[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 24 08:11:51 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c53d282a by security tracker role at 2024-01-24T08:11:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,34 +1,152 @@
-CVE-2024-0814
+CVE-2024-23638 (Squid is a caching proxy for the Web. Due to an expired pointer refere ...)
+	TODO: check
+CVE-2024-23633 (Label Studio, an open source data labeling tool had a remote import fe ...)
+	TODO: check
+CVE-2024-23453 (Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded cred ...)
+	TODO: check
+CVE-2024-22380 (Electronic Delivery Check System (Ministry of Agriculture, Forestry an ...)
+	TODO: check
+CVE-2024-22372 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...)
+	TODO: check
+CVE-2024-22366 (Active debug code exists in Yamaha wireless LAN access point devices.  ...)
+	TODO: check
+CVE-2024-21796 (Electronic Deliverables Creation Support Tool (Construction Edition) p ...)
+	TODO: check
+CVE-2024-21765 (Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Elec ...)
+	TODO: check
+CVE-2024-0665 (The WP Customer Area plugin for WordPress is vulnerable to Reflected C ...)
+	TODO: check
+CVE-2023-7237 (Lantronix XPort sends weakly encoded credentials within web request he ...)
+	TODO: check
+CVE-2023-52338 (A link following vulnerability in the Trend Micro Deep Security 20.0 a ...)
+	TODO: check
+CVE-2023-52337 (An improper access control vulnerability in Trend Micro Deep Security  ...)
+	TODO: check
+CVE-2023-52331 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
+	TODO: check
+CVE-2023-52330 (A cross-site scripting vulnerability in Trend Micro Apex Central could ...)
+	TODO: check
+CVE-2023-52329 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-52328 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-52327 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-52326 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-52325 (A local file inclusion vulnerability in one of Trend Micro Apex Centra ...)
+	TODO: check
+CVE-2023-52324 (An unrestricted file upload vulnerability in Trend Micro Apex Central  ...)
+	TODO: check
+CVE-2023-52094 (An updater link following vulnerability in the Trend Micro Apex One ag ...)
+	TODO: check
+CVE-2023-52093 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...)
+	TODO: check
+CVE-2023-52092 (A security agent link following vulnerability in Trend Micro Apex One  ...)
+	TODO: check
+CVE-2023-52091 (An anti-spyware engine link following vulnerability in Trend Micro Ape ...)
+	TODO: check
+CVE-2023-52090 (A security agent link following vulnerability in Trend Micro Apex One  ...)
+	TODO: check
+CVE-2023-51711 (An issue was discovered in Regify Regipay Client for Windows version 4 ...)
+	TODO: check
+CVE-2023-51208 (An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSIO ...)
+	TODO: check
+CVE-2023-51201 (Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy F ...)
+	TODO: check
+CVE-2023-51200 (An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSIO ...)
+	TODO: check
+CVE-2023-51199 (Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and R ...)
+	TODO: check
+CVE-2023-47202 (A local file inclusion vulnerability on the Trend Micro Apex One manag ...)
+	TODO: check
+CVE-2023-47201 (A plug-in manager origin validation vulnerability in the Trend Micro A ...)
+	TODO: check
+CVE-2023-47200 (A plug-in manager origin validation vulnerability in the Trend Micro A ...)
+	TODO: check
+CVE-2023-47199 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2023-47198 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2023-47197 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2023-47196 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2023-47195 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2023-47194 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2023-47193 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2023-47192 (An agent link vulnerability in the Trend Micro Apex One security agent ...)
+	TODO: check
+CVE-2023-47115 (Label Studio is an a popular open source data labeling tool. Versions  ...)
+	TODO: check
+CVE-2023-46892 (The radio frequency communication protocol being used by Meross MSH30Q ...)
+	TODO: check
+CVE-2023-46889 (Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensit ...)
+	TODO: check
+CVE-2023-43317 (An issue in Coign CRM Portal v.06.06 allows a remote attacker to escal ...)
+	TODO: check
+CVE-2023-42144 (Cleartext Transmission during initial setup in Shelly TRV 20220811-152 ...)
+	TODO: check
+CVE-2023-41178 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...)
+	TODO: check
+CVE-2023-41177 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...)
+	TODO: check
+CVE-2023-41176 (Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mo ...)
+	TODO: check
+CVE-2023-38627 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
+	TODO: check
+CVE-2023-38626 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
+	TODO: check
+CVE-2023-38625 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
+	TODO: check
+CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
+	TODO: check
+CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0, allows remo ...)
+	TODO: check
+CVE-2023-35837 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authe ...)
+	TODO: check
+CVE-2023-35836 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An at ...)
+	TODO: check
+CVE-2023-35835 (An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The d ...)
