Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d1f4edf by security tracker role at 2024-09-02T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,96 @@
-CVE-2024-44947 [fuse: Initialize beyond-EOF page contents before setting
uptodate]
+CVE-2024-8004 (A stored Cross-site Scripting (XSS) vulnerability affecting
ENOVIA Col ...)
+ TODO: check
+CVE-2024-7939 (A stored Cross-site Scripting (XSS) vulnerability affecting
3DSwym in ...)
+ TODO: check
+CVE-2024-7938 (A stored Cross-site Scripting (XSS) vulnerability affecting
3DDashboar ...)
+ TODO: check
+CVE-2024-7932 (A stored Cross-site Scripting (XSS) vulnerability affecting
3DDashboar ...)
+ TODO: check
+CVE-2024-6921 (Cleartext Storage of Sensitive Information vulnerability in NAC
Teleco ...)
+ TODO: check
+CVE-2024-6920 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-6919 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-45622 (ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0
through 3 ...)
+ TODO: check
+CVE-2024-45621 (The Electron desktop application of Rocket.Chat through 6.3.4
allows s ...)
+ TODO: check
+CVE-2024-45388 (Hoverfly is a lightweight service virtualization/ API
simulation / API ...)
+ TODO: check
+CVE-2024-45313 (Overleaf is a web-based collaborative LaTeX editor. When
installing Se ...)
+ TODO: check
+CVE-2024-45312 (Overleaf is a web-based collaborative LaTeX editor. Overleaf
Community ...)
+ TODO: check
+CVE-2024-45311 (Quinn is a pure-Rust, async-compatible implementation of the
IETF QUIC ...)
+ TODO: check
+CVE-2024-45308 (HedgeDoc is an open source, real-time, collaborative, markdown
notes a ...)
+ TODO: check
+CVE-2024-45306 (Vim is an open source, command line text editor. Patch
v9.1.0038 optim ...)
+ TODO: check
+CVE-2024-45305 (gix-path is a crate of the gitoxide project dealing with git
paths and ...)
+ TODO: check
+CVE-2024-43801 (Jellyfin is an open source self hosted media server. The
Jellyfin user ...)
+ TODO: check
+CVE-2024-43797 (audiobookshelf is a self-hosted audiobook and podcast server.
A non-ad ...)
+ TODO: check
+CVE-2024-43792 (Halo is an open source website building tool. A security
vulnerability ...)
+ TODO: check
+CVE-2024-42471 (actions/artifact is the GitHub ToolKit for developing GitHub
Actions. ...)
+ TODO: check
+CVE-2024-38858 (Improper neutralization of input in Checkmk before version
2.3.0p14 al ...)
+ TODO: check
+CVE-2024-38402 (Memory corruption while processing IOCTL call for getting
group info.)
+ TODO: check
+CVE-2024-38401 (Memory corruption while processing concurrent IOCTL calls.)
+ TODO: check
+CVE-2024-33060 (Memory corruption when two threads try to map and unmap a
single node ...)
+ TODO: check
+CVE-2024-33057 (Transient DOS while parsing the multi-link element Control
field when ...)
+ TODO: check
+CVE-2024-33054 (Memory corruption during the handshake between the Primary
Virtual Mac ...)
+ TODO: check
+CVE-2024-33052 (Memory corruption when user provides data for FM HCI command
control o ...)
+ TODO: check
+CVE-2024-33051 (Transient DOS while processing TIM IE from beacon frame as
there is no ...)
+ TODO: check
+CVE-2024-33050 (Transient DOS while parsing MBSSID during new IE generation in
beacon/ ...)
+ TODO: check
+CVE-2024-33048 (Transient DOS while parsing the received TID-to-link mapping
element o ...)
+ TODO: check
+CVE-2024-33047 (Memory corruption when the captureRead QDCM command is invoked
from us ...)
+ TODO: check
+CVE-2024-33045 (Memory corruption when BTFM client sends new messages over
Slimbus to ...)
