[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 24 Jan 2024 00:12:00 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c53d282a by security tracker role at 2024-01-24T08:11:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,34 +1,152 @@
-CVE-2024-0814
+CVE-2024-23638 (Squid is a caching proxy for the Web. Due to an expired 
pointer refere ...)
+       TODO: check
+CVE-2024-23633 (Label Studio, an open source data labeling tool had a remote 
import fe ...)
+       TODO: check
+CVE-2024-23453 (Android Spoon application version 7.11.1 to 8.6.0 uses 
hard-coded cred ...)
+       TODO: check
+CVE-2024-22380 (Electronic Delivery Check System (Ministry of Agriculture, 
Forestry an ...)
+       TODO: check
+CVE-2024-22372 (OS command injection vulnerability in ELECOM wireless LAN 
routers allo ...)
+       TODO: check
+CVE-2024-22366 (Active debug code exists in Yamaha wireless LAN access point 
devices.  ...)
+       TODO: check
+CVE-2024-21796 (Electronic Deliverables Creation Support Tool (Construction 
Edition) p ...)
+       TODO: check
+CVE-2024-21765 (Electronic Delivery Check System (Doboku) Ver.18.1.0 and 
earlier, Elec ...)
+       TODO: check
+CVE-2024-0665 (The WP Customer Area plugin for WordPress is vulnerable to 
Reflected C ...)
+       TODO: check
+CVE-2023-7237 (Lantronix XPort sends weakly encoded credentials within web 
request he ...)
+       TODO: check
+CVE-2023-52338 (A link following vulnerability in the Trend Micro Deep 
Security 20.0 a ...)
+       TODO: check
+CVE-2023-52337 (An improper access control vulnerability in Trend Micro Deep 
Security  ...)
+       TODO: check
+CVE-2023-52331 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
+       TODO: check
+CVE-2023-52330 (A cross-site scripting vulnerability in Trend Micro Apex 
Central could ...)
+       TODO: check
+CVE-2023-52329 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-52328 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-52327 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-52326 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-52325 (A local file inclusion vulnerability in one of Trend Micro 
Apex Centra ...)
+       TODO: check
+CVE-2023-52324 (An unrestricted file upload vulnerability in Trend Micro Apex 
Central  ...)
+       TODO: check
+CVE-2023-52094 (An updater link following vulnerability in the Trend Micro 
Apex One ag ...)
+       TODO: check
+CVE-2023-52093 (An exposed dangerous function vulnerability in the Trend Micro 
Apex On ...)
+       TODO: check
+CVE-2023-52092 (A security agent link following vulnerability in Trend Micro 
Apex One  ...)
+       TODO: check
+CVE-2023-52091 (An anti-spyware engine link following vulnerability in Trend 
Micro Ape ...)
+       TODO: check
+CVE-2023-52090 (A security agent link following vulnerability in Trend Micro 
Apex One  ...)
+       TODO: check
+CVE-2023-51711 (An issue was discovered in Regify Regipay Client for Windows 
version 4 ...)
+       TODO: check
+CVE-2023-51208 (An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy 
ROS_VERSIO ...)
+       TODO: check
+CVE-2023-51201 (Cleartext Transmission issue in ROS2 (Robot Operating System 
2) Foxy F ...)
+       TODO: check
+CVE-2023-51200 (An issue in the default configurations of ROS2 Foxy Fitzroy 
ROS_VERSIO ...)
+       TODO: check
+CVE-2023-51199 (Buffer Overflow vulnerability in ROS2 Foxy Fitzroy 
ROS_VERSION=2 and R ...)
+       TODO: check
+CVE-2023-47202 (A local file inclusion vulnerability on the Trend Micro Apex 
One manag ...)
+       TODO: check
+CVE-2023-47201 (A plug-in manager origin validation vulnerability in the Trend 
Micro A ...)
+       TODO: check
+CVE-2023-47200 (A plug-in manager origin validation vulnerability in the Trend 
Micro A ...)
+       TODO: check
+CVE-2023-47199 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
+       TODO: check
+CVE-2023-47198 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
+       TODO: check
+CVE-2023-47197 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
+       TODO: check
+CVE-2023-47196 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
+       TODO: check
+CVE-2023-47195 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
+       TODO: check
+CVE-2023-47194 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
+       TODO: check
+CVE-2023-47193 (An origin validation vulnerability in the Trend Micro Apex One 
securit ...)
