Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad06b912 by security tracker role at 2024-03-15T20:12:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources
vulnerability i ...)
+ TODO: check
+CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and
classified ...)
+ TODO: check
+CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt
firmware af ...)
+ TODO: check
+CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18
15.03.0 ...)
+ TODO: check
+CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda
AC18 15 ...)
+ TODO: check
+CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has
been rated ...)
+ TODO: check
+CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has
been decla ...)
+ TODO: check
+CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6,
9.3.x bef ...)
+ TODO: check
+CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6,
9.3.x bef ...)
+ TODO: check
+CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost
versions 8.1.x ...)
+ TODO: check
+CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection
listener to su ...)
+ TODO: check
+CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to
query H ...)
+ TODO: check
+CVE-2024-28848 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
+ TODO: check
+CVE-2024-28847 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
+ TODO: check
+CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored
Cross-s ...)
+ TODO: check
+CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to
Cross Si ...)
+ TODO: check
+CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store
Cross-si ...)
+ TODO: check
+CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to
contain an out ...)
+ TODO: check
+CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to
contain a out ...)
+ TODO: check
+CVE-2024-28255 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
+ TODO: check
+CVE-2024-28254 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
+ TODO: check
+CVE-2024-28253 (OpenMetadata is a unified platform for discovery,
observability, and g ...)
+ TODO: check
+CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
+ TODO: check
+CVE-2024-28242 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before
8.1.10 ...)
+ TODO: check
+CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable
vulnerability scann ...)
+ TODO: check
+CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes
postMash \u20 ...)
+ TODO: check
+CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-27100 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2024-27085 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25934 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25921 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25919 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25916 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25596 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25593 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-25592 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24975 (Uncontrolled Resource Consumption in Mattermost Mobile
versions before ...)
+ TODO: check
+CVE-2024-24827 (Discourse is an open source platform for community discussion.
Without ...)
+ TODO: check
+CVE-2024-24748 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
+CVE-2023-7248 (Certain functionality in OpenText Vertica Management console
might be ...)
+ TODO: check
+CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets
arrivin ...)
+ TODO: check
+CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or
valida ...)
+ TODO: check
+CVE-2023-7009 (Some Sciener-based locks support plaintext message processing
over Blu ...)
+ TODO: check
+CVE-2023-7007 (Sciener server does not validate connection requests from the
GatewayG ...)
+ TODO: check
+CVE-2023-7006 (The unlockKey character in a lock using Sciener firmware can be
brute ...)
+ TODO: check
+CVE-2023-7004 (The TTLock App does not employ proper verification procedures
to ensur ...)
+ TODO: check
+CVE-2023-7003 (The AES key utilized in the pairing process between a lock
using Scien ...)
+ TODO: check
+CVE-2023-6960 (TTLock App virtual keys and settings are only deleted client
side, and ...)
+ TODO: check
+CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate
component ...)
+ TODO: check
+CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset
Orchestr ...)
+ TODO: check
+CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo,
Roland Murg ...)
+ TODO: check
+CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs
Paid Mem ...)
+ TODO: check
+CVE-2023-51369 (Cross-Site Request Forgery (CSRF) vulnerability in SysBasics
Customize ...)
+ TODO: check
+CVE-2023-50898 (Missing Authorization vulnerability in sirv.Com Sirv.This
issue affect ...)
+ TODO: check
+CVE-2023-50886 (Cross-Site Request Forgery (CSRF), Incorrect Authorization
vulnerabili ...)
+ TODO: check
+CVE-2023-50861 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777
HUSKY \u ...)
+ TODO: check
+CVE-2023-47699 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to
cross-site ...)
+ TODO: check
+CVE-2023-47162 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to
cross-site ...)
+ TODO: check
+CVE-2023-47147 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an
attacker to o ...)
+ TODO: check
+CVE-2023-46182 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to
cross-site ...)
+ TODO: check
+CVE-2023-46181 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to
be store ...)
+ TODO: check
+CVE-2023-46179 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the
secure attr ...)
+ TODO: check
CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has
been class ...)
NOT-FOR-US: Tenda
CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and
classified as ...)
@@ -84,9 +222,9 @@ CVE-2024-28054
NOTE: Patched amavisd-new version can use
MIME::Entity->ambiguous_content if available
NOTE: to get help on detecting an an ambiguous email or use an own
ambiguous_content
NOTE: check if the available MIME::Tools are too old.
-CVE-2024-28752
+CVE-2024-28752 (A SSRF vulnerability using the Aegis DataBinding in versions
of Apache ...)
NOT-FOR-US: Apache CXF
-CVE-2024-23944
+CVE-2024-23944 (Information disclosure in persistent watchers handling in
Apache ZooKe ...)
- zookeeper <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2024/03/14/2
CVE-2024-1930
@@ -1061,7 +1199,7 @@ CVE-2023-28746 (Information exposure through
microarchitectural state after tran
NOTE: https://www.openwall.com/lists/oss-security/2024/03/12/13
NOTE: https://xenbits.xen.org/xsa/advisory-452.html
NOTE:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
-CVE-2024-2193 [GhostRace: Speculative Race Conditions]
+CVE-2024-2193 (A Speculative Race Condition (SRC) vulnerability that impacts
modern C ...)
