Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
890237f7 by security tracker role at 2024-05-07T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2024-4186 (The Build App Online plugin for WordPress is vulnerable to
authenticat ...)
+ TODO: check
+CVE-2024-3759 (in OpenHarmony v4.0.0 and prior versions allow a local attacker
arbitr ...)
+ TODO: check
+CVE-2024-3758 (in OpenHarmony v4.0.0 and prior versions allow a local attacker
arbitr ...)
+ TODO: check
+CVE-2024-3757 (in OpenHarmony v4.0.0 and prior versions allow a local attacker
cause ...)
+ TODO: check
+CVE-2024-3628 (The EasyEvent WordPress plugin through 1.0.0 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-34534 (A SQL injection vulnerability in Cybrosys Techno Solutions
Text Comman ...)
+ TODO: check
+CVE-2024-34533 (A SQL injection vulnerability in ZI PT Solusi Usaha Mudah
Analytic Dat ...)
+ TODO: check
+CVE-2024-34532 (A SQL injection vulnerability in Yvan Dotet PostgreSQL Query
Deluxe mo ...)
+ TODO: check
+CVE-2024-34413 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-31078 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-30973 (An issue in V-SOL G/EPON ONU HG323AC-B with firmware version
V2.0.08-2 ...)
+ TODO: check
+CVE-2024-2913 (A race condition vulnerability exists in the
mintplex-labs/anything-ll ...)
+ TODO: check
+CVE-2024-29941 (Insecure storage of the ICT MIFARE and DESFire encryption keys
in the ...)
+ TODO: check
+CVE-2024-28725 (Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows
attacker ...)
+ TODO: check
+CVE-2024-27217 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2024-23808 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker arbitr ...)
+ TODO: check
+CVE-2024-22472 (A buffer Overflow vulnerability in Silicon Labs 500 Series
Z-Wave devi ...)
+ TODO: check
+CVE-2024-20872 (Improper handling of insufficient privileges vulnerability in
Talkback ...)
+ TODO: check
+CVE-2024-20871 (Improper authorization vulnerability in Samsung Keyboard prior
to vers ...)
+ TODO: check
+CVE-2024-20870 (Improper verification of intent by broadcast receiver
vulnerability in ...)
+ TODO: check
+CVE-2024-20869 (Improper privilege management vulnerability in Samsung
Internet prior ...)
+ TODO: check
+CVE-2024-20868 (Improper input validation in Samsung Notes prior to version
4.4.15 all ...)
+ TODO: check
+CVE-2024-20867 (Improper privilege management vulnerability in Samsung Email
prior to ...)
+ TODO: check
+CVE-2024-20866 (Authentication bypass vulnerability in Setupwizard prior to
SMR May-20 ...)
+ TODO: check
+CVE-2024-20865 (Authentication bypass in bootloader prior to SMR May-2024
Release 1 al ...)
+ TODO: check
+CVE-2024-20864 (Improper access control vulnerability in DarManagerService
prior to SM ...)
+ TODO: check
+CVE-2024-20863 (Out of bounds write vulnerability in SNAP in HAL prior to SMR
May-2024 ...)
+ TODO: check
+CVE-2024-20862 (Out-of-bounds write in SveService prior to SMR May-2024
Release 1 allo ...)
+ TODO: check
+CVE-2024-20861 (Use after free vulnerability in SveService prior to SMR
May-2024 Relea ...)
+ TODO: check
+CVE-2024-20860 (Improper export of android application components
vulnerability in Tel ...)
+ TODO: check
+CVE-2024-20859 (Improper access control vulnerability in FactoryCamera prior
to SMR Ma ...)
+ TODO: check
+CVE-2024-20858 (Improper access control vulnerability in
setCocktailHostCallbacks of C ...)
+ TODO: check
+CVE-2024-20857 (Improper access control vulnerability in startListening of
CocktailBar ...)
+ TODO: check
+CVE-2024-20856 (Improper Authentication vulnerability in Secure Folder prior
to SMR Ma ...)
+ TODO: check
+CVE-2024-20855 (Improper access control vulnerability in multitasking
framework prior ...)
+ TODO: check
+CVE-2024-20821 (A vulnerability possible to reconfigure OTP allows local
attackers to ...)
+ TODO: check
+CVE-2024-1695 (A potential security vulnerability has been identified in the
HP Appli ...)
+ TODO: check
+CVE-2023-33548 (Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with
firmwar ...)
+ TODO: check
CVE-2024-4568 (In Xpdf 4.05 (and earlier), a PDF object loop in the PDF
resources lea ...)
TODO: check
CVE-2024-4549 (A denial of service vulnerability exists in Delta Electronics
DIAEnerg ...)
@@ -782,9 +858,9 @@ CVE-2024-33911 (Improper Neutralization of Special Elements
used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2024-33844 (The 'control' in Parrot ANAFI USA firmware 1.10.4 does not
check the M ...)
NOT-FOR-US: Parrot ANAFI USA firmware
-CVE-2024-33793 (A cross-site scripting (XSS) vulnerability in netis-systems
MEX605 v2. ...)
+CVE-2024-33793 (netis-systems MEX605 v2.00.06 allows attackers to execute
arbitrary OS ...)
NOT-FOR-US: netis-systems MEX605
-CVE-2024-33792 (A cross-site scripting (XSS) vulnerability in netis-systems
MEX605 v2. ...)
+CVE-2024-33792 (netis-systems MEX605 v2.00.06 allows attackers to execute
arbitrary OS ...)
NOT-FOR-US: netis-systems MEX605
CVE-2024-33791 (A cross-site scripting (XSS) vulnerability in netis-systems
MEX605 v2. ...)
NOT-FOR-US: netis-systems MEX605
@@ -132476,7 +132552,7 @@ CVE-2022-37462 (A stored Cross-Site Scripting (XSS)
vulnerability in the Chat ga
CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon
Medical V ...)
NOT-FOR-US: Canon Medical Vitrea View
CVE-2022-37460
- RESERVED
+ REJECTED
CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices
before ...)
NOT-FOR-US: Ampere
CVE-2022-37458 (Discourse through 2.8.7 allows admins to send invitations to
arbitrary ...)
@@ -137571,7 +137647,8 @@ CVE-2022-35606 (A SQL injection vulnerability in
CustomerDAO.java in sazanrjb In
NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-35605 (A SQL injection vulnerability in UserDAO.java in sazanrjb
InventoryMan ...)
NOT-FOR-US: sazanrjb InventoryManagementSystem
-CVE-2022-35604 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb
Inventor ...)
+CVE-2022-35604
+ REJECTED
NOT-FOR-US: sazanrjb InventoryManagementSystem
CVE-2022-35603 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb
Inventor ...)
NOT-FOR-US: sazanrjb InventoryManagementSystem
@@ -216855,13 +216932,15 @@ CVE-2021-33238
RESERVED
CVE-2021-33237
REJECTED
-CVE-2021-33236 (Buffer Overflow vulnerability in write_header in htmldoc
through 1.9.1 ...)
+CVE-2021-33236
+ REJECTED
- htmldoc 1.9.12-1 (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/425
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e
(v1.9.12)
NOTE: Crash in CLI tool, no security impact
NOTE: Duplicate CVE of CVE-2022-34033
-CVE-2021-33235 (Buffer overflow vulnerability in write_node in htmldoc through
1.9.11 ...)
+CVE-2021-33235
+ REJECTED
- htmldoc 1.9.12-1 (unimportant)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/426
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3
(v1.9.12)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/890237f7881ddf1b154755dcd78b7273aae3fac3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/890237f7881ddf1b154755dcd78b7273aae3fac3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
