Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3be2670 by security tracker role at 2024-02-24T08:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-27133 (Insufficient sanitization in MLflow leads to XSS when running
a recipe ...)
+ TODO: check
+CVE-2024-27132 (Insufficient sanitization in MLflow leads to XSS when running
an untru ...)
+ TODO: check
+CVE-2024-26192 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-26188 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2024-25730 (Hitron CODA-4582 and CODA-4589 devices have default PSKs that
are gene ...)
+ TODO: check
+CVE-2024-25469 (SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and
before all ...)
+ TODO: check
+CVE-2024-24681 (Insecure AES key in Yealink Configuration Encrypt Tool below
verrsion ...)
+ TODO: check
+CVE-2024-24310 (In the module "Generate barcode on invoice / delivery slip"
(ecgenerat ...)
+ TODO: check
+CVE-2024-24309 (In the module "Survey TMA" (ecomiz_survey_tma) up to version
2.0.0 fro ...)
+ TODO: check
+CVE-2024-22988 (An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to
execute ar ...)
+ TODO: check
+CVE-2024-22395 (Improper access control vulnerability has been identified in
the SMA10 ...)
+ TODO: check
+CVE-2024-21502 (Versions of the package fastecdsa before 2.3.2 are vulnerable
to Use o ...)
+ TODO: check
+CVE-2024-21501 (Versions of the package sanitize-html before 2.12.1 are
vulnerable to ...)
+ TODO: check
+CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for
WordPress is ...)
+ TODO: check
CVE-2024-22371
NOT-FOR-US: Apache Camel
CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are
vulnerabl ...)
@@ -159826,11 +159856,11 @@ CVE-2021-44545 (Improper input validation for some
Intel(R) PROSet/Wireless WiFi
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075
CVE-2021-44457
- RESERVED
+ REJECTED
CVE-2021-44454 (Improper input validation in a third-party component for
Intel(R) Quar ...)
NOT-FOR-US: Intel
CVE-2021-43351
- RESERVED
+ REJECTED
CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with
Dangerous Typ ...)
NOT-FOR-US: Crater
CVE-2021-26946
@@ -160854,7 +160884,7 @@ CVE-2021-37409 (Improper access control for some
Intel(R) PROSet/Wireless WiFi a
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075
CVE-2021-37405
- RESERVED
+ REJECTED
CVE-2021-33847 (Improper buffer restrictions in firmware for some Intel(R)
Wireless Bl ...)
NOT-FOR-US: Intel
CVE-2021-26950 (Out of bounds read in firmware for some Intel(R) Wireless
Bluetooth(R) ...)
@@ -170087,7 +170117,7 @@ CVE-2021-42341 (checkpath in OpenRC before 0.44.7
uses the direct output of strl
CVE-2021-3886
REJECTED
CVE-2021-3885
- RESERVED
+ REJECTED
CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to
10.1.0-M5, ...)
{DSA-5009-1}
- tomcat9 9.0.54-1
@@ -171507,25 +171537,25 @@ CVE-2021-41862 (AviatorScript through 5.2.7 allows
code execution via an express
CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does
not prop ...)
NOT-FOR-US: Telegram for Android
CVE-2021-41860
- RESERVED
+ REJECTED
CVE-2021-41859
- RESERVED
+ REJECTED
CVE-2021-41858
- RESERVED
+ REJECTED
CVE-2021-41857
- RESERVED
+ REJECTED
CVE-2021-41856
- RESERVED
+ REJECTED
CVE-2021-41855
- RESERVED
+ REJECTED
CVE-2021-41854
- RESERVED
+ REJECTED
CVE-2021-41853
- RESERVED
+ REJECTED
CVE-2021-41852
- RESERVED
+ REJECTED
CVE-2021-41851
- RESERVED
+ REJECTED
CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site)
NOT-FOR-US: firefly-iii
CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository
adodb/a ...)
@@ -193534,69 +193564,69 @@ CVE-2021-33169
CVE-2021-33168
RESERVED
CVE-2021-33167
- RESERVED
+ REJECTED
CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for
Chromebook appl ...)
NOT-FOR-US: Intel
CVE-2021-33165
- RESERVED
+ REJECTED
CVE-2021-33164 (Improper access control in BIOS firmware for some Intel(R)
NUCs before ...)
NOT-FOR-US: Intel
CVE-2021-33163
- RESERVED
+ REJECTED
CVE-2021-33162
- RESERVED
+ REJECTED
CVE-2021-33161
- RESERVED
+ REJECTED
CVE-2021-33160
- RESERVED
+ REJECTED
CVE-2021-33159 (Improper authentication in subsystem for Intel(R) AMT before
versions ...)
NOT-FOR-US: Intel
CVE-2021-33158
- RESERVED
+ REJECTED
CVE-2021-33157
- RESERVED
+ REJECTED
CVE-2021-33156
- RESERVED
+ REJECTED
CVE-2021-33155 (Improper input validation in firmware for some Intel(R)
Wireless Bluet ...)
NOT-FOR-US: Intel
CVE-2021-33154
- RESERVED
+ REJECTED
CVE-2021-33153
- RESERVED
+ REJECTED
CVE-2021-33152
- RESERVED
+ REJECTED
CVE-2021-33151
- RESERVED
+ REJECTED
CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime
for some ...)
NOT-FOR-US: Intel
CVE-2021-33149 (Observable behavioral discrepancy in some Intel(R) Processors
may allo ...)
NOT-FOR-US: Intel
CVE-2021-33148
- RESERVED
+ REJECTED
CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library
before ve ...)
