Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6fa9a4f6 by security tracker role at 2024-05-14T08:11:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,122 @@
-CVE-2024-4761
+CVE-2024-4855 (Use after free issue in editcap could cause denial of service
via craf ...)
+ TODO: check
+CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark
4.2.0 to 4. ...)
+ TODO: check
+CVE-2024-4853 (Memory handling issue in editcap could cause denial of service
via cra ...)
+ TODO: check
+CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a
toolse ...)
+ TODO: check
+CVE-2024-4810 (In register_device, the return value of ida_simple_get is
unchecked, i ...)
+ TODO: check
+CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut
NG/MF that ...)
+ TODO: check
+CVE-2024-4445 (The WP Compress \u2013 Image Optimizer [All-In-One] plugin for
WordPre ...)
+ TODO: check
+CVE-2024-4144 (The Simple Basic Contact Form plugin for WordPress for
WordPress is vu ...)
+ TODO: check
+CVE-2024-4139 (Manage Bank Statement ReProcessing Rules does not perform
necessary au ...)
+ TODO: check
+CVE-2024-4138 (Manage Bank Statement ReProcessing Rules does not perform
necessary au ...)
+ TODO: check
+CVE-2024-3241 (The Ultimate Blocks WordPress plugin before 3.1.7 does not
validate a ...)
+ TODO: check
+CVE-2024-3037 (An arbitrary file deletion vulnerability exists in PaperCut
NG/MF that ...)
+ TODO: check
+CVE-2024-34687 (SAP NetWeaver Application Server for ABAP and ABAP Platform do
not suf ...)
+ TODO: check
+CVE-2024-33878
+ REJECTED
+CVE-2024-33009 (SAP Global Label Management is vulnerable to SQL injection. On
exploit ...)
+ TODO: check
+CVE-2024-33008 (SAP Replication Server allows an attacker to use gateway for
executing ...)
+ TODO: check
+CVE-2024-33007 (PDFViewer is a control delivered as part of SAPUI5 product
which shows ...)
+ TODO: check
+CVE-2024-33006 (An unauthenticated attacker can upload a malicious file to the
server ...)
+ TODO: check
+CVE-2024-33004 (SAP Business Objects Business Intelligence Platform is
vulnerable to I ...)
+ TODO: check
+CVE-2024-33002 (Document Service handler (obsolete) in Data Provisioning
Service does ...)
+ TODO: check
+CVE-2024-33000 (SAP Bank Account Management does not perform necessary
authorization c ...)
+ TODO: check
+CVE-2024-32733 (Due to missing input validation and output encoding of
untrusted data, ...)
+ TODO: check
+CVE-2024-32731 (SAP My Travel Requests does not perform necessary
authorization checks ...)
+ TODO: check
+CVE-2024-28165 (SAP Business Objects Business Intelligence Platform is
vulnerable to s ...)
+ TODO: check
+CVE-2024-27852 (A privacy issue was addressed with improved client ID handling
for alt ...)
+ TODO: check
+CVE-2024-27847 (This issue was addressed with improved checks This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-27843 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2024-27842 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-27841 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-27839 (A privacy issue was addressed by moving sensitive data to a
more secur ...)
+ TODO: check
+CVE-2024-27837 (A downgrade issue was addressed with additional code-signing
restricti ...)
+ TODO: check
+CVE-2024-27835 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-27834 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-27829 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-27827 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-27825 (A downgrade issue affecting Intel-based Mac computers was
addressed wi ...)
+ TODO: check
+CVE-2024-27824 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2024-27822 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2024-27821 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2024-27818 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-27816 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2024-27813 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-27810 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2024-27804 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-27803 (A permissions issue was addressed with improved validation.
This issue ...)
+ TODO: check
+CVE-2024-27798 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
+CVE-2024-27796 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-27789 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2024-25970 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains
an impro ...)
+ TODO: check
+CVE-2024-25969 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains
an alloc ...)
+ TODO: check
+CVE-2024-25968 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains
a use of ...)
