[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 28 08:12:08 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0883c68 by security tracker role at 2024-12-28T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2024-54775 (Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting ...)
+	TODO: check
+CVE-2024-54774 (Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerabi ...)
+	TODO: check
+CVE-2024-50717 (SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote att ...)
+	TODO: check
+CVE-2024-50716 (SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote att ...)
+	TODO: check
+CVE-2024-50715 (An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacke ...)
+	TODO: check
+CVE-2024-50714 (A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1 ...)
+	TODO: check
+CVE-2024-50713 (SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2024-46973 (Software installed and run as a non-privileged user may conduct improp ...)
+	TODO: check
+CVE-2024-46972 (Software installed and run as a non-privileged user may conduct improp ...)
+	TODO: check
+CVE-2024-43705 (Software installed and run as a non-privileged user can trigger the GP ...)
+	TODO: check
+CVE-2023-7266 (Some Huawei home routers have a connection hijacking vulnerability. Su ...)
+	TODO: check
+CVE-2023-7263 (Some Huawei home music system products have a path traversal vulnerabi ...)
+	TODO: check
+CVE-2023-52718 (A connection hijacking vulnerability exists in some Huawei home router ...)
+	TODO: check
 CVE-2024-56732 (HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, ...)
 	- harfbuzz <unfixed>
 	NOTE: https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m
@@ -46645,7 +46671,7 @@ CVE-2024-38523 (Hush Line is a free and open-source, anonymous-tip-line-as-a-ser
 	NOT-FOR-US: Hush Line
 CVE-2024-38515
 	REJECTED
-CVE-2024-35260 (An authenticated attacker can exploit an Untrusted Search Path vulnera ...)
+CVE-2024-35260 (An authenticated attacker can exploit an untrusted search path vulnera ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
 	NOT-FOR-US: IBM
@@ -135890,8 +135916,8 @@ CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. S
 	NOT-FOR-US: Huawei
 CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei Printer. ...)
 	NOT-FOR-US: Huawei
-CVE-2022-48470
-	RESERVED
+CVE-2022-48470 (Huawei HiLink AI Life product has an identity authentication bypass vu ...)
+	TODO: check
 CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. Successf ...)
 	NOT-FOR-US: Huawei
 CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2  ...)
@@ -272536,8 +272562,8 @@ CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei S
 	NOT-FOR-US: Huawei
 CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...)
 	NOT-FOR-US: Huawei
-CVE-2021-37000
-	RESERVED
+CVE-2021-37000 (Some Huawei wearables have a permission management vulnerability.)
+	TODO: check
 CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...)
 	NOT-FOR-US: Huawei
 CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
@@ -309276,8 +309302,8 @@ CVE-2021-22486 (There is a issue of Unstandardized field names in Huawei Smartph
 	NOT-FOR-US: Huawei
 CVE-2021-22485 (There is a SSID vulnerability with Wi-Fi network connections in Huawei ...)
 	NOT-FOR-US: Huawei
-CVE-2021-22484
-	RESERVED
+CVE-2021-22484 (Some Huawei wearables have a vulnerability of not verifying the actual ...)
+	TODO: check
 CVE-2021-22483 (There is a issue of IP address spoofing in Huawei Smartphone. Successf ...)
 	NOT-FOR-US: Huawei
 CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smartphone. ...)
@@ -394523,16 +394549,16 @@ CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0
 	NOT-FOR-US: Huawei
 CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of  ...)
 	NOT-FOR-US: Huawei
-CVE-2020-1824
-	RESERVED
-CVE-2020-1823
-	RESERVED
-CVE-2020-1822
-	RESERVED
-CVE-2020-1821
-	RESERVED
-CVE-2020-1820
-	RESERVED
+CVE-2020-1824 (There are multiple out of bounds (OOB) read vulnerabilities in the imp ...)
+	TODO: check
+CVE-2020-1823 (There are multiple out of bounds (OOB) read vulnerabilities in the imp ...)
+	TODO: check
+CVE-2020-1822 (There are multiple out of bounds (OOB) read vulnerabilities in the imp ...)
+	TODO: check
+CVE-2020-1821 (There are multiple out of bounds (OOB) read vulnerabilities in the imp ...)
+	TODO: check
+CVE-2020-1820 (There are multiple out of bounds (OOB) read vulnerabilities in the imp ...)
+	TODO: check
 CVE-2020-1819 (There are multiple out of bounds (OOB) read vulnerabilities in the imp ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1818 (There are multiple out of bounds (OOB) read vulnerabilities in the imp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0883c68ef7b26c3c70345053e9b863f13a8a1ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0883c68ef7b26c3c70345053e9b863f13a8a1ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241228/18ee3251/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list