+ TODO: check
+CVE-2024-33043 (Transient DOS while handling PS event when Program Service
name length ...)
+ TODO: check
+CVE-2024-33042 (Memory corruption when Alternative Frequency offset value is
set to 25 ...)
+ TODO: check
+CVE-2024-33038 (Memory corruption while passing untrusted/corrupted pointers
from DSP ...)
+ TODO: check
+CVE-2024-33035 (Memory corruption while calculating total metadata size when a
very hi ...)
+ TODO: check
+CVE-2024-33016 (memory corruption when an invalid firehose patch command is
invoked.)
+ TODO: check
+CVE-2024-28100 (eLabFTW is an open source electronic lab notebook for research
labs. B ...)
+ TODO: check
+CVE-2024-23365 (Memory corruption while releasing shared resources in
MinkSocket liste ...)
+ TODO: check
+CVE-2024-23364 (Transient DOS when processing the non-transmitted BSSID
profile sub-el ...)
+ TODO: check
+CVE-2024-23362 (Cryptographic issue while parsing RSA keys in COBR format.)
+ TODO: check
+CVE-2024-23359 (Information disclosure while decoding Tracking Area Update
Accept or A ...)
+ TODO: check
+CVE-2024-23358 (Transient DOS when registration accept OTA is received with
incorrect ...)
+ TODO: check
+CVE-2024-1621 (The registration process of uniFLOW Online (NT-ware product)
apps, pri ...)
+ TODO: check
+CVE-2023-7279 (A vulnerability has been found in Secure Systems Engineering
Connaisse ...)
+ TODO: check
+CVE-2020-36830 (A vulnerability was found in nescalante urlregex up to 0.5.0
and class ...)
+ TODO: check
+CVE-2024-44947 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
- linux 6.10.7-1
NOTE:
https://git.kernel.org/linus/3c0da3d163eb32f1f91891efaade027fa9b245b9 (6.11-rc4)
CVE-2024-8370 (A vulnerability classified as problematic was found in Grocy up
to 4.2 ...)
@@ -3742,13 +3834,13 @@ CVE-2024-43374 (The UNIX editor Vim prior to version
9.1.0678 has a use-after-fr
NOTE: https://github.com/vim/vim/security/GHSA-2w8m-443v-cgvw
NOTE:
https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8
(v9.1.0678)
CVE-2024-23185
- {DSA-5752-1}
+ {DSA-5752-1 DLA-3860-1}
- dovecot 1:2.3.21.1+dfsg1-1 (bug #1078877)
NOTE: https://www.openwall.com/lists/oss-security/2024/08/15/4
NOTE: Fixed by:
https://github.com/dovecot/core/commit/f020e139c519121d9630a966310ea8e100ee33b7
(2.3.21.1)
NOTE: Fixed by:
https://github.com/dovecot/core/commit/ce88c33abc37e408592eff70aeefa28f803effb9
(2.3.21.1)
CVE-2024-23184
- {DSA-5752-1}
+ {DSA-5752-1 DLA-3860-1}
- dovecot 1:2.3.21.1+dfsg1-1 (bug #1078876)
NOTE: https://www.openwall.com/lists/oss-security/2024/08/15/3
NOTE: Fixed by:
https://github.com/dovecot/core/commit/8e4c42dbb3c770fcdbc396f2abcf1bc228ec548d
(2.3.21.1)
@@ -25531,7 +25623,7 @@ CVE-2021-47433 (In the Linux kernel, the following
vulnerability has been resolv
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE:
https://git.kernel.org/linus/4afb912f439c4bc4e6a4f3e7547f2e69e354108f (5.15-rc6)
-CVE-2024-5148
+CVE-2024-5148 (A flaw was found in the gnome-remote-desktop package. The
gnome-remote ...)
[experimental] - gnome-remote-desktop 46.2-1
- gnome-remote-desktop <not-affected> (Vulnerable code only in 46
series)
NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
@@ -37683,7 +37775,7 @@ CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0,
a TOCTOU race condition a
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381
NOTE:
https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f
(v2.2.0)
CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If
attacker-supplie ...)
