Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3b0028ff by security tracker role at 2024-09-04T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,351 @@
+CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1.
They cont ...)
+ TODO: check
+CVE-2024-8417 (A vulnerability was found in
\u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u670 ...)
+ TODO: check
+CVE-2024-8416 (A vulnerability was found in SourceCodester Food Ordering
Management S ...)
+ TODO: check
+CVE-2024-8415 (A vulnerability was found in SourceCodester Food Ordering
Management S ...)
+ TODO: check
+CVE-2024-8414 (A vulnerability has been found in SourceCodester Insurance
Management ...)
+ TODO: check
+CVE-2024-8413 (Cross Site Scripting (XSS) vulnerability through the action
parameter ...)
+ TODO: check
+CVE-2024-8412 (A vulnerability, which was classified as problematic, was found
in Lin ...)
+ TODO: check
+CVE-2024-8411 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-8410 (A vulnerability classified as problematic was found in ABCD
ABCD2 up t ...)
+ TODO: check
+CVE-2024-8409 (A vulnerability classified as problematic has been found in
ABCD ABCD2 ...)
+ TODO: check
+CVE-2024-8408 (A vulnerability was found in Linksys WRT54G 4.21.5. It has been
rated ...)
+ TODO: check
+CVE-2024-8407 (A vulnerability was found in alwindoss akademy up to
35caccea888ed63d5 ...)
+ TODO: check
+CVE-2024-8399 (Websites could utilize Javascript links to spoof URL addresses
in the ...)
+ TODO: check
+CVE-2024-8391 (In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does
not lim ...)
+ TODO: check
+CVE-2024-8325 (The Blockspare: Gutenberg Blocks & Patterns for Blogs,
Magazines, Busi ...)
+ TODO: check
+CVE-2024-8318 (The Attributes for Blocks plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-8298 (Memory request vulnerability in the memory management module
Impact: S ...)
+ TODO: check
+CVE-2024-8289 (The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor
Marketpla ...)
+ TODO: check
+CVE-2024-8123 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-8121 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-8119 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-8117 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-8106 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-8104 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-8102 (The The Ultimate WordPress Toolkit \u2013 WP Extended plugin
for WordP ...)
+ TODO: check
+CVE-2024-7950 (The WP Job Portal \u2013 A Complete Recruitment System for
Company or ...)
+ TODO: check
+CVE-2024-7923 (An authentication bypass vulnerability has been identified in
Pulpcore ...)
+ TODO: check
+CVE-2024-7870 (The PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager
and the ...)
+ TODO: check
+CVE-2024-7834 (A local privilege escalation is caused by Overwolf loading and
executi ...)
+ TODO: check
+CVE-2024-7821
+ REJECTED
+CVE-2024-7786 (The Sensei LMS WordPress plugin before 4.24.2 does not
properly prote ...)
+ TODO: check
+CVE-2024-7078 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-7077 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-7076 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-7012 (An authentication bypass vulnerability has been identified in
Foreman ...)
+ TODO: check
+CVE-2024-6926 (The Viral Signup WordPress plugin through 2.1 does not
properly sanit ...)
+ TODO: check
+CVE-2024-6889 (The Secure Copy Content Protection and Content Locking
WordPress plugi ...)
+ TODO: check
+CVE-2024-6888 (The Secure Copy Content Protection and Content Locking
WordPress plugi ...)
+ TODO: check
+CVE-2024-6722 (The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce
Chatbot Word ...)
+ TODO: check
+CVE-2024-6020 (The Sign-up Sheets WordPress plugin before 2.2.13 does not
escape some ...)
+ TODO: check
+CVE-2024-45507 (Server-Side Request Forgery (SSRF), Improper Control of
Generation of ...)
+ TODO: check
+CVE-2024-45450 (Permission control vulnerability in the software update
module. Impact ...)
+ TODO: check
+CVE-2024-45449 (Access permission verification vulnerability in the ringtone
setting m ...)
+ TODO: check
+CVE-2024-45448 (Page table protection configuration vulnerability in the
trusted firmw ...)
+ TODO: check
+CVE-2024-45447 (Access control vulnerability in the camera framework module
Impact: Su ...)
+ TODO: check
+CVE-2024-45446 (Access permission verification vulnerability in the camera
driver modu ...)
+ TODO: check
+CVE-2024-45445 (Vulnerability of resources not being closed or released in the
keystor ...)
+ TODO: check
+CVE-2024-45444 (Access permission verification vulnerability in the WMS module
Impact: ...)
+ TODO: check
+CVE-2024-45443 (Directory traversal vulnerability in the cust module Impact:
Successfu ...)