+       TODO: check
+CVE-2023-47192 (An agent link vulnerability in the Trend Micro Apex One 
security agent ...)
+       TODO: check
+CVE-2023-47115 (Label Studio is an a popular open source data labeling tool. 
Versions  ...)
+       TODO: check
+CVE-2023-46892 (The radio frequency communication protocol being used by 
Meross MSH30Q ...)
+       TODO: check
+CVE-2023-46889 (Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission 
of Sensit ...)
+       TODO: check
+CVE-2023-43317 (An issue in Coign CRM Portal v.06.06 allows a remote attacker 
to escal ...)
+       TODO: check
+CVE-2023-42144 (Cleartext Transmission during initial setup in Shelly TRV 
20220811-152 ...)
+       TODO: check
+CVE-2023-41178 (Reflected cross-site scripting (XSS) vulnerabilities in Trend 
Micro Mo ...)
+       TODO: check
+CVE-2023-41177 (Reflected cross-site scripting (XSS) vulnerabilities in Trend 
Micro Mo ...)
+       TODO: check
+CVE-2023-41176 (Reflected cross-site scripting (XSS) vulnerabilities in Trend 
Micro Mo ...)
+       TODO: check
+CVE-2023-38627 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
+       TODO: check
+CVE-2023-38626 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
+       TODO: check
+CVE-2023-38625 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
+       TODO: check
+CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF) 
vulnerability  ...)
+       TODO: check
+CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0, 
allows remo ...)
+       TODO: check
+CVE-2023-35837 (An issue was discovered in SolaX Pocket WiFi 3 through 
3.001.02. Authe ...)
+       TODO: check
+CVE-2023-35836 (An issue was discovered in SolaX Pocket WiFi 3 through 
3.001.02. An at ...)
+       TODO: check
+CVE-2023-35835 (An issue was discovered in SolaX Pocket WiFi 3 through 
3.001.02. The d ...)
+       TODO: check
+CVE-2023-31654 (Redis raft master-1b8bd86 to master-7b46079 was discovered to 
contain  ...)
+       TODO: check
+CVE-2022-4964 (Ubuntu's pipewire-pulse in snap grants microphone access even 
when the ...)
+       TODO: check
+CVE-2024-0814 (Incorrect security UI in Payments in Google Chrome prior to 
121.0.6167 ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0813
+CVE-2024-0813 (Use after free in Reading Mode in Google Chrome prior to 
121.0.6167.85 ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0812
+CVE-2024-0812 (Inappropriate implementation in Accessibility in Google Chrome 
prior t ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0811
+CVE-2024-0811 (Inappropriate implementation in Extensions API in Google Chrome 
prior  ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0810
+CVE-2024-0810 (Insufficient policy enforcement in DevTools in Google Chrome 
prior to  ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0809
+CVE-2024-0809 (Inappropriate implementation in Autofill in Google Chrome prior 
to 121 ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0808
+CVE-2024-0808 (Integer underflow in WebUI in Google Chrome prior to 
121.0.6167.85 all ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0807
+CVE-2024-0807 (Use after free in Web Audio in Google Chrome prior to 
121.0.6167.85 al ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0806
+CVE-2024-0806 (Use after free in Passwords in Google Chrome prior to 
121.0.6167.85 al ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0805
+CVE-2024-0805 (Inappropriate implementation in Downloads in Google Chrome 
prior to 12 ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-0804
+CVE-2024-0804 (Insufficient policy enforcement in iOS Security UI in Google 
Chrome pr ...)
        - chromium 121.0.6167.85-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-23854
@@ -423,7 +541,7 @@ CVE-2024-23731 (The OpenAPI loader in Embedchain before 
0.1.57 allows attackers
        NOT-FOR-US: Embedchain
 CVE-2024-23730 (The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka 
llama-hub) bef ...)
        NOT-FOR-US: OpenAPI and ChatGPT plugin loaders in LlamaHub (aka 
llama-hub)
-CVE-2024-23726 (Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have 
predictable de ...)
+CVE-2024-23726 (Ubee DDW365 XCNDDW365 devices have predictable default WPA2 
PSKs that  ...)
        NOT-FOR-US: Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices
 CVE-2024-23725 (Ghost before 5.76.0 allows XSS via a post excerpt in 
excerpt.js. An XS ...)
