Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6bbc9a94 by security tracker role at 2024-07-10T08:11:43+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,26 +1,210 @@
-CVE-2024-39493 [crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak]
+CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika
prior to ...)
+ TODO: check
+CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device
via Telne ...)
+ TODO: check
+CVE-2024-6421 (An unauthenticated remote attacker can read out sensitive
device infor ...)
+ TODO: check
+CVE-2024-6411 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
+ TODO: check
+CVE-2024-6410 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
+ TODO: check
+CVE-2024-5792 (The Houzez CRM plugin for WordPress is vulnerable to time-based
SQL In ...)
+ TODO: check
+CVE-2024-5677 (The Featured Image Generator plugin for WordPress is vulnerable
to una ...)
+ TODO: check
+CVE-2024-5664 (The MP3 Audio Player \u2013 Music Player, Podcast Player &
Radio by So ...)
+ TODO: check
+CVE-2024-4866 (The UltraAddons \u2013 Elementor Addons (Header Footer Builder,
Custom ...)
+ TODO: check
+CVE-2024-39927 (Out-of-bounds write vulnerability exists in Ricoh MFPs and
printers. I ...)
+ TODO: check
+CVE-2024-39901 (OpenSearch Observability is collection of plugins and
applications tha ...)
+ TODO: check
+CVE-2024-39900 (OpenSearch Dashboards Reports allows \u2018Report Owner\u2019
export a ...)
+ TODO: check
+CVE-2024-39886 (TONE store App version 3.4.2 and earlier contains an issue
with unprot ...)
+ TODO: check
+CVE-2024-39883 (Delta Electronics CNCSoft-G2 lacks proper validation of the
length of ...)
+ TODO: check
+CVE-2024-39882 (Delta Electronics CNCSoft-G2 lacks proper validation of
user-supplied ...)
+ TODO: check
+CVE-2024-39881 (Delta Electronics CNCSoft-G2 lacks proper validation of
user-supplied ...)
+ TODO: check
+CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the
length of ...)
+ TODO: check
+CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
+ TODO: check
+CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
+ TODO: check
+CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2
before 4.2. ...)
+ TODO: check
+CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was
discovered ...)
+ TODO: check
+CVE-2024-39072 (AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is
vulnera ...)
+ TODO: check
+CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in
send_eve ...)
+ TODO: check
+CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de
Peddios.exe' allows ...)
+ TODO: check
+CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can
create a ...)
+ TODO: check
+CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS)
via the ...)
+ TODO: check
+CVE-2024-38959 (Cross Site Scripting vulnerability in Creativeitem Academy LMS
Learnin ...)
+ TODO: check
+CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0
before 5.0 ...)
+ TODO: check
+CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior,
contains an ...)
+ TODO: check
+CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in
v.11.5.7 allo ...)
+ TODO: check
+CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a
session h ...)
+ TODO: check
+CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows
attackers ...)
+ TODO: check
+CVE-2024-36453 (Cross-site scripting vulnerability exists in session_login.cgi
of Webm ...)
+ TODO: check
+CVE-2024-36452 (Cross-site request forgery vulnerability exists in ajaxterm
module of ...)
+ TODO: check
+CVE-2024-36451 (Improper handling of insufficient permissions or privileges
vulnerabil ...)
+ TODO: check
+CVE-2024-36450 (Cross-site scripting vulnerability exists in sysinfo.cgi of
Webmin ver ...)
+ TODO: check
+CVE-2024-35154 (IBM WebSphere Application Server 8.5 and 9.0 could allow a
remote auth ...)
+ TODO: check
+CVE-2024-34726 (In PVRSRV_MMap of pvr_bridge_k.c, there is a possible
arbitrary code e ...)
+ TODO: check
+CVE-2024-34725 (In DevmemIntUnexportCtx of devicemem_server.c, there is a
possible arb ...)
+ TODO: check
+CVE-2024-34724 (In _UnrefAndMaybeDestroy of pmr.c, there is a possible
arbitrary code ...)
+ TODO: check
+CVE-2024-34723 (In onTransact of ParcelableListBinder.java , there is a
possible way t ...)
+ TODO: check
+CVE-2024-34722 (In smp_proc_rand of smp_act.cc, there is a possible
authentication byp ...)
+ TODO: check
+CVE-2024-34721 (In ensureFileColumns of MediaProvider.java, there is a
possible disclo ...)
+ TODO: check
+CVE-2024-34720 (In
com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of ...)