+	TODO: check
+CVE-2023-31654 (Redis raft master-1b8bd86 to master-7b46079 was discovered to contain  ...)
+	TODO: check
+CVE-2022-4964 (Ubuntu's pipewire-pulse in snap grants microphone access even when the ...)
+	TODO: check
+CVE-2024-0814 (Incorrect security UI in Payments in Google Chrome prior to 121.0.6167 ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0813
+CVE-2024-0813 (Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0812
+CVE-2024-0812 (Inappropriate implementation in Accessibility in Google Chrome prior t ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0811
+CVE-2024-0811 (Inappropriate implementation in Extensions API in Google Chrome prior  ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0810
+CVE-2024-0810 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0809
+CVE-2024-0809 (Inappropriate implementation in Autofill in Google Chrome prior to 121 ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0808
+CVE-2024-0808 (Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 all ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0807
+CVE-2024-0807 (Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 al ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0806
+CVE-2024-0806 (Use after free in Passwords in Google Chrome prior to 121.0.6167.85 al ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0805
+CVE-2024-0805 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0804
+CVE-2024-0804 (Insufficient policy enforcement in iOS Security UI in Google Chrome pr ...)
 	- chromium 121.0.6167.85-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-23854
@@ -423,7 +541,7 @@ CVE-2024-23731 (The OpenAPI loader in Embedchain before 0.1.57 allows attackers
 	NOT-FOR-US: Embedchain
 CVE-2024-23730 (The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) bef ...)
 	NOT-FOR-US: OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub)
-CVE-2024-23726 (Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable de ...)
+CVE-2024-23726 (Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that  ...)
 	NOT-FOR-US: Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices
 CVE-2024-23725 (Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XS ...)
 	NOT-FOR-US: Ghost CMS
@@ -649,7 +767,7 @@ CVE-2023-38587 (Improper input validation in some Intel NUC BIOS firmware may al
 	NOT-FOR-US: Intel
 CVE-2023-38541 (Insecure inherited permissions in some Intel HID Event Filter drivers  ...)
 	NOT-FOR-US: Intel
-CVE-2023-33295 (Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a incorre ...)
+CVE-2023-33295 (Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a ...)
 	NOT-FOR-US: Cohesity DataProtect
 CVE-2023-32544 (Improper access control in some Intel HotKey Services for Windows 10 f ...)
 	NOT-FOR-US: Intel
@@ -1182,31 +1300,37 @@ CVE-2024-20923
 CVE-2024-20925
 	- openjfx <not-affected> (Only affects JavaFX 8)
 CVE-2024-20945
+	{DSA-5604-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20926 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	{DSA-5604-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20921
+	{DSA-5604-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20919
+	{DSA-5604-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20952 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	{DSA-5604-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
 	- openjdk-21 21.0.2+13-1
 CVE-2024-20918 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+	{DSA-5604-1}
 	- openjdk-8 8u402-ga-1
 	- openjdk-11 11.0.22+7-1
 	- openjdk-17 17.0.10+7-1
@@ -11466,7 +11590,7 @@ CVE-2023-47467 (Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a
 	NOT-FOR-US: jeecgboot jeecg-boot
 CVE-2023-47380 (Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).)
 	NOT-FOR-US: Admidio
-CVE-2023-47350 (SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to  ...)
+CVE-2023-47350 (Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content  ...)
 	NOT-FOR-US: SwiftyEdit Content Management System
 CVE-2023-47316 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...)
 	NOT-FOR-US: Headwind MDM Web panel
@@ -40198,8 +40322,8 @@ CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-
 	NOT-FOR-US: WordPress plugin
 CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin up to ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-31037
-	RESERVED
+CVE-2023-31037 (NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ...)
+	TODO: check
 CVE-2023-31036 (NVIDIA Triton Inference Server for Linux and Windows contains a vulner ...)
 	NOT-FOR-US: NVIDIA Triton Inference Server for Linux and Windows
 CVE-2023-31035 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may c ...)
@@ -164147,8 +164271,8 @@ CVE-2021-42144
 	RESERVED
 CVE-2021-42143
 	RESERVED
-CVE-2021-42142
-	RESERVED
+CVE-2021-42142 (An issue was discovered in Contiki-NG tinyDTLS through master branch 5 ...)
+	TODO: check
 CVE-2021-42141 (An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One ...)
 	NOT-FOR-US: Contiki-NG tinyDTLS
 CVE-2021-42140



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c53d282a244b17e9f468a4f926fa85c5e38af14a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c53d282a244b17e9f468a4f926fa85c5e38af14a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240124/6d3d32f9/attachment.htm>

More information about the debian-security-tracker-commits mailing list