[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc875cf6 by security tracker role at 2024-08-15T20:12:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,153 @@
+CVE-2024-7867 (In Xpdf 4.05 (and earlier), very large coordinates in a page 
box can c ...)
+       TODO: check
+CVE-2024-7866 (In Xpdf 4.05 (and earlier), a PDF object loop in a pattern 
resource le ...)
+       TODO: check
+CVE-2024-7838 (A vulnerability was found in itsourcecode Online Food Ordering 
System  ...)
+       TODO: check
+CVE-2024-7833 (A vulnerability was found in D-Link DI-8100 16.07. It has been 
classif ...)
+       TODO: check
+CVE-2024-7832 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 
D-Link DN ...)
+       TODO: check
+CVE-2024-7831 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found 
in D-Li ...)
+       TODO: check
+CVE-2024-7830 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was 
classified  ...)
+       TODO: check
+CVE-2024-7829 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was 
classified  ...)
+       TODO: check
+CVE-2024-7828 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as 
critical ...)
+       TODO: check
+CVE-2024-7263 (Improper path validation in promecefpluginhost.exe in Kingsoft 
WPS Off ...)
+       TODO: check
+CVE-2024-7262 (Improper path validation in promecefpluginhost.exe in Kingsoft 
WPS Off ...)
+       TODO: check
+CVE-2024-6347 (*  Unprotected privileged mode access through UDS session in 
the Blind ...)
+       TODO: check
+CVE-2024-43373 (webcrack is a tool for reverse engineering javascript. An 
arbitrary fi ...)
+       TODO: check
+CVE-2024-43357 (ECMA-262 is the language specification for the scripting 
language ECMA ...)
+       TODO: check
+CVE-2024-42987 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42986 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42985 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42984 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42983 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42982 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42981 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42980 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42979 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42978 (An issue in the handler function in /goform/telnet of Tenda 
FH1206 v02 ...)
+       TODO: check
+CVE-2024-42977 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42976 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42974 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42973 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42969 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42968 (Tenda FH1206 v02.03.01.35 was discovered to contain a stack 
overflow v ...)
+       TODO: check
+CVE-2024-42967 (Incorrect access control in TOTOLINK LR350 
V9.3.5u.6369_B20220309 allo ...)
+       TODO: check
+CVE-2024-42966 (Incorrect access control in TOTOLINK N350RT 
V9.3.5u.6139_B20201216 all ...)
+       TODO: check
+CVE-2024-42955 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42954 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42953 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42952 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42951 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42950 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42949 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42948 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42947 (An issue in the handler function in /goform/telnet of Tenda 
FH1201 v1. ...)
+       TODO: check
+CVE-2024-42946 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42945 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42944 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42943 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42942 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42941 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42940 (Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2024-42843 (Projectworlds Online Examination System v1.0 is vulnerable to 
SQL Inje ...)
+       TODO: check
+CVE-2024-42757 (Command injection vulnerability in Asus RT-N15U 
3.0.0.4.376_3754 allow ...)
+       TODO: check
+CVE-2024-42681 (Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a 
remote  ...)
+       TODO: check
+CVE-2024-42680 (An issue in Super easy enterprise management system v.1.0.0 
and before ...)
+       TODO: check
+CVE-2024-42679 (SQL Injection vulnerability in Super easy enterprise 
management system ...)
+       TODO: check
+CVE-2024-42678 (Cross Site Scripting vulnerability in Super easy enterprise 
management ...)
+       TODO: check
+CVE-2024-42677 (An issue in Huizhi enterprise resource management system v.1.0 
and bef ...)
+       TODO: check
+CVE-2024-42676 (File Upload vulnerability in Huizhi enterprise resource 
management sys ...)
+       TODO: check
+CVE-2024-42476 (In the OAuth library for nim prior to version 0.11, the 
Authorization  ...)
+       TODO: check
+CVE-2024-42475 (In the OAuth library for nim prior to version 0.11, the 
`state` values ...)