+ TODO: check
+CVE-2024-32670 (Exposure of Sensitive Information to an Unauthorized Actor in
Samsung ...)
+ TODO: check
+CVE-2024-31339 (In multiple functions of StatsService.cpp, there is a possible
memory ...)
+ TODO: check
+CVE-2024-31335 (In DevmemIntChangeSparse2 of devicemem_server.c, there is a
possible a ...)
+ TODO: check
+CVE-2024-31334 (In DevmemIntFreeDefBackingPage of devicemem_server.c, there is
a possi ...)
+ TODO: check
+CVE-2024-31332 (In multiple locations, there is a possible way to bypass a
restriction ...)
+ TODO: check
+CVE-2024-31331 (In setMimeGroup of PackageManagerService.java, there is a
possible way ...)
+ TODO: check
+CVE-2024-31327 (In multiple functions of MessageQueueBase.h, there is a
possible out o ...)
+ TODO: check
+CVE-2024-31326 (In multiple locations, there is a possible way in which policy
migrati ...)
+ TODO: check
+CVE-2024-31325 (In multiple locations, there is a possible way to reveal
images across ...)
+ TODO: check
+CVE-2024-31324 (In hide of WindowState.java, there is a possible way to bypass
tapjack ...)
+ TODO: check
+CVE-2024-31323 (In onCreate of multiple files, there is a possible way to
trick the us ...)
+ TODO: check
+CVE-2024-31322 (In updateServicesLocked of AccessibilityManagerService.java,
there is ...)
+ TODO: check
+CVE-2024-31320 (In setSkipPrompt of AssociationRequest.java , there is a
possible way ...)
+ TODO: check
+CVE-2024-31319 (In updateNotificationChannelFromPrivilegedListener of
NotificationMana ...)
+ TODO: check
+CVE-2024-31318 (In CompanionDeviceManagerService.java, there is a possible way
to pair ...)
+ TODO: check
+CVE-2024-31317 (In multiple functions of ZygoteProcess.java, there is a
possible way t ...)
+ TODO: check
+CVE-2024-31316 (In onResult of AccountManagerService.java, there is a possible
way to ...)
+ TODO: check
+CVE-2024-31315 (In multiple functions of ManagedServices.java, there is a
possible way ...)
+ TODO: check
+CVE-2024-31314 (In multiple functions of ShortcutService.java, there is a
possible per ...)
+ TODO: check
+CVE-2024-31313 (In availableToWriteBytes of MessageQueueBase.h, there is a
possible ou ...)
+ TODO: check
+CVE-2024-31312 (In multiple locations, there is a possible information leak
due to a m ...)
+ TODO: check
+CVE-2024-31311 (In increment_annotation_count of stats_event.c, there is a
possible ou ...)
+ TODO: check
+CVE-2024-31310 (In newServiceInfoLocked of AutofillManagerServiceImpl.java,
there is a ...)
+ TODO: check
+CVE-2024-27386 (A vulnerability was discovered in the
slsi_handle_nan_rx_event_log_ind ...)
+ TODO: check
+CVE-2024-27385 (A vulnerability was discovered in the
slsi_handle_nan_rx_event_log_ind ...)
+ TODO: check
+CVE-2024-25023 (IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM
QRadar S ...)
+ TODO: check
+CVE-2024-23711 (In DevmemXIntUnreserveRange of devicemem_server.c, there is a
possible ...)
+ TODO: check
+CVE-2024-23698 (In RGXFWChangeOSidPriority of rgxfwutils.c, there is a
possible arbitr ...)
+ TODO: check
+CVE-2024-23697 (In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible
arbitrary c ...)
+ TODO: check
+CVE-2024-23696 (In RGXCreateZSBufferKM of rgxta3d.c, there is a possible
arbitrary cod ...)
+ TODO: check
+CVE-2024-23695 (In CacheOpPMRExec of cache_km.c, there is a possible out of
bounds wri ...)
+ TODO: check
+CVE-2024-22477 (A cross-site scripting vulnerability exists in the admin
console OIDC ...)
+ TODO: check
+CVE-2024-22377 (The deploy directory in PingFederate runtime nodes is
reachable to una ...)
+ TODO: check
+CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are susceptible to a
vulnerability ...)
+ TODO: check
+CVE-2024-21832 (A potential JSON injection attack vector exists in
PingFederate REST A ...)
+ TODO: check
+CVE-2024-21526 (All versions of the package speaker are vulnerable to Denial
of Servic ...)