+ TODO: check
+CVE-2024-25967 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains
an execu ...)
+ TODO: check
+CVE-2024-25966 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains
an impro ...)
+ TODO: check
+CVE-2024-25965 (Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains
an exter ...)
+ TODO: check
+CVE-2024-23576 (Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could
allow d ...)
+ TODO: check
+CVE-2024-23236 (A correctness issue was addressed with improved checks. This
issue is ...)
+ TODO: check
+CVE-2024-23229 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2024-0870 (The YITH WooCommerce Gift Cards plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-6812 (The WP Compress \u2013 Image Optimizer [All-In-One plugin for
WordPres ...)
+ TODO: check
+CVE-2024-4761 (Out of bounds write in V8 in Google Chrome prior to
124.0.6367.207 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1635,7 +1753,7 @@ CVE-2024-4558 (Use after free in ANGLE in Google Chrome
prior to 124.0.6367.155
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-34397 (An issue was discovered in GNOME GLib before 2.78.5, and
2.79.x and 2. ...)
- {DSA-5682-1}
+ {DSA-5682-1 DLA-3814-1}
- glib2.0 2.80.0-10
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3268
NOTE: Fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/3268#fixes
@@ -31068,12 +31186,14 @@ CVE-2023-52355 (An out-of-memory flaw was found in
libtiff that could be trigger
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/16ab4a205cfc938c32686e8d697d048fabf97ed4
NOTE: Issue fixed by providing a documentation update
CVE-2023-40551 (A flaw was found in the MZ binary format in Shim. An
out-of-bounds rea ...)
+ {DLA-3813-1}
- shim 15.8-1 (bug #1061519)
[bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
[bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259918
NOTE:
https://github.com/rhboot/shim/commit/5a5147d1e19cf90ec280990c84061ac3f67ea1ab
(15.8)
CVE-2023-40550 (An out-of-bounds read flaw was found in Shim when it tried to
validate ...)
+ {DLA-3813-1}
- shim 15.8-1 (bug #1061519)
[bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
[bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
@@ -31081,24 +31201,28 @@ CVE-2023-40550 (An out-of-bounds read flaw was found
in Shim when it tried to va
NOTE:
https://github.com/rhboot/shim/commit/93ce2552f3e9f71f888a672913bfc0eef255c56d
(15.8)
NOTE: Followup:
https://github.com/rhboot/shim/commit/e7f5fdf53ee68025f3ef2688e2f27ccb0082db83
(15.8)
CVE-2023-40549 (An out-of-bounds read flaw was found in Shim due to the lack
of proper ...)
+ {DLA-3813-1}
- shim 15.8-1 (bug #1061519)
[bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
[bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241797
NOTE:
https://github.com/rhboot/shim/commit/afdc5039de0a4a3a40162a32daa070f94a883f09
(15.8)
CVE-2023-40548 (A buffer overflow was found in Shim in the 32-bit system. The
overflow ...)
+ {DLA-3813-1}
- shim 15.8-1 (bug #1061519)
[bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
[bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241782
NOTE:
https://github.com/rhboot/shim/commit/96dccc255b16e9465dbee50b3cef6b3db74d11c8
(15.8)
CVE-2023-40547 (A remote code execution vulnerability was found in Shim. The
Shim boot ...)
+ {DLA-3813-1}
- shim 15.8-1 (bug #1061519)
[bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
[bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2234589
NOTE:
https://github.com/rhboot/shim/commit/0226b56513b2b8bd5fd281bce77c40c9bf07c66d
(15.8)
CVE-2023-40546 (A flaw was found in Shim when an error happened while creating
a new E ...)
+ {DLA-3813-1}
- shim 15.8-1 (bug #1061519)
[bookworm] - shim <no-dsa> (Minor issue, fix with a point release)
[bullseye] - shim <no-dsa> (Minor issue, fix with a point release)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fa9a4f6e32d0fb1d7420fbb876c4cc69db71b0c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fa9a4f6e32d0fb1d7420fbb876c4cc69db71b0c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