- linux <unfixed>
- xen <unfixed>
[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
@@ -1149,7 +1287,7 @@ CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there
is a possible incorrect
NOT-FOR-US: Android
CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory
corruption ...)
NOT-FOR-US: Android
-CVE-2024-27235 (In plugin_extern_func of TBD, there is a possible out of
bounds read d ...)
+CVE-2024-27235 (In plugin_extern_func of , there is a possible out of bounds
read due ...)
NOT-FOR-US: Android
CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds
read due ...)
NOT-FOR-US: Android
@@ -1159,11 +1297,11 @@ CVE-2024-27230 (In
ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadap
NOT-FOR-US: Android
CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c,
there is a ...)
NOT-FOR-US: Android
-CVE-2024-27228 (In TBD of TBD, there is a possible out of bounds write due to
a heap b ...)
+CVE-2024-27228 (there is a possible out of bounds write due to a heap buffer
overflow. ...)
NOT-FOR-US: Android
-CVE-2024-27227 (Android kernel allows Remote code execution.)
+CVE-2024-27227 (A malicious DNS response can trigger a number of OOB reads,
writes, an ...)
NOT-FOR-US: Android
-CVE-2024-27226 (In tmu_config_gov_params of TBD, there is a possible out of
bounds wri ...)
+CVE-2024-27226 (In tmu_config_gov_params of , there is a possible out of
bounds write ...)
NOT-FOR-US: Android
CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out
of boun ...)
NOT-FOR-US: Android
@@ -1173,35 +1311,35 @@ CVE-2024-27223 (In
EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagem
NOT-FOR-US: Android
CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a
possible w ...)
NOT-FOR-US: Android
-CVE-2024-27221 (In update_policy_data of TBD, there is a possible out of
bounds write ...)
+CVE-2024-27221 (In update_policy_data of , there is a possible out of bounds
write due ...)
NOT-FOR-US: Android
-CVE-2024-27220 (In lpm_req_handler of TBD, there is a possible out of bounds
memory ac ...)
+CVE-2024-27220 (In lpm_req_handler of , there is a possible out of bounds
memory acces ...)
NOT-FOR-US: Android
CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds
write due to ...)
NOT-FOR-US: Android
-CVE-2024-27218 (In update_freq_data of TBD, there is a possible out of bounds
read due ...)
+CVE-2024-27218 (In update_freq_data of , there is a possible out of bounds
read due to ...)
NOT-FOR-US: Android
CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a
possible Remot ...)
NOT-FOR-US: Android
-CVE-2024-27212 (In init_data of TBD, there is a possible out of bounds write
due to a ...)
+CVE-2024-27212 (In init_data of , there is a possible out of bounds write due
to a mis ...)
NOT-FOR-US: Android
CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB
write du ...)
NOT-FOR-US: Android
CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds
write due ...)
NOT-FOR-US: Android
-CVE-2024-27209 (In TBD of TBD, there is a possible out of bounds write due to
a heap b ...)
+CVE-2024-27209 (there is a possible out of bounds write due to a heap buffer
overflow. ...)
NOT-FOR-US: Android
-CVE-2024-27208 (In TBD of TBD, there is a possible out of bounds write due to
a missin ...)
+CVE-2024-27208 (there is a possible out of bounds write due to a missing
bounds check. ...)
NOT-FOR-US: Android
-CVE-2024-27207 (Android kernel allows Elevation of privilege.)
+CVE-2024-27207 (Exported broadcast receivers allowing malicious apps to bypass
broadca ...)
NOT-FOR-US: Android
-CVE-2024-27206 (In tbd of tbd, there is a possible out of bounds read due to a
missing ...)
+CVE-2024-27206 (there is a possible out of bounds read due to a missing bounds
check. ...)
NOT-FOR-US: Android
-CVE-2024-27205 (In tbd of tbd, there is a possible memory corruption due to a
use afte ...)
+CVE-2024-27205 (there is a possible memory corruption due to a use after free.
This co ...)
NOT-FOR-US: Android
CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of
bounds writ ...)
NOT-FOR-US: Android
-CVE-2024-25993 (In tmu_reset_tmu_trip_counter of TBD, there is a possible out
of bound ...)
+CVE-2024-25993 (In tmu_reset_tmu_trip_counter of , there is a possible out of
bounds w ...)
NOT-FOR-US: Android
CVE-2024-25992 (In tmu_tz_control of tmu.c, there is a possible out of bounds
read due ...)
NOT-FOR-US: Android
@@ -1237,15 +1375,15 @@ CVE-2024-22011 (In ss_ProcessRejectComponent of
ss_MmConManagement.c, there is a
NOT-FOR-US: Android
CVE-2024-22010 (In dvfs_plugin_caller of fvp.c, there is a possible out of
bounds read ...)
NOT-FOR-US: Android
-CVE-2024-22009 (In init_data of TBD, there is a possible out of bounds write
due to a ...)
