[Git][security-tracker-team/security-tracker][master] automatic update

Thu Aug 15 21:12:54 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc875cf6 by security tracker role at 2024-08-15T20:12:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,153 @@
+CVE-2024-7867 (In Xpdf 4.05 (and earlier), very large coordinates in a page box can c ...)
+	TODO: check
+CVE-2024-7866 (In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource le ...)
+	TODO: check
+CVE-2024-7838 (A vulnerability was found in itsourcecode Online Food Ordering System  ...)
+	TODO: check
+CVE-2024-7833 (A vulnerability was found in D-Link DI-8100 16.07. It has been classif ...)
+	TODO: check
+CVE-2024-7832 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DN ...)
+	TODO: check
+CVE-2024-7831 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...)
+	TODO: check
+CVE-2024-7830 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2024-7829 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2024-7828 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...)
+	TODO: check
+CVE-2024-7263 (Improper path validation in promecefpluginhost.exe in Kingsoft WPS Off ...)
+	TODO: check
+CVE-2024-7262 (Improper path validation in promecefpluginhost.exe in Kingsoft WPS Off ...)
+	TODO: check
+CVE-2024-6347 (*  Unprotected privileged mode access through UDS session in the Blind ...)
+	TODO: check
+CVE-2024-43373 (webcrack is a tool for reverse engineering javascript. An arbitrary fi ...)
+	TODO: check
+CVE-2024-43357 (ECMA-262 is the language specification for the scripting language ECMA ...)
+	TODO: check
+CVE-2024-42987 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42986 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42985 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42984 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42983 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42982 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42981 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42980 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42979 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42978 (An issue in the handler function in /goform/telnet of Tenda FH1206 v02 ...)
+	TODO: check
+CVE-2024-42977 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42976 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42974 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42973 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42969 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42968 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2024-42967 (Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allo ...)
+	TODO: check
+CVE-2024-42966 (Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 all ...)
+	TODO: check
+CVE-2024-42955 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42954 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42953 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42952 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42951 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42950 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42949 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42948 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42947 (An issue in the handler function in /goform/telnet of Tenda FH1201 v1. ...)
+	TODO: check
+CVE-2024-42946 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42945 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42944 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42943 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42942 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42941 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42940 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2024-42843 (Projectworlds Online Examination System v1.0 is vulnerable to SQL Inje ...)
+	TODO: check
+CVE-2024-42757 (Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allow ...)
+	TODO: check
+CVE-2024-42681 (Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote  ...)
+	TODO: check
+CVE-2024-42680 (An issue in Super easy enterprise management system v.1.0.0 and before ...)
+	TODO: check
+CVE-2024-42679 (SQL Injection vulnerability in Super easy enterprise management system ...)
+	TODO: check
+CVE-2024-42678 (Cross Site Scripting vulnerability in Super easy enterprise management ...)
+	TODO: check
+CVE-2024-42677 (An issue in Huizhi enterprise resource management system v.1.0 and bef ...)
+	TODO: check
+CVE-2024-42676 (File Upload vulnerability in Huizhi enterprise resource management sys ...)
+	TODO: check
+CVE-2024-42476 (In the OAuth library for nim prior to version 0.11, the Authorization  ...)
+	TODO: check
+CVE-2024-42475 (In the OAuth library for nim prior to version 0.11, the `state` values ...)
+	TODO: check
+CVE-2024-40705 (IBM InfoSphere Information Server could allow an authenticated user to ...)
+	TODO: check
+CVE-2024-40704 (IBM InfoSphere Information Server 11.7 could allow a privileged user t ...)
+	TODO: check
+CVE-2024-32231 (Stash up to v0.25.1 was discovered to contain a SQL injection vulnerab ...)
+	TODO: check
+CVE-2024-31905 (IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to ...)
+	TODO: check
+CVE-2024-31800 (Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allow ...)
+	TODO: check
+CVE-2024-31799 (Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allo ...)
+	TODO: check
+CVE-2024-31798 (Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor ...)
+	TODO: check
+CVE-2024-27731 (Cross Site Scripting vulnerability in Friendica v.2023.12 allows a rem ...)
+	TODO: check
+CVE-2024-27730 (Insecure Permissions vulnerability in Friendica v.2023.12 allows a rem ...)
+	TODO: check
+CVE-2024-27729 (Cross Site Scripting vulnerability in Friendica v.2023.12 allows a rem ...)
+	TODO: check
+CVE-2024-27728 (Cross Site Scripting vulnerability in Friendica v.2023.12 allows a rem ...)
+	TODO: check
+CVE-2024-25633 (eLabFTW is an open source electronic lab notebook for research labs.   ...)
+	TODO: check
+CVE-2024-23168 (Vulnerability in Xiexe XSOverlay before build 647 allows non-local web ...)
+	TODO: check
+CVE-2024-22219 (XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 throu ...)
+	TODO: check
+CVE-2024-22218 (XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 throu ...)
+	TODO: check
+CVE-2024-22217 (A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour bef ...)
+	TODO: check
+CVE-2023-37228
+	REJECTED
 CVE-2024-7815 (A vulnerability has been found in CodeAstro Online Railway Reservation ...)
 	NOT-FOR-US: CodeAstro Online Railway Reservation System
 CVE-2024-7814 (A vulnerability, which was classified as problematic, was found in Cod ...)
@@ -430,7 +580,7 @@ CVE-2024-7347 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_
 CVE-2024-42259 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)
-CVE-2024-42472
+CVE-2024-42472 (Flatpak is a Linux application sandboxing and distribution framework.  ...)
 	{DSA-5749-1}
 	- flatpak 1.14.10-1
 	NOTE: https://github.com/flatpak/flatpak/releases/tag/1.14.10
@@ -64536,7 +64686,8 @@ CVE-2023-50712 (Iris is a web collaborative platform aiming to help incident res
 	NOT-FOR-US: Iris
 CVE-2023-50708 (yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and Op ...)
 	NOT-FOR-US: ii2-authclient extension for Yii framework
-CVE-2023-50569 (Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, a ...)
+CVE-2023-50569
+	REJECTED
 	- cacti 1.2.26+ds1-1
 	[bookworm] - cacti 1.2.24+ds1-1+deb12u2
 	[bullseye] - cacti <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc875cf697cbf9382fdde49cb13afb775fc58d8b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc875cf697cbf9382fdde49cb13afb775fc58d8b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240815/7816804a/attachment.htm>
