[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 8 21:12:39 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56e7e4bf by security tracker role at 2024-06-08T20:12:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,145 @@
-CVE-2024-36970 [wifi: iwlwifi: Use request_module_nowait]
+CVE-2024-5766 (A vulnerability was found in Likeshop up to 2.5.7 and classified as pr ...)
+	TODO: check
+CVE-2024-5654 (The CF7 Google Sheets Connector plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-4680 (A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to r ...)
+	TODO: check
+CVE-2024-4146 (In lunary-ai/lunary version v1.2.13, an improper authorization vulnera ...)
+	TODO: check
+CVE-2024-37408 (fprintd through 1.94.3 lacks a security attention mechanism, and thus  ...)
+	TODO: check
+CVE-2024-37407 (Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP ar ...)
+	TODO: check
+CVE-2024-35756 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35755 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35753 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35752 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35751 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-35740 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35739 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35738 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35737 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35736 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-35734 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35733 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35732 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35731 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35730 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35719 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35718 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35715 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35714 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35713 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35711 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35710 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-35709 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35708 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35707 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35706 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35705 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35704 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35703 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35702 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35701 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35699 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35698 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35697 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35696 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35695 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35694 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35693 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35691 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-35689 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issu ...)
+	TODO: check
+CVE-2024-35688 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35687 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35684 (Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.T ...)
+	TODO: check
+CVE-2024-35682 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-35681 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35679 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35678 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-35676 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35675 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-35659 (Authorization Bypass Through User-Controlled Key vulnerability in Kivi ...)
+	TODO: check
+CVE-2024-35657 (Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-R ...)
+	TODO: check
+CVE-2024-34765 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2024-22151 (Missing Authorization vulnerability in Codection Import and export use ...)
+	TODO: check
+CVE-2024-21748 (Missing Authorization vulnerability in Icegram.This issue affects Iceg ...)
+	TODO: check
+CVE-2023-45707 (HCL Connections Docs is vulnerable to a cross-site scripting attack wh ...)
+	TODO: check
+CVE-2024-36970 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3d913719df14c28c4d3819e7e6d150760222bda4 (6.10-rc1)
-CVE-2024-36969 [drm/amd/display: Fix division by zero in setup_dsc_config]
+CVE-2024-36969 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.8.11-1
 	NOTE: https://git.kernel.org/linus/130afc8a886183a94cf6eab7d24f300014ff87ba (6.10-rc1)
-CVE-2024-36968 [Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()]
+CVE-2024-36968 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux 6.8.11-1
 	NOTE: https://git.kernel.org/linus/a5b862c6a221459d54e494e88965b48dcfa6cc44 (6.10-rc1)
-CVE-2024-36967 [KEYS: trusted: Fix memory leak in tpm2_key_encode()]
+CVE-2024-36967 (In the Linux kernel, the following vulnerability has been resolved:  K ...)
 	- linux 6.8.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/ffcaa2172cc1a85ddb8b783de96d38ca8855e248 (6.10-rc1)
-CVE-2024-36966 [erofs: reliably distinguish block based and fscache mode]
+CVE-2024-36966 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
 	- linux 6.8.11-1
 	NOTE: https://git.kernel.org/linus/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606 (6.9-rc7)
-CVE-2024-36965 [remoteproc: mediatek: Make sure IPI buffer fits in L2TCM]
+CVE-2024-36965 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux 6.8.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56e7e4bf4d468b1dc2cca13350e69c1e5a539443

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56e7e4bf4d468b1dc2cca13350e69c1e5a539443
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240608/fae0755f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list