NOT-FOR-US: Intel
CVE-2021-33146
- RESERVED
+ REJECTED
CVE-2021-33145
- RESERVED
+ REJECTED
CVE-2021-33144
- RESERVED
+ REJECTED
CVE-2021-33143
- RESERVED
+ REJECTED
CVE-2021-33142
- RESERVED
+ REJECTED
CVE-2021-33141
- RESERVED
+ REJECTED
CVE-2021-33140
- RESERVED
+ REJECTED
CVE-2021-33139 (Improper conditions check in firmware for some Intel(R)
Wireless Bluet ...)
NOT-FOR-US: Intel
CVE-2021-33138
- RESERVED
+ REJECTED
CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may
allow an ...)
NOT-FOR-US: Intel
CVE-2021-33136
- RESERVED
+ REJECTED
CVE-2021-33135 (Uncontrolled resource consumption in the Linux kernel drivers
for Inte ...)
- linux 5.16.18-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -193605,13 +193635,13 @@ CVE-2021-33135 (Uncontrolled resource consumption
in the Linux kernel drivers fo
NOTE:
https://git.kernel.org/linus/08999b2489b4c9b939d7483dbd03702ee4576d96 (5.17-rc8)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html
CVE-2021-33134
- RESERVED
+ REJECTED
CVE-2021-33133
- RESERVED
+ REJECTED
CVE-2021-33132
- RESERVED
+ REJECTED
CVE-2021-33131
- RESERVED
+ REJECTED
CVE-2021-33130 (Insecure default variable initialization of Intel(R)
RealSense(TM) ID ...)
NOT-FOR-US: Intel
CVE-2021-33129 (Incorrect default permissions in the software installer for
the Intel( ...)
@@ -193619,11 +193649,11 @@ CVE-2021-33129 (Incorrect default permissions in
the software installer for the
CVE-2021-33128 (Improper access control in the firmware for some Intel(R) E810
Etherne ...)
NOT-FOR-US: Intel
CVE-2021-33127
- RESERVED
+ REJECTED
CVE-2021-33126 (Improper access control in the firmware for some Intel(R) 700
and 722 ...)
NOT-FOR-US: Intel
CVE-2021-33125
- RESERVED
+ REJECTED
CVE-2021-33124 (Out-of-bounds write in the BIOS authenticated code module for
some Int ...)
NOT-FOR-US: Intel
CVE-2021-33123 (Improper access control in the BIOS authenticated code module
for some ...)
@@ -193631,7 +193661,7 @@ CVE-2021-33123 (Improper access control in the BIOS
authenticated code module fo
CVE-2021-33122 (Insufficient control flow management in the BIOS firmware for
some Int ...)
NOT-FOR-US: Intel
CVE-2021-33121
- RESERVED
+ REJECTED
CVE-2021-33120 (Out of bounds read under complex microarchitectural condition
in memor ...)
- intel-microcode 3.20220207.1
[bullseye] - intel-microcode 3.20220207.1~deb11u1
@@ -193648,7 +193678,7 @@ CVE-2021-33117 (Improper access control for some 3rd
Generation Intel(R) Xeon(R)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html
NOTE: Fixed via m_87_606a6_0d000331.inc: sig 0x000606a6, pf_mask 0x87,
2021-12-03, rev 0xd000331, size 291840
CVE-2021-33116
- RESERVED
+ REJECTED
CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi in UE ...)
NOT-FOR-US: Intel
CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi in mu ...)
@@ -193656,13 +193686,13 @@ CVE-2021-33114 (Improper input validation for some
Intel(R) PROSet/Wireless WiFi
CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless
WiFi in mu ...)
NOT-FOR-US: Intel
CVE-2021-33112
- RESERVED
+ REJECTED
CVE-2021-33111
- RESERVED
+ REJECTED
CVE-2021-33110 (Improper input validation for some Intel(R) Wireless
Bluetooth(R) prod ...)
NOT-FOR-US: Intel
CVE-2021-33109
- RESERVED
+ REJECTED
CVE-2021-33108 (Improper input validation in the Intel(R) In-Band
Manageability softwa ...)
NOT-FOR-US: Intel
CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for
Intel(R) ...)
@@ -193676,13 +193706,13 @@ CVE-2021-33104 (Improper access control in the
Intel(R) OFU software before vers
CVE-2021-33103 (Unintended intermediary in the BIOS authenticated code module
for some ...)
NOT-FOR-US: Intel
CVE-2021-33102
- RESERVED
+ REJECTED
CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before
version 2 ...)
NOT-FOR-US: Intel
CVE-2021-33100
- RESERVED
+ REJECTED
CVE-2021-33099
- RESERVED
+ REJECTED
CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe
driver for Li ...)
- linux 5.10.46-1
[buster] - linux 4.19.194-1
@@ -193713,9 +193743,9 @@ CVE-2021-33087 (Improper authentication in the
installer for the Intel(R) NUC M1
CVE-2021-33086 (Out-of-bounds write in firmware for some Intel(R) NUCs may
allow an au ...)
NOT-FOR-US: Intel
CVE-2021-33085
- RESERVED
+ REJECTED
CVE-2021-33084
- RESERVED
+ REJECTED
CVE-2021-33083 (Improper authentication in firmware for some Intel(R) SSD,
Intel(R) Op ...)
NOT-FOR-US: Intel
CVE-2021-33082 (Sensitive information in resource not removed before reuse in
firmware ...)
@@ -193739,7 +193769,7 @@ CVE-2021-33074 (Protection mechanism failure in
firmware for some Intel(R) SSD,
CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution
of Open ...)
NOT-FOR-US: Intel
CVE-2021-33072
- RESERVED
+ REJECTED
CVE-2021-33071 (Incorrect default permissions in the installer for the
Intel(R) oneAPI ...)
NOT-FOR-US: Intel
CVE-2021-33070
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3be2670022a92d1b8508a13587589cc595a81e5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3be2670022a92d1b8508a13587589cc595a81e5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
