[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 19 20:12:27 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76982af8 by security tracker role at 2024-01-19T20:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,134 @@
-CVE-2024-21733 [Leaking of unrelated request bodies in default error page]
+CVE-2024-23331 (Vite is a frontend tooling framework for javascript. The Vite dev serv ...)
+	TODO: check
+CVE-2024-23329 (changedetection.io is an open source tool designed to monitor websites ...)
+	TODO: check
+CVE-2024-22957 (swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnera ...)
+	TODO: check
+CVE-2024-22956 (swftools 0.9.2 was discovered to contain a heap-use-after-free vulnera ...)
+	TODO: check
+CVE-2024-22955 (swftools 0.9.2 was discovered to contain a stack-buffer-underflow vuln ...)
+	TODO: check
+CVE-2024-22920 (swftools 0.9.2 was discovered to contain a heap-use-after-free via the ...)
+	TODO: check
+CVE-2024-22919 (swftools0.9.2 was discovered to contain a global-buffer-overflow vulne ...)
+	TODO: check
+CVE-2024-22915 (A heap-use-after-free was found in SWFTools v0.9.2, in the function sw ...)
+	TODO: check
+CVE-2024-22914 (A heap-use-after-free was found in SWFTools v0.9.2, in the function in ...)
+	TODO: check
+CVE-2024-22913 (A heap-buffer-overflow was found in SWFTools v0.9.2, in the function s ...)
+	TODO: check
+CVE-2024-22912 (A global-buffer-overflow was found in SWFTools v0.9.2, in the function ...)
+	TODO: check
+CVE-2024-22911 (A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, i ...)
+	TODO: check
+CVE-2024-22877 (StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scriptin ...)
+	TODO: check
+CVE-2024-22876 (StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to  ...)
+	TODO: check
+CVE-2024-22563 (openvswitch 2.17.8 was discovered to contain a memory leak via the fun ...)
+	TODO: check
+CVE-2024-22562 (swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via  ...)
+	TODO: check
+CVE-2024-22211 (FreeRDP is a set of free and open source remote desktop protocol libra ...)
+	TODO: check
+CVE-2024-0732 (A vulnerability was found in PCMan FTP Server 2.0.7 and classified as  ...)
+	TODO: check
+CVE-2024-0731 (A vulnerability has been found in PCMan FTP Server 2.0.7 and classifie ...)
+	TODO: check
+CVE-2024-0730 (A vulnerability, which was classified as critical, was found in Projec ...)
+	TODO: check
+CVE-2024-0729 (A vulnerability, which was classified as critical, has been found in F ...)
+	TODO: check
+CVE-2024-0728 (A vulnerability classified as problematic was found in ForU CMS up to  ...)
+	TODO: check
+CVE-2024-0726 (A vulnerability was found in Project Worlds Student Project Allocation ...)
+	TODO: check
+CVE-2024-0725 (A vulnerability was found in ProSSHD 1.2 on Windows. It has been decla ...)
+	TODO: check
+CVE-2024-0723 (A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been cl ...)
+	TODO: check
+CVE-2024-0722 (A vulnerability was found in code-projects Social Networking Site 1.0  ...)
+	TODO: check
+CVE-2024-0721 (A vulnerability has been found in Jspxcms 10.2.0 and classified as pro ...)
+	TODO: check
+CVE-2024-0720 (A vulnerability, which was classified as problematic, was found in Fac ...)
+	TODO: check
+CVE-2024-0718 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-0717 (A vulnerability classified as critical was found in D-Link DAP-1360, D ...)
+	TODO: check
+CVE-2024-0716 (A vulnerability classified as problematic has been found in Beijing Ba ...)
+	TODO: check
+CVE-2024-0714 (A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It ...)
+	TODO: check
+CVE-2024-0713 (A vulnerability was found in Monitorr 1.7.6m. It has been declared as  ...)
+	TODO: check
+CVE-2024-0712 (A vulnerability was found in Beijing Baichuo Smart S150 Management Pla ...)
+	TODO: check
+CVE-2024-0705 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-0663
+	REJECTED
+CVE-2023-6450 (An incorrect permissions vulnerability was reported in the Lenovo App  ...)
+	TODO: check
+CVE-2023-6044 (A privilege escalation vulnerability was reported in Lenovo Vantage th ...)
+	TODO: check
+CVE-2023-6043 (A privilege escalation vulnerability was reported in Lenovo Vantage th ...)
+	TODO: check
+CVE-2023-5081 (An information disclosure vulnerability was reported in the Lenovo Tab ...)
+	TODO: check
+CVE-2023-5080 (A privilege escalation vulnerability was reported in some Lenovo table ...)
+	TODO: check
+CVE-2023-51948 (A Site-wide directory listing vulnerability in /fm in actidata actiNAS ...)
+	TODO: check
+CVE-2023-51947 (Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX  ...)
+	TODO: check
+CVE-2023-51946 (Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSv ...)
+	TODO: check
+CVE-2023-50694 (An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacke ...)
+	TODO: check
+CVE-2023-50693 (An issue in dom96 Jester v.0.6.0 and before allows a remote attacker t ...)
+	TODO: check
+CVE-2023-50447 (Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...)
+	TODO: check
+CVE-2023-50030 (In the module "Jms Setting" (jmssetting) from Joommasters for PrestaSh ...)
+	TODO: check
+CVE-2023-50028 (In the module "Sliding cart block" (blockslidingcart) up to version 2. ...)
+	TODO: check
+CVE-2023-47035 (RPTC 0x3b08c was discovered to not conduct status checks on the parame ...)
+	TODO: check
+CVE-2023-47034 (A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to caus ...)
