Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c638f00 by security tracker role at 2024-04-26T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,146 @@
-CVE-2023-52646 [aio: fix mremap after fork null-deref]
+CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and
classified ...)
+ TODO: check
+CVE-2024-4237 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-4236 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear
DG834Gv ...)
+ TODO: check
+CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before
8.1.12 ...)
+ TODO: check
+CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before
8.1.12 ...)
+ TODO: check
+CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1,
9.5.x bef ...)
+ TODO: check
+CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before
9.4.5, and ...)
+ TODO: check
+CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are
vulnerable ...)
+ TODO: check
+CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in
OptinMonster Popup ...)
+ TODO: check
+CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio
Financio. ...)
+ TODO: check
+CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli,
Tony Ha ...)
+ TODO: check
+CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend
Themes Telur ...)
+ TODO: check
+CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic
Hide Da ...)
+ TODO: check
+CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie
Information ...)
+ TODO: check
+CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP
MainWP Child ...)
+ TODO: check
+CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes
FameThem ...)
+ TODO: check
+CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease
ClickCea ...)
+ TODO: check
+CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo
Johnson Conta ...)
+ TODO: check
+CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in fte ...)
+ TODO: check
+CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in Chg ...)
+ TODO: check
+CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command
injection in Set ...)
+ TODO: check
+CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion
Failure ...)
+ TODO: check
+CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a
segmentation vi ...)
+ TODO: check
+CVE-2024-33259 (Jerryscript commit cefd391 was discovered to contain a
segmentation vi ...)
+ TODO: check
+CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a
segmentation vi ...)
+ TODO: check
+CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an
Assertion Fail ...)
+ TODO: check
+CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page
Builder ...)
+ TODO: check
+CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport`
does no ...)
+ TODO: check
+CVE-2024-32880 (pyload is an open-source Download Manager written in pure
Python. An a ...)
+ TODO: check
+CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables
Generator ...)
+ TODO: check
+CVE-2024-32828 (Missing Authorization vulnerability in Octolize Flexible
Shipping.This ...)
+ TODO: check
+CVE-2024-32826 (Missing Authorization vulnerability in Vektor,Inc. VK Block
Patterns.T ...)
+ TODO: check
+CVE-2024-32822 (Missing Authorization vulnerability in impleCode Reviews
Plus.This iss ...)
+ TODO: check
+CVE-2024-32766 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2024-32764 (A missing authentication for critical function vulnerability
has been ...)
+ TODO: check
+CVE-2024-32730 (SAP Enable Now Manager does not perform necessary
authorization checks ...)
+ TODO: check
+CVE-2024-32476 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2024-32046 (Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <=
9.4.4 and ...)
+ TODO: check
+CVE-2024-28328 (CSV Injection vulnerability in the Asus RT-N12+ router allows
administ ...)
+ TODO: check
+CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext,
which could ...)
+ TODO: check
+CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows
local attac ...)
+ TODO: check
+CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which
could al ...)
+ TODO: check
+CVE-2024-27790 (Claris International has resolved an issue of potentially
allowing una ...)
+ TODO: check
+CVE-2024-27124 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2024-25343 (Tenda N300 F3 router vulnerability allows users to bypass
intended sec ...)
+ TODO: check
+CVE-2024-22091 (Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <=
9.5.2 an ...)
+ TODO: check
+CVE-2024-21905 (An integer overflow or wraparound vulnerability has been
reported to a ...)
+ TODO: check
+CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection
via th ...)
+ TODO: check
+CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer
(RSE) v ...)
+ TODO: check
+CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ TODO: check
+CVE-2023-51365 (A path traversal vulnerability has been reported to affect
several QNA ...)
+ TODO: check
+CVE-2023-51364 (A path traversal vulnerability has been reported to affect
several QNA ...)
+ TODO: check
+CVE-2023-50364 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-50363 (An incorrect authorization vulnerability has been reported to
affect s ...)
+ TODO: check
+CVE-2023-50362 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-50361 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-47222 (An exposure of sensitive information vulnerability has been
reported t ...)
+ TODO: check
+CVE-2023-42955 (Claris International has successfully resolved an issue of
potentially ...)
+ TODO: check
+CVE-2023-41291 (A path traversal vulnerability has been reported to affect
QuFirewall. ...)
+ TODO: check
+CVE-2023-41290 (A path traversal vulnerability has been reported to affect
QuFirewall. ...)
+ TODO: check
+CVE-2022-48611 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-52646 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
[buster] - linux 4.19.282-1
@@ -295,14 +437,17 @@ CVE-2024-26923 (In the Linux kernel, the following
vulnerability has been resolv
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4)
CVE-2024-4060
+ {DSA-5675-1}
- chromium 124.0.6367.78-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-4059
+ {DSA-5675-1}
- chromium 124.0.6367.78-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-4058
+ {DSA-5675-1}
- chromium 124.0.6367.78-1
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -79110,8 +79255,8 @@ CVE-2023-26604 (systemd before 247 does not adequately
block local privilege esc
NOTE:
https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
NOTE: https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340
NOTE:
https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/
-CVE-2023-26603
- RESERVED
+CVE-2023-26603 (JumpCloud Agent before 1.178.0 Creates a Temporary File in a
Directory ...)
+ TODO: check
CVE-2022-48363 (In MPD before 0.23.8, as used on Automotive Grade Linux and
other plat ...)
NOT-FOR-US: MPD as used by Automotive Grade Linux
CVE-2023-26602 (ASUS ASMB8 iKVM firmware through 1.14.51 allows remote
attackers to ex ...)
@@ -116541,8 +116686,8 @@ CVE-2022-41134 (Cross-Site Request Forgery (CSRF)
inOptinlyHQ Optinly \u2013 Exi
NOT-FOR-US: WordPress plugin
CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS
Vulnerabi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40975
- RESERVED
+CVE-2022-40975 (Missing Authorization vulnerability in Aazztech Post
Slider.This issue ...)
+ TODO: check
CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo
network device ...)
NOT-FOR-US: Buffalo
CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local
Pickup for ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c638f005567a6d98cf402d17972adbb2da8baa2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c638f005567a6d98cf402d17972adbb2da8baa2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
