[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 5 08:12:35 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97b894a0 by security tracker role at 2024-03-05T08:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2024-2168 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
+	TODO: check
+CVE-2024-27718 (SQL Injection vulnerability in Baizhuo Network Smart s200 Management P ...)
+	TODO: check
+CVE-2024-26333 (swftools v0.9.2 was discovered to contain a segmentation violation via ...)
+	TODO: check
+CVE-2024-25731 (The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Androi ...)
+	TODO: check
+CVE-2024-25269 (libheif <= 1.17.6 contains a memory leak in the function JpegEncoder:: ...)
+	TODO: check
+CVE-2024-25164 (iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows u ...)
+	TODO: check
+CVE-2024-22383 (Missing release of resource after effective lifetime (CWE-772) in the  ...)
+	TODO: check
+CVE-2024-22188 (TYPO3 before 13.0.1 allows an authenticated admin user (with system ma ...)
+	TODO: check
+CVE-2024-21838 (Improper neutralization of special elements in output (CWE-74) used by ...)
+	TODO: check
+CVE-2024-21815 (Insufficiently protected credentials (CWE-522) for third party DVR int ...)
+	TODO: check
+CVE-2024-20841 (Improper Handling of Insufficient Privileges in Samsung Account prior  ...)
+	TODO: check
+CVE-2024-20840 (Improper access control in Samsung Voice Recorder prior to versions 21 ...)
+	TODO: check
+CVE-2024-20839 (Improper access control in Samsung Voice Recorder prior to versions 21 ...)
+	TODO: check
+CVE-2024-20838 (Improper validation vulnerability in Samsung Internet prior to version ...)
+	TODO: check
+CVE-2024-20837 (Improper handling of granting permission for Trusted Web Activities in ...)
+	TODO: check
+CVE-2024-20836 (Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.s ...)
+	TODO: check
+CVE-2024-20835 (Improper access control vulnerability in CustomFrequencyManagerService ...)
+	TODO: check
+CVE-2024-20834 (The sensitive information exposure vulnerability in WlanTest prior to  ...)
+	TODO: check
+CVE-2024-20833 (Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2 ...)
+	TODO: check
+CVE-2024-20832 (Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Rel ...)
+	TODO: check
+CVE-2024-20831 (Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Re ...)
+	TODO: check
+CVE-2024-20830 (Incorrect default permission in AppLock prior to SMR MAr-2024 Release  ...)
+	TODO: check
+CVE-2024-20829 (Missing proper interaction for opening deeplink in Samsung Internet pr ...)
+	TODO: check
+CVE-2024-1936 (The encrypted subject of an email message could be incorrectly and per ...)
+	TODO: check
+CVE-2024-1782 (The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Refle ...)
+	TODO: check
+CVE-2024-1769 (The JM Twitter Cards plugin for WordPress is vulnerable to Information ...)
+	TODO: check
+CVE-2024-1731 (The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP ...)
+	TODO: check
+CVE-2024-1478 (The Maintenance Mode plugin for WordPress is vulnerable to Sensitive I ...)
+	TODO: check
+CVE-2024-1381 (The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plug ...)
+	TODO: check
+CVE-2024-1319 (The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent ...)
+	TODO: check
+CVE-2024-1316 (The Event Tickets and Registration WordPress plugin before 5.8.1, Even ...)
+	TODO: check
+CVE-2024-1285 (The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plug ...)
+	TODO: check
+CVE-2024-1178 (The SportsPress \u2013 Sports Club & League Manager plugin for WordPre ...)
+	TODO: check
+CVE-2024-1095 (The Build & Control Block Patterns \u2013 Boost up Gutenberg Editor pl ...)
+	TODO: check
+CVE-2024-1093 (The Change Memory Limit plugin for WordPress is vulnerable to unauthor ...)
+	TODO: check
+CVE-2024-1088 (The Password Protected Store for WooCommerce plugin for WordPress is v ...)
+	TODO: check
+CVE-2024-0825 (The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordP ...)
+	TODO: check
+CVE-2024-0698 (The Easy!Appointments plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2023-52432 (Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril pri ...)
+	TODO: check
+CVE-2023-49970 (Customer Support System v1 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2023-49969 (Customer Support System v1 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2023-49968 (Customer Support System v1 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2023-49548 (Customer Support System v1 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2023-49547 (Customer Support System v1 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2023-49546 (Customer Support System v1 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2023-42419 (Maintenance Server, inCybellum'sQCOW air-gapped distribution (China Ed ...)
+	TODO: check
+CVE-2023-41829 (An improper export vulnerability was reported in the Motorola Carrier  ...)
+	TODO: check
+CVE-2023-41827 (An improper export vulnerability was reported in the Motorola OTA upda ...)
+	TODO: check
 CVE-2024-2002
 	- dwarfutils <unfixed>
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW202402-002
@@ -1541,6 +1637,7 @@ CVE-2024-27516 (livehelperchat 4.28v is vulnerable to Server-Side Template Injec
 CVE-2024-27515 (Osclass 5.1.2 is vulnerable to SQL Injection.)
 	NOT-FOR-US: Osclass
 CVE-2024-27285 (YARD is a Ruby Documentation tool. The "frames.html" file within the Y ...)
+	{DSA-5635-1}
 	- yard 0.9.35-1 (bug #1065118)
 	NOTE: https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
 	NOTE: Fixed by: https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4 (v0.9.35)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97b894a01fd40adcff303bc537362ea14e4b6186

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97b894a01fd40adcff303bc537362ea14e4b6186
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240305/30a80329/attachment.htm>

More information about the debian-security-tracker-commits mailing list