- {DSA-5677-1}
+ {DSA-5677-1 DLA-3858-1}
- ruby3.2 <unfixed> (bug #1069968)
- ruby3.1 <unfixed> (bug #1069969)
- ruby2.7 <removed>
@@ -48373,7 +48465,7 @@ CVE-2020-36826 (A vulnerability was found in
AwesomestCode LiveBot. It has been
CVE-2020-36825 (** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability
has bee ...)
NOT-FOR-US: cyberaz0r WebRAT
CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as
distributed in ...)
- {DSA-5677-1}
+ {DSA-5677-1 DLA-3858-1}
- ruby3.2 <unfixed> (bug #1067802)
- ruby3.1 <unfixed> (bug #1067803)
- ruby2.7 <removed>
@@ -48382,7 +48474,7 @@ CVE-2024-27281 (An issue was discovered in RDoc 6.3.3
through 6.6.2, as distribu
NOTE:
https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d
(v6.6.3)
NOTE: Follow-up:
https://github.com/ruby/rdoc/commit/e4a0e71e6f1032f8b4e5e58b4ef60d702c22ce17
(v6.6.3.1)
CVE-2024-27280 (A buffer-overread issue was discovered in StringIO 3.0.1, as
distribut ...)
- {DSA-5677-1}
+ {DSA-5677-1 DLA-3858-1}
- ruby3.2 <not-affected> (Fixed before initial upload to Debian)
- ruby3.1 <unfixed> (bug #1069966)
- ruby2.7 <removed>
@@ -58991,7 +59083,7 @@ CVE-2023-6516 (To keep its cache database efficient,
`named` running as a recurs
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y
series
NOTE: which entered unstable as the fixed version as workaround.
CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034,
4035, 6 ...)
- {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3816-1 DLA-3736-1}
+ {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3859-1 DLA-3816-1
DLA-3736-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
- knot-resolver 5.7.1-1
@@ -59039,7 +59131,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS
protocol (in RFC 4033, 4034, 4
NOTE:
https://github.com/dnsjava/dnsjava/commit/07ac36a11578cc1bce0cd8ddf2fe568f062aee78
(v3.6.0)
NOTE:
https://github.com/dnsjava/dnsjava/commit/3ddc45ce8cdb5c2274e10b7401416f497694e1cf
(v3.6.0)
CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC
5155 whe ...)
- {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3816-1 DLA-3736-1}
+ {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3859-1 DLA-3816-1
DLA-3736-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
- knot-resolver 5.7.1-1
@@ -69149,6 +69241,7 @@ CVE-2023-41166 (An issue was discovered in Stormshield
Network Security (SNS) 3.
CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository
huggingface/tra ...)
NOT-FOR-US: Transformers
CVE-2023-7008 (A vulnerability was found in systemd-resolved. This issue may
allow sy ...)
+ {DLA-3859-1}
- systemd 255.1-3 (bug #1059278)
[bookworm] - systemd 252.21-1~deb12u1
[buster] - systemd <no-dsa> (Minor issue)
@@ -78695,6 +78788,7 @@ CVE-2023-46858 (Moodle 4.3 allows
/grade/report/grader/index.php?searchvalue= re
CVE-2023-46854 (Proxmox proxmox-widget-toolkit before 4.0.9, as used in
multiple Proxm ...)
NOT-FOR-US: Proxmox proxmox-widget-toolkit
CVE-2023-45897 (exfatprogs before 1.2.2 allows out-of-bounds memory access,
such as in ...)
+ {DLA-3861-1}
- exfatprogs 1.2.2-1
[bookworm] - exfatprogs 1.2.0-1+deb12u1
NOTE:
https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf
(1.2.2)
@@ -79998,6 +80092,7 @@ CVE-2023-43624 (CX-Designer Ver.3.740 and earlier
(included in CX-One CXONE-AL[]
CVE-2023-46306 (The web administration interface in NetModule Router Software
(NRSW) 4 ...)