        NOT-FOR-US: Ghost CMS
@@ -649,7 +767,7 @@ CVE-2023-38587 (Improper input validation in some Intel NUC 
BIOS firmware may al
        NOT-FOR-US: Intel
 CVE-2023-38541 (Insecure inherited permissions in some Intel HID Event Filter 
drivers  ...)
        NOT-FOR-US: Intel
-CVE-2023-33295 (Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a 
incorre ...)
+CVE-2023-33295 (Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered 
to have a ...)
        NOT-FOR-US: Cohesity DataProtect
 CVE-2023-32544 (Improper access control in some Intel HotKey Services for 
Windows 10 f ...)
        NOT-FOR-US: Intel
@@ -1182,31 +1300,37 @@ CVE-2024-20923
 CVE-2024-20925
        - openjfx <not-affected> (Only affects JavaFX 8)
 CVE-2024-20945
+       {DSA-5604-1}
        - openjdk-8 8u402-ga-1
        - openjdk-11 11.0.22+7-1
        - openjdk-17 17.0.10+7-1
        - openjdk-21 21.0.2+13-1
 CVE-2024-20926 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
+       {DSA-5604-1}
        - openjdk-8 8u402-ga-1
        - openjdk-11 11.0.22+7-1
        - openjdk-17 17.0.10+7-1
        - openjdk-21 21.0.2+13-1
 CVE-2024-20921
+       {DSA-5604-1}
        - openjdk-8 8u402-ga-1
        - openjdk-11 11.0.22+7-1
        - openjdk-17 17.0.10+7-1
        - openjdk-21 21.0.2+13-1
 CVE-2024-20919
+       {DSA-5604-1}
        - openjdk-8 8u402-ga-1
        - openjdk-11 11.0.22+7-1
        - openjdk-17 17.0.10+7-1
        - openjdk-21 21.0.2+13-1
 CVE-2024-20952 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
+       {DSA-5604-1}
        - openjdk-8 8u402-ga-1
        - openjdk-11 11.0.22+7-1
        - openjdk-17 17.0.10+7-1
        - openjdk-21 21.0.2+13-1
 CVE-2024-20918 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
+       {DSA-5604-1}
        - openjdk-8 8u402-ga-1
        - openjdk-11 11.0.22+7-1
        - openjdk-17 17.0.10+7-1
@@ -11466,7 +11590,7 @@ CVE-2023-47467 (Directory Traversal vulnerability in 
jeecg-boot v.3.6.0 allows a
        NOT-FOR-US: jeecgboot jeecg-boot
 CVE-2023-47380 (Admidio v4.2.12 and below is vulnerable to Cross Site 
Scripting (XSS).)
        NOT-FOR-US: Admidio
-CVE-2023-47350 (SwiftyEdit Content Management System prior to v1.2.0 is 
vulnerable to  ...)
+CVE-2023-47350 (Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit 
Content  ...)
        NOT-FOR-US: SwiftyEdit Content Management System
 CVE-2023-47316 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect 
Access Contro ...)
        NOT-FOR-US: Headwind MDM Web panel
@@ -40198,8 +40322,8 @@ CVE-2012-10014 (A vulnerability classified as 
problematic has been found in Kau-
        NOT-FOR-US: WordPress plugin
 CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization 
Plugin up to ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-31037
-       RESERVED
+CVE-2023-31037 (NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a 
vulnerability in ...)
+       TODO: check
 CVE-2023-31036 (NVIDIA Triton Inference Server for Linux and Windows contains 
a vulner ...)
        NOT-FOR-US: NVIDIA Triton Inference Server for Linux and Windows
 CVE-2023-31035 (NVIDIA DGX A100 SBIOS contains a vulnerability where an 
attacker may c ...)
@@ -164147,8 +164271,8 @@ CVE-2021-42144
        RESERVED
 CVE-2021-42143
        RESERVED
-CVE-2021-42142
-       RESERVED
+CVE-2021-42142 (An issue was discovered in Contiki-NG tinyDTLS through master 
branch 5 ...)
+       TODO: check
 CVE-2021-42141 (An issue was discovered in Contiki-NG tinyDTLS through 
2018-08-30. One ...)
        NOT-FOR-US: Contiki-NG tinyDTLS
 CVE-2021-42140



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c53d282a244b17e9f468a4f926fa85c5e38af14a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c53d282a244b17e9f468a4f926fa85c5e38af14a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to