+	TODO: check
+CVE-2023-47033 (MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerab ...)
+	TODO: check
+CVE-2023-46351 (In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can ...)
+	TODO: check
+CVE-2023-45485
+	REJECTED
+CVE-2023-43985 (SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL inj ...)
+	TODO: check
+CVE-2023-43956
+	REJECTED
+CVE-2023-42766 (Improper input validation in some Intel NUC 8 Compute Element BIOS fir ...)
+	TODO: check
+CVE-2023-42429 (Improper buffer restrictions in some Intel NUC BIOS firmware may allow ...)
+	TODO: check
+CVE-2023-38587 (Improper input validation in some Intel NUC BIOS firmware may allow a  ...)
+	TODO: check
+CVE-2023-38541 (Insecure inherited permissions in some Intel HID Event Filter drivers  ...)
+	TODO: check
+CVE-2023-33295 (Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a incorre ...)
+	TODO: check
+CVE-2023-32544 (Improper access control in some Intel HotKey Services for Windows 10 f ...)
+	TODO: check
+CVE-2023-32272 (Uncontrolled search path in some Intel NUC Pro Software Suite Configur ...)
+	TODO: check
+CVE-2023-29495 (Improper input validation for some Intel NUC BIOS firmware before vers ...)
+	TODO: check
+CVE-2023-28743 (Improper input validation for some Intel NUC BIOS firmware before vers ...)
+	TODO: check
+CVE-2024-21733 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
 	- tomcat9 9.0.53-1
 	NOTE: https://www.openwall.com/lists/oss-security/2024/01/19/2
 	NOTE: https://github.com/apache/tomcat/commit/86ccc43940861703c2be96a5f35384407522125a (9.0.44)
@@ -12905,13 +13035,17 @@ CVE-2023-47111 (ZITADEL provides identity infrastructure. ZITADEL provides admin
 	NOT-FOR-US: ZITADEL
 CVE-2023-47109 (PrestaShop blockreassurance adds an information block aimed at offerin ...)
 	NOT-FOR-US: PrestaShop blockreassurance
-CVE-2023-47008 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker  ...)
+CVE-2023-47008
+	REJECTED
 	NOT-FOR-US: ASUS
-CVE-2023-47007 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker  ...)
+CVE-2023-47007
+	REJECTED
 	NOT-FOR-US: ASUS
-CVE-2023-47006 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker  ...)
+CVE-2023-47006
+	REJECTED
 	NOT-FOR-US: ASUS
-CVE-2023-47005 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker  ...)
+CVE-2023-47005
+	REJECTED
 	NOT-FOR-US: ASUS
 CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a  ...)
 	NOT-FOR-US: MLDB.ai
@@ -40939,8 +41073,8 @@ CVE-2023-29162
 	RESERVED
 CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers for Wind ...)
 	NOT-FOR-US: Intel
-CVE-2023-28722
-	RESERVED
+CVE-2023-28722 (Improper buffer restrictions for some Intel NUC BIOS firmware before v ...)
+	TODO: check
 CVE-2023-28407
 	RESERVED
 CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset Device Softw ...)
@@ -43865,8 +43999,8 @@ CVE-2023-29465 (SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically
 	NOTE: https://github.com/sagemath/FlintQS/issues/3
 	NOTE: https://github.com/sagemath/sage/pull/35419
 	NOTE: Neutralised by kernel hardening
-CVE-2023-29244
-	RESERVED
+CVE-2023-29244 (Incorrect default permissions in some Intel Integrated Sensor Hub (ISH ...)
+	TODO: check
 CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe  ...)
 	NOT-FOR-US: Intel
 CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
@@ -45808,8 +45942,8 @@ CVE-2023-28939
 	RESERVED
 CVE-2023-28739
 	RESERVED
-CVE-2023-28738
-	RESERVED
+CVE-2023-28738 (Improper input validation for some Intel NUC BIOS firmware before vers ...)
+	TODO: check
 CVE-2023-28721
 	RESERVED
 CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software before ...)
@@ -51849,8 +51983,8 @@ CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a
 	NOT-FOR-US: Xpand IT Write-back manager
 CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...)
 	NOT-FOR-US: Xpand IT Write-back manager
-CVE-2023-27168
-	RESERVED
+CVE-2023-27168 (An arbitrary file upload vulnerability in Xpand IT Write-back Manager  ...)
+	TODO: check
 CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vu ...)
 	NOT-FOR-US: Suprema BioStar
 CVE-2023-27166
@@ -71402,8 +71536,8 @@ CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdya
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org c ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47160
-	RESERVED
+CVE-2022-47160 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
 CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster L ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
@@ -75522,8 +75656,8 @@ CVE-2022-45847
 	RESERVED
 CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45845
-	RESERVED
+CVE-2022-45845 (Deserialization of Untrusted Data vulnerability in Nextend Smart Slide ...)
+	TODO: check
 CVE-2022-45844
 	RESERVED
 CVE-2022-45843 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Next ...)
@@ -77914,8 +78048,8 @@ CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge E
 	NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
 CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softacul ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45083
-	RESERVED
+CVE-2022-45083 (Deserialization of Untrusted Data vulnerability in ProfilePress Member ...)
+	TODO: check
 CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45081
@@ -90486,8 +90620,8 @@ CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network
 	NOT-FOR-US: Buffalo
 CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-40700
-	RESERVED
+CVE-2022-40700 (Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio  ...)
+	TODO: check
 CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr \u2013  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in3com  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76982af8dfabb1ca218d46f77b1837fd7062fa3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76982af8dfabb1ca218d46f77b1837fd7062fa3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240119/a8a509d0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list