[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 17 09:13:08 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0406ed0a by security tracker role at 2024-06-17T08:11:46+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2024-6048 (Openfind's MailGates and MailAudit fail to properly filter user input  ...)
+	TODO: check
+CVE-2024-6047 (Certain EOL GeoVision devices fail to properly filter user input for t ...)
+	TODO: check
+CVE-2024-6046 (SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not pr ...)
+	TODO: check
+CVE-2024-6045 (Certain models of D-Link wireless routers contain an undisclosed facto ...)
+	TODO: check
+CVE-2024-6044 (Certain models of D-Link wireless routers have a path traversal vulner ...)
+	TODO: check
+CVE-2024-6043 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2024-6042 (A vulnerability was found in itsourcecode Real Estate Management Syste ...)
+	TODO: check
+CVE-2024-6041 (A vulnerability was found in itsourcecode Gym Management System 1.0. I ...)
+	TODO: check
+CVE-2024-6039 (A vulnerability, which was classified as critical, was found in Feng O ...)
+	TODO: check
+CVE-2024-5650 (DLL Hijacking vulnerability has been found in CENTUM CAMS Log server p ...)
+	TODO: check
+CVE-2024-5163 (Improper permission settings for mobile applications (com.transsion.ca ...)
+	TODO: check
+CVE-2024-4305 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin  WordPress pl ...)
+	TODO: check
+CVE-2024-3236 (The Popup Builder WordPress plugin before 1.1.33 does not sanitise and ...)
+	TODO: check
+CVE-2024-38396 (An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use o ...)
+	TODO: check
+CVE-2024-36289 (Reusing a nonce, key pair in encryption issue exists in "FreeFrom - th ...)
+	TODO: check
+CVE-2024-36279 (Reliance on obfuscation or encryption of security-relevant inputs with ...)
+	TODO: check
+CVE-2024-36277 (Improper verification of cryptographic signature issue exists in "Free ...)
+	TODO: check
+CVE-2024-34451 (Ghost through 5.85.1 allows remote attackers to bypass an authenticati ...)
+	TODO: check
 CVE-2024-38468 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...)
 	NOT-FOR-US: Shenzhen Guoxin Synthesis image system
 CVE-2024-38467 (Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorize ...)
@@ -3723,6 +3759,7 @@ CVE-2024-5171 (Integer overflow in libaom internal functionimg_alloc_helper can
 	NOTE: https://aomedia.googlesource.com/aom/+/19d9966572a410804349e1a8ee2017fed49a6dab
 	NOTE: https://aomedia.googlesource.com/aom/+/8156fb76d88845d716867d20333fd27001be47a8
 CVE-2024-5197 (There exists interger overflows in libvpx in versions prior to 1.14.1. ...)
+	{DLA-3830-1}
 	- libvpx 1.14.1-1
 	NOTE: https://issues.chromium.org/issues/332382766
 	NOTE: https://github.com/webmproject/libvpx/commit/c5640e3300690705c336966e2a8bb346a388c829
@@ -95617,8 +95654,8 @@ CVE-2023-27638 (An issue was discovered in the tshirtecommerce (aka Custom Produ
 	NOT-FOR-US: tshirtecommerce
 CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
 	NOT-FOR-US: tshirtecommerce
-CVE-2023-27636
-	RESERVED
+CVE-2023-27636 (Progress Sitefinity before 15.0.0 allows XSS by authenticated users vi ...)
+	TODO: check
 CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: ECshop
 CVE-2023-1183 (A flaw was found in the Libreoffice package. An attacker can craft an  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0406ed0a3e748d9de5f1998b8824fe14c857c2c8

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0406ed0a3e748d9de5f1998b8824fe14c857c2c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240617/0dd15a6a/attachment.htm>

More information about the debian-security-tracker-commits mailing list