Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9f5714f by security tracker role at 2024-04-22T08:11:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410,
KN-1711, KN-18 ...)
+ TODO: check
+CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410,
KN-1711, KN-18 ...)
+ TODO: check
+CVE-2024-32698 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32695 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress
Automati ...)
+ TODO: check
+CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to
execute arbi ...)
+ TODO: check
+CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote
attacker to ...)
+ TODO: check
+CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX
v.14r1, v.13r3 ...)
+ TODO: check
+CVE-2023-7252 (The Tickera WordPress plugin before 3.5.2.5 does not prevent
users fr ...)
+ TODO: check
+CVE-2018-25101 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo
Grauerhol ...)
+ TODO: check
CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment]
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed>
@@ -1922,7 +1952,7 @@ CVE-2024-XXXX [Stored XSS in Avatar block]
NOTE:
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
NOTE:
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames
that wo ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1933,7 +1963,7 @@ CVE-2024-3865 (Memory safety bugs present in Firefox 124.
Some of these bugs sho
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9,
and Thund ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1951,7 +1981,7 @@ CVE-2024-3862 (The MarkStack assignment operator, part of
the JavaScript engine,
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent
self-move ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1962,7 +1992,7 @@ CVE-2024-3860 (An out-of-memory condition during object
initialization could res
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an
out-of- ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1973,7 +2003,7 @@ CVE-2024-3858 (It was possible to mutate a JavaScript
object so that the JIT cou
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases.
This le ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1987,7 +2017,7 @@ CVE-2024-3855 (In certain cases the JIT incorrectly
optimized MSubstr operations
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch
statements ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1998,7 +2028,7 @@ CVE-2024-3853 (A use-after-free could result if a
JavaScript realm was in the pr
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
CVE-2024-3852 (GetBoundName could return the wrong version of an object when
JIT opti ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -2305,7 +2335,7 @@ CVE-2024-29219 (Out-of-bounds read vulnerability exists
in KV STUDIO Ver.11.64 a
NOT-FOR-US: KEYENCE KV STUDIO
CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO
Ver.11.64 and ea ...)
NOT-FOR-US: KEYENCE KV STUDIO
-CVE-2024-29217
+CVE-2024-29217 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Apache Answer
CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente
middleware ...)
NOT-FOR-US: Cente
@@ -6564,7 +6594,7 @@ CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery
WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2024-29734 (Uncontrolled search path element issue exists in SonicDICOM
Media View ...)
NOT-FOR-US: SonicDICOM Media Viewer
-CVE-2024-29733
+CVE-2024-29733 (Improper Certificate Validation vulnerability in Apache
Airflow FTP Pr ...)
NOT-FOR-US: Airflow FTP provider
CVE-2024-29434 (An issue in the system image upload interface of Alldata
v0.4.6 allows ...)
NOT-FOR-US: Alldata
@@ -10729,7 +10759,7 @@ CVE-2024-2610 (Using a markup injection an attacker
could have stolen nonce valu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
CVE-2024-2609 (The permission prompt input delay could expire while the window
is not ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 124.0-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -12833,6 +12863,7 @@ CVE-2024-27902 (Applications based on SAP GUI for HTML
in SAP NetWeaver AS ABAP
CVE-2024-27900 (Due to missing authorization check, attacker with business
user accoun ...)
NOT-FOR-US: SAP
CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A
fixed-out ...)
+ {DSA-5669-1}
- guix 1.4.0-6 (bug #1066113)
- nix <unfixed> (bug #1066812)
[bookworm] - nix <no-dsa> (Minor issue)
@@ -45228,6 +45259,7 @@ CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read
Information Disclosure Vu
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-50186 [AV1 codec parser buffer overflow]
+ {DSA-5583-1}
- gst-plugins-bad1.0 1.22.8-1
[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not
present)
[buster] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not
present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f5714f4e49a5c60526a501ccf071a9df08fa33
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f5714f4e49a5c60526a501ccf071a9df08fa33
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
