Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3b9c2788 by security tracker role at 2024-08-07T08:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2024-6494 (The WordPress File Upload WordPress plugin before 4.24.8 does
not prop ...)
+ TODO: check
+CVE-2024-42219 (1Password 8 before 8.10.36 for macOS allows local attackers to
exfiltr ...)
+ TODO: check
+CVE-2024-42218 (1Password 8 before 8.10.38 for macOS allows local attackers to
exfiltr ...)
+ TODO: check
+CVE-2024-41270 (An issue discovered in the RunHTTPServer function in Gorush
v1.18.4 al ...)
+ TODO: check
+CVE-2024-3973 (The House Manager WordPress plugin through 1.0.8.4 does not
sanitise ...)
+ TODO: check
+CVE-2024-38206 (An authenticated attacker can bypass Server-Side Request
Forgery (SSRF ...)
+ TODO: check
+CVE-2024-38166 (An unauthenticated attacker can exploit improper
neutralization of inp ...)
+ TODO: check
+CVE-2024-37403 (Ivanti Docs@Work for Android, before 2.26.0 is affected by the
'Dirty ...)
+ TODO: check
+CVE-2024-36132 (Insufficient verification of authentication controls in EPMM
prior to ...)
+ TODO: check
+CVE-2024-36131 (An insecure deserialization vulnerability in web component of
EPMM pri ...)
+ TODO: check
+CVE-2024-36130 (An insufficient authorization vulnerability in web component
of EPMM p ...)
+ TODO: check
+CVE-2024-34788 (An improper authentication vulnerability in web component of
EPMM prio ...)
+ TODO: check
+CVE-2024-34636 (Use of implicit intent for sensitive communication in Samsung
Email pr ...)
+ TODO: check
+CVE-2024-34635 (Out-of-bounds read in parsing textbox object in Samsung Notes
prior to ...)
+ TODO: check
+CVE-2024-34634 (Out-of-bounds read in parsing connected object list in Samsung
Notes p ...)
+ TODO: check
+CVE-2024-34633 (Out-of-bounds read in parsing object header in Samsung Notes
prior to ...)
+ TODO: check
+CVE-2024-34632 (Out-of-bounds read in uuid parsing in Samsung Notes prior to
version 4 ...)
+ TODO: check
+CVE-2024-34631 (Out-of-bounds read in applying new binary in Samsung Notes
prior to ve ...)
+ TODO: check
+CVE-2024-34630 (Out-of-bounds read in applying own binary with textbox in
Samsung Note ...)
+ TODO: check
+CVE-2024-34629 (Out-of-bounds read in applying binary with text common object
in Samsu ...)
+ TODO: check
+CVE-2024-34628 (Out-of-bounds read in applying binary with path in Samsung
Notes prior ...)
+ TODO: check
+CVE-2024-34627 (Out-of-bounds read in parsing implemention in Samsung Notes
prior to v ...)
+ TODO: check
+CVE-2024-34626 (Out-of-bounds read in applying own binary in Samsung Notes
prior to ve ...)
+ TODO: check
+CVE-2024-34625 (Out-of-bounds read in applying connection point in Samsung
Notes prior ...)
+ TODO: check
+CVE-2024-34624 (Out-of-bounds read in applying paragraphs in Samsung Notes
prior to ve ...)
+ TODO: check
+CVE-2024-34623 (Out-of-bounds write in applying connected information in
Samsung Notes ...)
+ TODO: check
+CVE-2024-34622 (Out-of-bounds write in appending paragraph in Samsung Notes
prior to v ...)
+ TODO: check
+CVE-2024-34621 (Out-of-bounds read in applying binary with data in Samsung
Notes prior ...)
+ TODO: check
+CVE-2024-34620 (Improper privilege management in SumeNNService prior to SMR
Aug-2024 R ...)
+ TODO: check
+CVE-2024-34619 (Improper input validation in librtp.so prior to SMR Aug-2024
Release 1 ...)
+ TODO: check
+CVE-2024-34618 (Improper access control in System property prior to SMR
Aug-2024 Relea ...)
+ TODO: check
+CVE-2024-34617 (Improper handling of insufficient permission in Telephony
prior to SMR ...)
+ TODO: check
+CVE-2024-34616 (Improper handling of insufficient permission in
KnoxDualDARPolicy prio ...)
+ TODO: check
+CVE-2024-34615 (Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release
1 allow ...)
+ TODO: check
+CVE-2024-34614 (Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release
1 allow ...)
+ TODO: check
+CVE-2024-34613 (Improper access control in Galaxy Watch prior to SMR Aug-2024
Release ...)
+ TODO: check
+CVE-2024-34612 (Out-of-bound write in libcodec2secmp4vdec.so prior to SMR
Aug-2024 Rel ...)
+ TODO: check
+CVE-2024-34611 (Improper access control in KnoxService prior to SMR Aug-2024
Release 1 ...)
+ TODO: check
+CVE-2024-34610 (Improper access control in ExtControlDeviceService prior to
SMR Aug-20 ...)
+ TODO: check
+CVE-2024-34609 (Improper access control in VoiceNoteService prior to SMR
Aug-2024 Rele ...)
+ TODO: check
+CVE-2024-34608 (Improper access control in PaymentManagerService prior to SMR
Aug-2024 ...)
+ TODO: check
+CVE-2024-34607 (Improper access control in SamsungNotesService prior to SMR
Aug-2024 R ...)
+ TODO: check
+CVE-2024-34606 (Improper access control in SmartThingsService prior to SMR
Aug-2024 Re ...)
+ TODO: check
+CVE-2024-34605 (Improper access control in SamsungHealthService prior to SMR
Aug-2024 ...)
+ TODO: check
+CVE-2024-34604 (Improper access control in LedCoverService prior to SMR
Aug-2024 Relea ...)
+ TODO: check
CVE-2024-7564 (Logsign Unified SecOps Platform Directory Traversal Information
Disclo ...)
NOT-FOR-US: Logsign Unified SecOps Platform
CVE-2024-7552 (A vulnerability was found in DataGear up to 5.0.0. It has been
declare ...)
@@ -178,25 +268,26 @@ CVE-2024-5290
{DSA-5739-1}
- wpa 2:2.10-22
NOTE: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
-CVE-2024-7550
+CVE-2024-7550 (Type Confusion in V8 in Google Chrome prior to 127.0.6533.99
allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7536
+CVE-2024-7536 (Use after free in WebAudio in Google Chrome prior to
127.0.6533.99 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7535
+CVE-2024-7535 (Inappropriate implementation in V8 in Google Chrome prior to
127.0.653 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7534
+CVE-2024-7534 (Heap buffer overflow in Layout in Google Chrome prior to
127.0.6533.99 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7533
+CVE-2024-7533 (Use after free in Sharing in Google Chrome on iOS prior to
127.0.6533. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7532
+CVE-2024-7532 (Out of bounds memory access in ANGLE in Google Chrome prior to
127.0.6 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7531 (Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same
buffer ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7531
@@ -205,6 +296,7 @@ CVE-2024-7530 (Incorrect garbage collection interaction
could have led to a use-
- firefox 129.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7530
CVE-2024-7529 (The date picker could partially obscure security prompts. This
could b ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -215,13 +307,15 @@ CVE-2024-7528 (Incorrect garbage collection interaction
in IndexedDB could have
- firefox 129.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7528
CVE-2024-7527 (Unexpected marking work at the start of sweeping could have led
to a u ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7527
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7527
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7527
-CVE-2024-7526 (ANGLE failed to initialize parameters which lead to reading
from unini ...)
+CVE-2024-7526 (ANGLE failed to initialize parameters which led to reading from
uninit ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -229,6 +323,7 @@ CVE-2024-7526 (ANGLE failed to initialize parameters which
lead to reading from
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7526
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7526
CVE-2024-7525 (It was possible for a web extension with minimal permissions to
create ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -236,6 +331,7 @@ CVE-2024-7525 (It was possible for a web extension with
minimal permissions to c
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7525
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7525
CVE-2024-7524 (Firefox adds web-compatibility shims in place of some tracking
scripts ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7524
@@ -244,6 +340,7 @@ CVE-2024-7523 (A select option could partially obscure
security prompts. This co
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7523
CVE-2024-7522 (Editor code failed to check an attribute value. This could have
led to ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -251,6 +348,7 @@ CVE-2024-7522 (Editor code failed to check an attribute
value. This could have l
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7522
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7522
CVE-2024-7521 (Incomplete WebAssembly exception handing could have led to a
use-after ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -261,6 +359,7 @@ CVE-2024-7520 (A type confusion bug in WebAssembly could be
leveraged by an atta
- firefox 129.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7520
CVE-2024-7519 (Insufficient checks when processing graphics shared memory
could have ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -286,9 +385,9 @@ CVE-2024-41989
- python-django 3:4.2.15-1 (bug #1078074)
NOTE:
https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE:
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/
(4.2.15)
-CVE-2024-42062
+CVE-2024-42062 (CloudStack account-users by default use username and password
based au ...)
NOT-FOR-US: Apache CloudStack
-CVE-2024-42222
+CVE-2024-42222 (In Apache CloudStack 4.19.1.0, a regression in the network
listing API ...)
NOT-FOR-US: Apache CloudStack
CVE-2024-7506 (A vulnerability has been found in itsourcecode Tailoring
Management Sy ...)
NOT-FOR-US: itsourcecode Tailoring Management System
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b9c2788cd33ff1926ed1a6ebf200bcad5abab23
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b9c2788cd33ff1926ed1a6ebf200bcad5abab23
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