NOT-FOR-US: NetModule Router Software
CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py
in calib ...)
+ {DLA-3862-1}
- calibre 6.19.1-1
[bookworm] - calibre 6.13.0+repack-2+deb12u3
[buster] - calibre <no-dsa> (Minor issue)
@@ -97046,6 +97141,7 @@ CVE-2023-37254 (An issue was discovered in the Cargo
extension for MediaWiki thr
CVE-2023-37251 (An issue was discovered in the GoogleAnalyticsMetrics
extension for Me ...)
NOT-FOR-US: MediaWiki extension GoogleAnalyticsMetrics
CVE-2023-36617 (A ReDoS issue was discovered in the URI component before
0.12.2 for Ru ...)
+ {DLA-3858-1}
- rubygems <not-affected> (Incomplete fix never applied)
- ruby3.1 <not-affected> (Incomplete fix never applied)
- ruby2.7 <not-affected> (Incomplete fix never applied)
@@ -110749,7 +110845,7 @@ CVE-2023-28758 (An issue was discovered in Veritas
NetBackup before 8.3.0.2. BPC
CVE-2023-28757
RESERVED
CVE-2023-28756 (A ReDoS issue was discovered in the Time component through
0.2.1 in Ru ...)
- {DLA-3447-1 DLA-3408-1}
+ {DLA-3858-1 DLA-3447-1 DLA-3408-1}
- ruby3.1 <unfixed> (bug #1038408)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
@@ -110763,7 +110859,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the
Time component through 0.2.1
NOTE:
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
NOTE:
https://github.com/jruby/jruby/commit/36637a1b4e434cbb75c8f87be128b7763cedf99d
(9.4.3.0)
CVE-2023-28755 (A ReDoS issue was discovered in the URI component through
0.12.0 in Ru ...)
- {DLA-3447-1 DLA-3408-1}
+ {DLA-3858-1 DLA-3447-1 DLA-3408-1}
- rubygems 3.4.20-1
[bookworm] - rubygems <no-dsa> (Minor issue)
[bullseye] - rubygems <no-dsa> (Minor issue)
@@ -190697,7 +190793,7 @@ CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management
Key Performance Indicator
CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator
System 5+ e ...)
NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator
System
CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x
before 2.7.6, ...)
- {DLA-3450-1}
+ {DLA-3858-1 DLA-3450-1}
- ruby3.0 3.0.4-1 (bug #1009956)
- ruby2.7 <removed> (bug #1009957)
- ruby2.5 <removed>
@@ -217088,6 +217184,7 @@ CVE-2021-44688
CVE-2021-44687
RESERVED
CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is
vulnerable ...)
+ {DLA-3862-1}
- calibre 5.33.0+dfsg-1
[buster] - calibre <no-dsa> (Minor issue)
[stretch] - calibre <no-dsa> (Minor issue)
@@ -249329,7 +249426,7 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x,
and SingularityPRO before 3.
- singularity-container 3.9.5+ds1-2 (bug #990201)
NOTE:
https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x
before 0.3.5 ...)
- {DLA-3450-1}
+ {DLA-3858-1 DLA-3450-1}
- ruby3.1 3.1.2-4 (bug #1024799)
- ruby3.0 <removed> (bug #1024800)
- ruby2.7 <removed>
@@ -251297,7 +251394,7 @@ CVE-2021-32864
CVE-2021-32863
REJECTED
CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a
cross-sit ...)
- {DLA-3442-1}
+ {DLA-3863-1 DLA-3442-1}
- nbconvert 6.5.1-1
NOTE:
https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
NOTE:
https://github.com/jupyter/nbconvert/commit/d09000bbf076410ce4bd4d9a406f9bbe849cd5c6
(6.5.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1f4edfeb21c4f8a032e2ce6dca1d32a1f1d781
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1f4edfeb21c4f8a032e2ce6dca1d32a1f1d781
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
