024-26923 (In the Linux kernel, the following vulnerability has been resolv
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4)
 CVE-2024-4060
+	{DSA-5675-1}
 	- chromium 124.0.6367.78-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-4059
+	{DSA-5675-1}
 	- chromium 124.0.6367.78-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-4058
+	{DSA-5675-1}
 	- chromium 124.0.6367.78-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -79110,8 +79255,8 @@ CVE-2023-26604 (systemd before 247 does not adequately block local privilege esc
 	NOTE: https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
 	NOTE: https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340
 	NOTE: https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/
-CVE-2023-26603
-	RESERVED
+CVE-2023-26603 (JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory ...)
+	TODO: check
 CVE-2022-48363 (In MPD before 0.23.8, as used on Automotive Grade Linux and other plat ...)
 	NOT-FOR-US: MPD as used by Automotive Grade Linux
 CVE-2023-26602 (ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to ex ...)
@@ -116541,8 +116686,8 @@ CVE-2022-41134 (Cross-Site Request Forgery (CSRF) inOptinlyHQ Optinly \u2013 Exi
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-40975
-	RESERVED
+CVE-2022-40975 (Missing Authorization vulnerability in Aazztech Post Slider.This issue ...)
+	TODO: check
 CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...)
 	NOT-FOR-US: Buffalo
 CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c638f005567a6d98cf402d17972adbb2da8baa2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c638f005567a6d98cf402d17972adbb2da8baa2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240426/f5b1603b/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list