+ TODO: check
+CVE-2024-21525 (All versions of the package node-twain are vulnerable to
Improper Chec ...)
+ TODO: check
+CVE-2024-21524 (All versions of the package node-stringbuilder are vulnerable
to Out-o ...)
+ TODO: check
+CVE-2024-21523 (All versions of the package images are vulnerable to Denial of
Service ...)
+ TODO: check
+CVE-2024-21522 (All versions of the package audify are vulnerable to Improper
Validati ...)
+ TODO: check
+CVE-2024-21521 (All versions of the package @discordjs/opus are vulnerable to
Denial o ...)
+ TODO: check
+CVE-2024-21417 (Windows Text Services Framework Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-7062 (The Advanced File Manager Shortcodes plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2023-7061 (The Advanced File Manager Shortcodes plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2023-6813 (The Login by Auth0 plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2023-32472 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an
out-of-bou ...)
+ TODO: check
+CVE-2023-32467 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an
out-of-bou ...)
+ TODO: check
+CVE-2024-39493 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.9.7-1
[bookworm] - linux 6.1.94-1
NOTE:
https://git.kernel.org/linus/d3b17c6d9dddc2db3670bc9be628b122416a3d26 (6.10-rc1)
-CVE-2024-39492 [mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox
shutdown]
+CVE-2024-39492 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/747a69a119c469121385543f21c2d08562968ccc (6.10-rc1)
-CVE-2024-39491 [ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance]
+CVE-2024-39491 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d344873c4cbde249b7152d36a273bcc45864001e (6.10-rc1)
-CVE-2024-39490 [ipv6: sr: fix missing sk_buff release in seg6_input_core]
+CVE-2024-39490 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.9.7-1
[bookworm] - linux 6.1.94-1
NOTE:
https://git.kernel.org/linus/5447f9708d9e4c17a647b16a9cb29e9e02820bd9 (6.10-rc1)
-CVE-2024-39489 [ipv6: sr: fix memleak in seg6_hmac_init_algo]
+CVE-2024-39489 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.9.7-1
[bookworm] - linux 6.1.94-1
NOTE:
https://git.kernel.org/linus/efb9f4f19f8e37fde43dfecebc80292d179f56c6 (6.10-rc1)
-CVE-2024-39488 [arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY]
+CVE-2024-39488 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
- linux 6.9.7-1
[bookworm] - linux 6.1.94-1
NOTE:
https://git.kernel.org/linus/ffbf4fb9b5c12ff878a10ea17997147ea4ebea6f (6.10-rc1)
@@ -893,7 +1077,7 @@ CVE-2024-22062 (There is a permissions and access control
vulnerability in ZXCLO
CVE-2024-37372
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
-CVE-2024-22018
+CVE-2024-22018 (A vulnerability has been identified in Node.js, affecting
users of the ...)
- nodejs 20.15.1+dfsg-1
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#fslstat-bypasses-permission-model-cve-2024-22018---low
CVE-2024-36137
@@ -130375,7 +130559,7 @@ CVE-2023-21268 (In update of MmsProvider.java, there
is a possible way to change
NOT-FOR-US: Android
CVE-2023-21267 (In multiple functions of KeyguardViewMediator.java, there is a
possibl ...)
NOT-FOR-US: Android
-CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java,
there is a ...)
+CVE-2023-21266 (In multiple functions of ActivityManagerService.java, there is
a possi ...)
NOT-FOR-US: Android
CVE-2023-21265 (In multiple locations, there are root CA certificates which
need to be ...)
NOT-FOR-US: Android
@@ -130686,10 +130870,10 @@ CVE-2023-21116 (In verifyReplacingVersionCode of
InstallPackageHelper.java, ther
NOT-FOR-US: Android
CVE-2023-21115 (In btm_sec_encrypt_change of btm_sec.cc, there is a possible
way to do ...)
NOT-FOR-US: Android
-CVE-2023-21114
- RESERVED
-CVE-2023-21113
- RESERVED
+CVE-2023-21114 (In multiple locations, there is a possible permission bypass
due to a ...)
+ TODO: check
+CVE-2023-21113 (In multiple locations, there is a possible permission bypass
due to a ...)
+ TODO: check
CVE-2023-21112 (In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out
of bound ...)
NOT-FOR-US: Android
CVE-2023-21111 (In several functions of PhoneAccountRegistrar.java, there is a
possibl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bbc9a946d47a719e34ac0a871cd5e7168f03b70
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bbc9a946d47a719e34ac0a871cd5e7168f03b70
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