+       TODO: check
+CVE-2024-40705 (IBM InfoSphere Information Server could allow an authenticated 
user to ...)
+       TODO: check
+CVE-2024-40704 (IBM InfoSphere Information Server 11.7 could allow a 
privileged user t ...)
+       TODO: check
+CVE-2024-32231 (Stash up to v0.25.1 was discovered to contain a SQL injection 
vulnerab ...)
+       TODO: check
+CVE-2024-31905 (IBM QRadar Network Packet Capture 7.5 could allow a remote 
attacker to ...)
+       TODO: check
+CVE-2024-31800 (Authentication Bypass in GNCC's GC2 Indoor Security Camera 
1080P allow ...)
+       TODO: check
+CVE-2024-31799 (Information Disclosure in GNCC's GC2 Indoor Security Camera 
1080P allo ...)
+       TODO: check
+CVE-2024-31798 (Identical Hardcoded Root Password for All Devices in GNCC's 
GC2 Indoor ...)
+       TODO: check
+CVE-2024-27731 (Cross Site Scripting vulnerability in Friendica v.2023.12 
allows a rem ...)
+       TODO: check
+CVE-2024-27730 (Insecure Permissions vulnerability in Friendica v.2023.12 
allows a rem ...)
+       TODO: check
+CVE-2024-27729 (Cross Site Scripting vulnerability in Friendica v.2023.12 
allows a rem ...)
+       TODO: check
+CVE-2024-27728 (Cross Site Scripting vulnerability in Friendica v.2023.12 
allows a rem ...)
+       TODO: check
+CVE-2024-25633 (eLabFTW is an open source electronic lab notebook for research 
labs.   ...)
+       TODO: check
+CVE-2024-23168 (Vulnerability in Xiexe XSOverlay before build 647 allows 
non-local web ...)
+       TODO: check
+CVE-2024-22219 (XML External Entity (XXE) vulnerability in Terminalfour 
8.0.0001 throu ...)
+       TODO: check
+CVE-2024-22218 (XML External Entity (XXE) vulnerability in Terminalfour 
8.0.0001 throu ...)
+       TODO: check
+CVE-2024-22217 (A Server-Side Request Forgery (SSRF) vulnerability in 
Terminalfour bef ...)
+       TODO: check
+CVE-2023-37228
+       REJECTED
 CVE-2024-7815 (A vulnerability has been found in CodeAstro Online Railway 
Reservation ...)
        NOT-FOR-US: CodeAstro Online Railway Reservation System
 CVE-2024-7814 (A vulnerability, which was classified as problematic, was found 
in Cod ...)
@@ -430,7 +580,7 @@ CVE-2024-7347 (NGINX Open Source and NGINX Plus have a 
vulnerability in the ngx_
 CVE-2024-42259 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/8bdd9ef7e9b1b2a73e394712b72b22055e0e26c3 (6.11-rc3)
-CVE-2024-42472
+CVE-2024-42472 (Flatpak is a Linux application sandboxing and distribution 
framework.  ...)
        {DSA-5749-1}
        - flatpak 1.14.10-1
        NOTE: https://github.com/flatpak/flatpak/releases/tag/1.14.10
@@ -64536,7 +64686,8 @@ CVE-2023-50712 (Iris is a web collaborative platform 
aiming to help incident res
        NOT-FOR-US: Iris
 CVE-2023-50708 (yii2-authclient is an extension that adds OpenID, OAuth, 
OAuth2 and Op ...)
        NOT-FOR-US: ii2-authclient extension for Yii framework
-CVE-2023-50569 (Reflected Cross Site Scripting (XSS) vulnerability in Cacti 
v1.2.25, a ...)
+CVE-2023-50569
+       REJECTED
        - cacti 1.2.26+ds1-1
        [bookworm] - cacti 1.2.24+ds1-1+deb12u2
        [bullseye] - cacti <not-affected> (Vulnerable code introduced later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc875cf697cbf9382fdde49cb13afb775fc58d8b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc875cf697cbf9382fdde49cb13afb775fc58d8b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits