Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5da139a9 by security tracker role at 2024-08-08T20:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,152 @@
-CVE-2024-7348
+CVE-2024-7610 (A Denial of Service (DoS) condition has been discovered in
GitLab CE/E ...)
+ TODO: check
+CVE-2024-7554 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
+ TODO: check
+CVE-2024-7490 (Improper Input Validation vulnerability in Microchip Techology
Advance ...)
+ TODO: check
+CVE-2024-7480 (AnImproper access control vulnerability was found in Avaya Aura
System ...)
+ TODO: check
+CVE-2024-7477 (A SQL injection vulnerability was found which could allow a
command li ...)
+ TODO: check
+CVE-2024-7394 (Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are
vulnerable ...)
+ TODO: check
+CVE-2024-7123
+ REJECTED
+CVE-2024-7121
+ REJECTED
+CVE-2024-6329 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-5423 (Multiple Denial of Service (DoS) conditions has been discovered
in Git ...)
+ TODO: check
+CVE-2024-4784 (An issue was discovered in GitLab EE starting from version 16.7
before ...)
+ TODO: check
+CVE-2024-4210 (A Denial of Service (DoS) condition has been discovered in
GitLab CE/E ...)
+ TODO: check
+CVE-2024-4207 (A cross-site scripting issue has been discovered in GitLab
affecting a ...)
+ TODO: check
+CVE-2024-42493 (Dorsett Controls InfoScan is vulnerable due to a leak of
possible sen ...)
+ TODO: check
+CVE-2024-42408 (The InfoScan client download page can be intercepted with a
proxy, to ...)
+ TODO: check
+CVE-2024-42366 (VRCX is an assistant/companion application for VRChat. In
versions pri ...)
+ TODO: check
+CVE-2024-42365 (Asterisk is an open source private branch exchange (PBX) and
telephony ...)
+ TODO: check
+CVE-2024-42357 (Shopware is an open commerce platform. Prior to versions
6.6.5.1 and 6 ...)
+ TODO: check
+CVE-2024-42356 (Shopware is an open commerce platform. Prior to versions
6.6.5.1 and 6 ...)
+ TODO: check
+CVE-2024-42355 (Shopware, an open ecommerce platform, has a new Twig Tag
`sw_silent_fe ...)
+ TODO: check
+CVE-2024-42354 (Shopware is an open commerce platform. The store-API works
with regula ...)
+ TODO: check
+CVE-2024-42038 (Vulnerability of PIN enhancement failures in the screen lock
module Im ...)
+ TODO: check
+CVE-2024-42037 (Vulnerability of uncaught exceptions in the Graphics module
Impact: Su ...)
+ TODO: check
+CVE-2024-42036 (Access permission verification vulnerability in the Notepad
module Imp ...)
+ TODO: check
+CVE-2024-42035 (Permission control vulnerability in the App Multiplier module
Impact:S ...)
+ TODO: check
+CVE-2024-42034 (LaunchAnywhere vulnerability in the account module. Impact:
Successful ...)
+ TODO: check
+CVE-2024-42033 (Access control vulnerability in the security verification
module mpact ...)
+ TODO: check
+CVE-2024-42032 (Access permission verification vulnerability in the Contacts
module Im ...)
+ TODO: check
+CVE-2024-42031 (Access permission verification vulnerability in the Settings
module. I ...)
+ TODO: check
+CVE-2024-42030 (Access permission verification vulnerability in the content
sharing po ...)
+ TODO: check
+CVE-2024-42001 (An improper authentication vulnerability affecting Vonets
ind ...)
+ TODO: check
+CVE-2024-41942 (JupyterHub is software that allows one to create a multi-user
server f ...)
+ TODO: check
+CVE-2024-41936 (A directory traversal vulnerability affecting Vonets
industrial wifi b ...)
+ TODO: check
+CVE-2024-41238 (A SQL injection vulnerability in /smsa/student_login.php in
Kashipara ...)
+ TODO: check
+CVE-2024-41161 (Use of hard-coded credentials vulnerability affecting Vonets
industria ...)
+ TODO: check
+CVE-2024-40488 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
the Kas ...)
+ TODO: check
+CVE-2024-40487 (A Stored Cross Site Scripting (XSS) vulnerability was found in
"/view_ ...)
+ TODO: check
+CVE-2024-40486 (A SQL injection vulnerability in "/index.php" of Kashipara
Live Member ...)
+ TODO: check
+CVE-2024-40484 (A Reflected Cross Site Scripting (XSS) vulnerability was found
in "/oa ...)
+ TODO: check
+CVE-2024-40482 (An Unrestricted file upload vulnerability was found in
"/Membership/ed ...)
+ TODO: check
+CVE-2024-40481 (A Stored Cross Site Scripting (XSS) vulnerability was found in
"/admin ...)
+ TODO: check
+CVE-2024-40477 (A SQL injection vulnerability in
"/oahms/admin/forgot-password.php" in ...)
+ TODO: check
+CVE-2024-40476 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
SourceC ...)
+ TODO: check
+CVE-2024-40475 (SourceCodester Best House Rental Management System v1.0 is
vulnerable ...)
+ TODO: check
+CVE-2024-3958 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
+ TODO: check
+CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is
vulnerable t ...)
+ TODO: check
+CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-3035 (A permission check vulnerability in GitLab CE/EE affecting all
version ...)
+ TODO: check
+CVE-2024-39815 (Improper check or handling of exceptional conditions
vulnerability af ...)
+ TODO: check
+CVE-2024-39791 (Stack-based buffer overflow vulnerabilities affecting Vonets
in ...)
+ TODO: check
+CVE-2024-39287 (Dorsett Controls Central Server update server has potential
informatio ...)
+ TODO: check
+CVE-2024-37382 (An issue discovered in import host feature in Ab Initio
Metadata Hub a ...)
+ TODO: check
+CVE-2024-37023 (Multiple OS command injection vulnerabilities affecting Vonets
indu ...)
+ TODO: check
+CVE-2024-2800 (ReDoS flaw in RefMatcher when matching branch names using
wildcards in ...)
+ TODO: check
+CVE-2024-29082 (Improper access control vulnerability affecting Vonets
industrial wi ...)
+ TODO: check
+CVE-2024-0108 (NVIDIA Jetson Linux contains a vulnerability in NvGPU where
error hand ...)
+ TODO: check
+CVE-2024-0107 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2024-0104 (NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC
contain a v ...)
+ TODO: check
+CVE-2024-0101 (NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC
contain a v ...)
+ TODO: check
+CVE-2023-7265 (Permission verification vulnerability in the lock screen module
Impact ...)
+ TODO: check
+CVE-2023-40261 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0
SR17, 4.0.0 ...)
+ TODO: check
+CVE-2023-33206 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0
SR16, 4.0.0 ...)
+ TODO: check
+CVE-2024-7348 (Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in
Postgr ...)
- postgresql-16 16.4-1
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
NOTE: https://www.postgresql.org/support/security/CVE-2024-7348/
-CVE-2024-42257 [ext4: use memtostr_pad() for s_volume_name]
+CVE-2024-42257 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/be27cd64461c45a6088a91a04eba5cd44e1767ef (6.11-rc1)
-CVE-2024-42256 [cifs: Fix server re-repick on subrequest retry]
+CVE-2024-42256 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/de40579b903883274fe203865f29d66b168b7236 (6.11-rc1)
-CVE-2024-42255 [tpm: Use auth only after NULL check in
tpm_buf_check_hmac_response()]
+CVE-2024-42255 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7dc357d343f134bf59815ff6098b93503ec8a23b (6.11-rc1)
-CVE-2024-42254 [io_uring: fix error pbuf checking]
+CVE-2024-42254 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/bcc87d978b834c298bbdd9c52454c5d0a946e97e (6.11-rc1)
-CVE-2024-42253 [gpio: pca953x: fix pca953x_irq_bus_sync_unlock race]
+CVE-2024-42253 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.9.11-1
NOTE:
https://git.kernel.org/linus/bfc6444b57dc7186b6acc964705d7516cbaf3904 (6.10-rc6)
-CVE-2024-42252 [closures: Change BUG_ON() to WARN_ON()]
+CVE-2024-42252 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.9.11-1
NOTE:
https://git.kernel.org/linus/339b84ab6b1d66900c27bd999271cb2ae40ce812 (6.10-rc5)
-CVE-2024-42251 [mm: page_ref: remove folio_try_get_rcu()]
+CVE-2024-42251 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.9.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -562,7 +686,7 @@ CVE-2024-7530 (Incorrect garbage collection interaction
could have led to a use-
- firefox 129.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7530
CVE-2024-7529 (The date picker could partially obscure security prompts. This
could b ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -573,7 +697,7 @@ CVE-2024-7528 (Incorrect garbage collection interaction in
IndexedDB could have
- firefox 129.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7528
CVE-2024-7527 (Unexpected marking work at the start of sweeping could have led
to a u ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -581,7 +705,7 @@ CVE-2024-7527 (Unexpected marking work at the start of
sweeping could have led t
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7527
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7527
CVE-2024-7526 (ANGLE failed to initialize parameters which led to reading from
uninit ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -589,7 +713,7 @@ CVE-2024-7526 (ANGLE failed to initialize parameters which
led to reading from u
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7526
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7526
CVE-2024-7525 (It was possible for a web extension with minimal permissions to
create ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -606,7 +730,7 @@ CVE-2024-7523 (A select option could partially obscure
security prompts. This co
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7523
CVE-2024-7522 (Editor code failed to check an attribute value. This could have
led to ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -614,7 +738,7 @@ CVE-2024-7522 (Editor code failed to check an attribute
value. This could have l
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7522
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7522
CVE-2024-7521 (Incomplete WebAssembly exception handing could have led to a
use-after ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -625,7 +749,7 @@ CVE-2024-7520 (A type confusion bug in WebAssembly could be
leveraged by an atta
- firefox 129.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7520
CVE-2024-7519 (Insufficient checks when processing graphics shared memory
could have ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -923,13 +1047,16 @@ CVE-2024-6472 (Certificate Validation user interface in
LibreOffice allows poten
NOTE:
https://github.com/LibreOffice/core/commit/2587dbff640e2443f0800f9c1a865723500de1c5
(distro/mimo/7-0)
NOTE:
https://github.com/LibreOffice/core/commit/b8c9ba427e23e45ef782d6a144f4415cae3c9b13
(distro/mimo/6-2)
CVE-2024-42010 (mod_css_styles in Roundcube through 1.5.7 and 1.6.x through
1.6.7 allo ...)
+ {DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE:
https://github.com/roundcube/roundcubemail/commit/602d0f566eb39b6dcb739ad78323ec434a3b92ce
CVE-2024-42009 (A Cross-Site Scripting vulnerability in Roundcube through
1.5.7 and 1. ...)
+ {DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE:
https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
NOTE:
https://github.com/roundcube/roundcubemail/commit/68af7c864a36e1941764238dac440ab0d99a8d26
CVE-2024-42008 (A Cross-Site Scripting vulnerability in
rcmail_action_mail_get->run() ...)
+ {DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE:
https://github.com/roundcube/roundcubemail/commit/89c8fe9ae9318c015807fbcbf7e39555fb30885d
NOTE: Regression/follow-up:
https://github.com/roundcube/roundcubemail/commit/32fed15346e5b842042e5dd1001d6878225c5367
@@ -13349,7 +13476,7 @@ CVE-2024-0892 (The Schema App Structured Data plugin
for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-0103 (NVIDIA Triton Inference Server for Linux contains a
vulnerability wher ...)
NOT-FOR-US: NVIDIA
-CVE-2024-0102
+CVE-2024-0102 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability
in nvdi ...)
- nvidia-cuda-toolkit <unfixed> (bug #1076164)
[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
@@ -25180,7 +25307,7 @@ CVE-2024-4765 (Web application manifests were stored by
using an insecure MD5 ha
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765
CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which
would al ...)
- {DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
+ {DSA-5742-1 DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -104510,8 +104637,8 @@ CVE-2023-28866 (In the Linux kernel through 6.2.8,
net/bluetooth/hci_sync.c allo
- linux 6.1.20-2
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
-CVE-2023-28865
- RESERVED
+CVE-2023-28865 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0
SR15, 4.0.0 ...)
+ TODO: check
CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker
to expl ...)
- chef <removed>
[buster] - chef <not-affected> (chef package does not include upstream
chef-server)
@@ -119330,12 +119457,12 @@ CVE-2023-24066
RESERVED
CVE-2023-24065 (NOSH 4a5cfdb allows stored XSS via the create user page. For
example, ...)
NOT-FOR-US: NOSH
-CVE-2023-24064
- RESERVED
-CVE-2023-24063
- RESERVED
-CVE-2023-24062
- RESERVED
+CVE-2023-24064 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4
fails to ...)
+ TODO: check
+CVE-2023-24063 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10
fails t ...)
+ TODO: check
+CVE-2023-24062 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0
SR12, 4.0.0 ...)
+ TODO: check
CVE-2023-24061
RESERVED
CVE-2023-24060 (Haven 5d15944 allows Server-Side Request Forgery (SSRF) via
the feed[u ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5da139a9d03b5dfbac63a3d7309f0fd873a7ee2f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5da139a9d03b5dfbac63a3d7309f0fd873a7ee2f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
