[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 05 May 2024 01:12:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3f7b62f3 by security tracker role at 2024-05-05T08:11:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2024-4497 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has 
been dec ...)
+       TODO: check
+CVE-2024-4496 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has 
been cla ...)
+       TODO: check
+CVE-2024-4495 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and 
classified a ...)
+       TODO: check
+CVE-2024-4494 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and 
classif ...)
+       TODO: check
+CVE-2024-4493 (A vulnerability, which was classified as critical, was found in 
Tenda  ...)
+       TODO: check
+CVE-2024-4492 (A vulnerability, which was classified as critical, has been 
found in T ...)
+       TODO: check
+CVE-2024-4491 (A vulnerability classified as critical was found in Tenda i21 
1.0.0.14 ...)
+       TODO: check
+CVE-2024-34490 (In Maxima through 5.47.0 before 51704c, the plotting 
facilities make u ...)
+       TODO: check
+CVE-2024-34489 (OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers 
to cause ...)
+       TODO: check
+CVE-2024-34488 (OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows 
attackers ...)
+       TODO: check
+CVE-2024-34487 (OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows 
attackers to c ...)
+       TODO: check
+CVE-2024-34486 (OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows 
attackers to ...)
+       TODO: check
+CVE-2024-34484 (OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers 
to caus ...)
+       TODO: check
+CVE-2024-34483 (OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows 
attackers ...)
+       TODO: check
+CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus 
rules ou ...)
+       TODO: check
+CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion 
that can c ...)
+       TODO: check
+CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion 
that can c ...)
+       TODO: check
+CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC 
I-Release. An a ...)
+       TODO: check
+CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to 
index.php?module ...)
+       TODO: check
+CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
+       TODO: check
+CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the 
PHPSESSION cook ...)
+       TODO: check
+CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment 
preview.)
+       TODO: check
+CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an 
off-by-one error ...)
+       TODO: check
 CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP 
Object Injec ...)
@@ -17897,30 +17943,35 @@ CVE-2024-2182 (A flaw was found in the Open Virtual 
Network (OVN). In OVN cluste
        NOTE: https://bugs.launchpad.net/bugs/2053113
        NOTE: 
https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
 CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some 
Intel(R)  ...)
+       {DLA-3808-1}
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some 
Intel(R) P ...)
+       {DLA-3808-1}
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-38575 (Non-transparent sharing of return predictor targets between 
contexts i ...)
+       {DLA-3808-1}
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation 
Intel(R) X ...)
+       {DLA-3808-1}
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-28746 (Information exposure through microarchitectural state after 
transient  ...)
+       {DLA-3808-1}
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
@@ -81685,8 +81736,8 @@ CVE-2023-27285 (IBM Aspera Connect 4.2.5 and IBM Aspera 
Cargo 4.2.5 is vulnerabl
        NOT-FOR-US: IBM
 CVE-2023-27284 (IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are 
vulnerable to  ...)
        NOT-FOR-US: IBM
-CVE-2023-27283
-       RESERVED
+CVE-2023-27283 (IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to 
enumera ...)
+       TODO: check
 CVE-2023-27282
        RESERVED
 CVE-2023-27281



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f7b62f3ce95bd13071ed60506a1f9d94585cac9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f7b62f3ce95bd13071ed60506a1f9d94585cac9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to