[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 7 09:11:54 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
890237f7 by security tracker role at 2024-05-07T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2024-4186 (The Build App Online plugin for WordPress is vulnerable to authenticat ...)
+ TODO: check
+CVE-2024-3759 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...)
+ TODO: check
+CVE-2024-3758 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...)
+ TODO: check
+CVE-2024-3757 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-3628 (The EasyEvent WordPress plugin through 1.0.0 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-34534 (A SQL injection vulnerability in Cybrosys Techno Solutions Text Comman ...)
+ TODO: check
+CVE-2024-34533 (A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Dat ...)
+ TODO: check
+CVE-2024-34532 (A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe mo ...)
+ TODO: check
+CVE-2024-34413 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31078 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-30973 (An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-2 ...)
+ TODO: check
+CVE-2024-2913 (A race condition vulnerability exists in the mintplex-labs/anything-ll ...)
+ TODO: check
+CVE-2024-29941 (Insecure storage of the ICT MIFARE and DESFire encryption keys in the ...)
+ TODO: check
+CVE-2024-28725 (Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attacker ...)
+ TODO: check
+CVE-2024-27217 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...)
+ TODO: check
+CVE-2024-23808 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...)
+ TODO: check
+CVE-2024-22472 (A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devi ...)
+ TODO: check
+CVE-2024-20872 (Improper handling of insufficient privileges vulnerability in Talkback ...)
+ TODO: check
+CVE-2024-20871 (Improper authorization vulnerability in Samsung Keyboard prior to vers ...)
+ TODO: check
+CVE-2024-20870 (Improper verification of intent by broadcast receiver vulnerability in ...)
+ TODO: check
+CVE-2024-20869 (Improper privilege management vulnerability in Samsung Internet prior ...)
+ TODO: check
+CVE-2024-20868 (Improper input validation in Samsung Notes prior to version 4.4.15 all ...)
+ TODO: check
+CVE-2024-20867 (Improper privilege management vulnerability in Samsung Email prior to ...)
+ TODO: check
+CVE-2024-20866 (Authentication bypass vulnerability in Setupwizard prior to SMR May-20 ...)
+ TODO: check
+CVE-2024-20865 (Authentication bypass in bootloader prior to SMR May-2024 Release 1 al ...)
+ TODO: check
+CVE-2024-20864 (Improper access control vulnerability in DarManagerService prior to SM ...)
+ TODO: check
+CVE-2024-20863 (Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 ...)
+ TODO: check
+CVE-2024-20862 (Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allo ...)
+ TODO: check
+CVE-2024-20861 (Use after free vulnerability in SveService prior to SMR May-2024 Relea ...)
+ TODO: check
+CVE-2024-20860 (Improper export of android application components vulnerability in Tel ...)
+ TODO: check
+CVE-2024-20859 (Improper access control vulnerability in FactoryCamera prior to SMR Ma ...)
+ TODO: check
+CVE-2024-20858 (Improper access control vulnerability in setCocktailHostCallbacks of C ...)
+ TODO: check
+CVE-2024-20857 (Improper access control vulnerability in startListening of CocktailBar ...)
+ TODO: check
+CVE-2024-20856 (Improper Authentication vulnerability in Secure Folder prior to SMR Ma ...)
+ TODO: check
+CVE-2024-20855 (Improper access control vulnerability in multitasking framework prior ...)
+ TODO: check
+CVE-2024-20821 (A vulnerability possible to reconfigure OTP allows local attackers to ...)
+ TODO: check
+CVE-2024-1695 (A potential security vulnerability has been identified in the HP Appli ...)
+ TODO: check
+CVE-2023-33548 (Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmwar ...)
+ TODO: check
CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources lea ...)
TODO: check
CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics DIAEnerg ...)
@@ -782,9 +858,9 @@ CVE-2024-33911 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2024-33844 (The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the M ...)
NOT-FOR-US: Parrot ANAFI USA firmware
-CVE-2024-33793 (A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2. ...)
+CVE-2024-33793 (netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS ...)
NOT-FOR-US: netis-systems MEX605
-CVE-2024-33792 (A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2. ...)
+CVE-2024-33792 (netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS ...)
NOT-FOR-US: netis-systems MEX605
CVE-2024-33791 (A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2. ...)
NOT-FOR-US: netis-systems MEX605
@@ -132476,7 +132552,7 @@ CVE-2022-37462 (A stored Cross-Site Scripting (XSS) vulnerability in the Chat ga
CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical V ...)
NOT-FOR-US: Canon Medical Vitrea View
CVE-2022-37460
- RESERVED
+ REJECTED
CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices before ...)
NOT-FOR-US: Ampere
CVE-2022-37458 (Discourse through 2.8.7 allows admins to send invitations to arbitrary ...)
@@ -137571,7 +137647,8 @@ CVE-2022-35606 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb In
NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-35605 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...)
NOT-FOR-US: sazanrjb InventoryManagementSystem
-CVE-2022-35604 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...)
+CVE-2022-35604
+ REJECTED
NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-35603 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...)
NOT-FOR-US: sazanrjb InventoryManagementSystem
@@ -216855,13 +216932,15 @@ CVE-2021-33238
RESERVED
CVE-2021-33237
REJECTED
-CVE-2021-33236 (Buffer Overflow vulnerability in write_header in htmldoc through 1.9.1 ...)
+CVE-2021-33236
+ REJECTED
- htmldoc 1.9.12-1 (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/425
NOTE: https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e (v1.9.12)
NOTE: Crash in CLI tool, no security impact
NOTE: Duplicate CVE of CVE-2022-34033
-CVE-2021-33235 (Buffer overflow vulnerability in write_node in htmldoc through 1.9.11 ...)
+CVE-2021-33235
+ REJECTED
- htmldoc 1.9.12-1 (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/426
NOTE: https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3 (v1.9.12)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/890237f7881ddf1b154755dcd78b7273aae3fac3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/890237f7881ddf1b154755dcd78b7273aae3fac3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240507/88774668/attachment.htm>
More information about the debian-security-tracker-commits
mailing list