+CVE-2024-22009 (In init_data of , there is a possible out of bounds write due
to a mis ...)
NOT-FOR-US: Android
CVE-2024-22008 (In config_gov_time_windows of tmu.c, there is a possible out
of bounds ...)
NOT-FOR-US: Android
CVE-2024-22007 (In constraint_check of fvp.c, there is a possible out of
bounds read d ...)
NOT-FOR-US: Android
-CVE-2024-22006 (Android kernel allows Information disclosure.)
+CVE-2024-22006 (OOB read in the TMU plugin that allows for memory disclosure
in the po ...)
NOT-FOR-US: Android
-CVE-2024-22005 (In TBD of TBD, there is a possible Authentication Bypass due
to improp ...)
+CVE-2024-22005 (there is a possible Authentication Bypass due to improperly
used crypt ...)
NOT-FOR-US: Android
CVE-2024-1696 (In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a
user op ...)
NOT-FOR-US: Santesoft Sante FFT Imaging
@@ -2452,7 +2590,7 @@ CVE-2024-2002
[buster] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW202402-002
NOTE: Fixed by:
https://github.com/davea42/libdwarf-code/commit/404e6b1b14f60c81388d50b4239f81d461b3c3ad
-CVE-2024-27351 [Potential regular expression denial-of-service in
django.utils.text.Truncator.words()]
+CVE-2024-27351 (In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before
5.0.3, ...)
- python-django 3:4.2.11-1
[bookworm] - python-django <postponed> (Minor issue, fix along in
future update)
[bullseye] - python-django <postponed> (Minor issue, fix along in
future update)
@@ -7273,7 +7411,7 @@ CVE-2024-20740 (Substance3D - Painter versions 9.1.1 and
earlier are affected by
NOT-FOR-US: Adobe
CVE-2024-20739 (Audition versions 24.0.3, 23.6.2 and earlier are affected by a
Heap-ba ...)
NOT-FOR-US: Adobe
-CVE-2024-20738 (Adobe Framemaker versions 2022.1 and earlier are affected by
an Improp ...)
+CVE-2024-20738 (Adobe FrameMaker Publishing Server versions 2022.1 and earlier
are aff ...)
NOT-FOR-US: Adobe
CVE-2024-20736 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier
are aff ...)
NOT-FOR-US: Adobe
@@ -17616,6 +17754,7 @@ CVE-2023-42017 (IBM Planning Analytics Local 2.0 could
allow a remote attacker t
CVE-2023-39251 (Dell BIOS contains an Improper Input Validation vulnerability.
A local ...)
NOT-FOR-US: Dell
CVE-2023-52322 (ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x
before 4.2 ...)
+ {DLA-3761-1}
- spip 4.1.13+dfsg-1 (bug #1059331)
[bookworm] - spip 4.1.9+dfsg-1+deb12u4
[bullseye] - spip 3.2.11-3+deb11u10
@@ -24128,7 +24267,7 @@ CVE-2023-44326 (Adobe Dimension versions 3.4.9 (and
earlier) is affected by an o
NOT-FOR-US: Adobe
CVE-2023-44325 (Adobe Animate versions 23.0.2 (and earlier) is affected by an
out-of-b ...)
NOT-FOR-US: Adobe
-CVE-2023-44324 (Adobe FrameMaker versions 2022 and earlier are affected by an
Improper ...)
+CVE-2023-44324 (Adobe FrameMaker Publishing Server versions 2022 and earlier
are affec ...)
NOT-FOR-US: Adobe
CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any
file on t ...)
NOT-FOR-US: Ray
@@ -184642,8 +184781,8 @@ CVE-2021-38940
RESERVED
CVE-2021-38939 (IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive
informa ...)
NOT-FOR-US: IBM
-CVE-2021-38938
- RESERVED
+CVE-2021-38938 (IBM Host Access Transformation Services (HATS) 9.6 through
9.6.1.4 and ...)
+ TODO: check
CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an
authent ...)
NOT-FOR-US: IBM
CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly
sensitive info ...)
@@ -505647,14 +505786,14 @@ CVE-2016-1245 (It was discovered that the zebra
daemon in Quagga before 1.0.2016
NOTE: Fixed by:
https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
NOTE:
https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html
CVE-2016-1244 (The extractTree function in unADF allows remote attackers to
execute a ...)
- {DSA-3676-1 DLA-631-1}
+ {DSA-3676-1 DLA-3762-1 DLA-631-1}
- unadf 0.7.11a-6 (bug #838248)
[bookworm] - unadf 0.7.11a-5+deb12u1
[bullseye] - unadf 0.7.11a-4+deb11u1
NOTE: Fixed by:
https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the
upstream fix.
CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in
unADF allow ...)
- {DSA-3676-1 DLA-631-1}
+ {DSA-3676-1 DLA-3762-1 DLA-631-1}
- unadf 0.7.11a-6 (bug #838248)
[bookworm] - unadf 0.7.11a-5+deb12u1
[bullseye] - unadf 0.7.11a-4+deb11u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad06b91257c2197f6d619f12d85276443990f303
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad06b91257c2197f6d619f12d85276443990f303
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