+ TODO: check
+CVE-2024-45442 (Vulnerability of permission verification for APIs in the
DownloadProvi ...)
+ TODO: check
+CVE-2024-45441 (Input verification vulnerability in the system service module
Impact: ...)
+ TODO: check
+CVE-2024-45394 (Authenticator is a browser extensions that generates two-step
verifica ...)
+ TODO: check
+CVE-2024-45314 (Flask-AppBuilder is an application development framework.
Prior to ver ...)
+ TODO: check
+CVE-2024-45195 (Direct Request ('Forced Browsing') vulnerability in Apache
OFBiz. Thi ...)
+ TODO: check
+CVE-2024-45177 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45174 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45172 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45170 (An issue was discovered in za-internet C-MOR Video
Surveillance 5.2401 ...)
+ TODO: check
+CVE-2024-45076 (IBM webMethods Integration 10.15 could allow an authenticated
user to ...)
+ TODO: check
+CVE-2024-45075 (IBM webMethods Integration 10.15 could allow an authenticated
user to ...)
+ TODO: check
+CVE-2024-45074 (IBM webMethods Integration 10.15 could allow an authenticated
user to ...)
+ TODO: check
+CVE-2024-45053 (Fides is an open-source privacy engineering platform. Starting
in vers ...)
+ TODO: check
+CVE-2024-45052 (Fides is an open-source privacy engineering platform. Prior to
version ...)
+ TODO: check
+CVE-2024-45050 (Ringer server is the server code for the Ringer messaging app.
Prior t ...)
+ TODO: check
+CVE-2024-45008 (In the Linux kernel, the following vulnerability has been
resolved: I ...)
+ TODO: check
+CVE-2024-45007 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ TODO: check
+CVE-2024-45006 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ TODO: check
+CVE-2024-45005 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
+ TODO: check
+CVE-2024-45004 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
+ TODO: check
+CVE-2024-45003 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
+ TODO: check
+CVE-2024-45002 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
+ TODO: check
+CVE-2024-45001 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-45000 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
+ TODO: check
+CVE-2024-44999 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
+ TODO: check
+CVE-2024-44998 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
+ TODO: check
+CVE-2024-44997 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-44996 (In the Linux kernel, the following vulnerability has been
resolved: v ...)
+ TODO: check
+CVE-2024-44995 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-44994 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ TODO: check
+CVE-2024-44993 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44992 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-44991 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ TODO: check
+CVE-2024-44990 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-44989 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-44988 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-44987 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ TODO: check
+CVE-2024-44986 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ TODO: check
+CVE-2024-44985 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ TODO: check
+CVE-2024-44984 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-44983 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-44982 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44981 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
+ TODO: check
+CVE-2024-44980 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44979 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44978 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44977 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44976 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
+ TODO: check
+CVE-2024-44975 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
+ TODO: check
+CVE-2024-44974 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ TODO: check
+CVE-2024-44973 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ TODO: check
+CVE-2024-44972 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-44971 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-44970 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ TODO: check
+CVE-2024-44969 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-44968 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ TODO: check
+CVE-2024-44967 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44966 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-44965 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ TODO: check
+CVE-2024-44964 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ TODO: check
+CVE-2024-44963 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ TODO: check
+CVE-2024-44962 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
+ TODO: check
+CVE-2024-44961 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44960 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
+ TODO: check
+CVE-2024-44959 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ TODO: check
+CVE-2024-44958 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-44957 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ TODO: check
+CVE-2024-44956 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44955 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44954 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
+ TODO: check
+CVE-2024-44953 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-44952 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ TODO: check
+CVE-2024-44951 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-44950 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ TODO: check
+CVE-2024-44949 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
+ TODO: check
+CVE-2024-44948 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ TODO: check
+CVE-2024-44859 (Tenda FH1201 v1.2.0.14 has a stack buffer overflow
vulnerability in `f ...)
+ TODO: check
+CVE-2024-44821 (ZZCMS 2023 contains a vulnerability in the captcha reuse logic
located ...)
+ TODO: check
+CVE-2024-44820 (A sensitive information disclosure vulnerability exists in
ZZCMS v.202 ...)
+ TODO: check
+CVE-2024-44819 (Cross Site Scripting vulnerability in ZZCMS v.2023 and before
allows a ...)
+ TODO: check
+CVE-2024-44818 (Cross Site Scripting vulnerability in ZZCMS v.2023 and before
allows a ...)
+ TODO: check
+CVE-2024-44817 (SQL Injection vulnerability in ZZCMS v.2023 and before allows
a remote ...)
+ TODO: check
+CVE-2024-44809 (A remote code execution (RCE) vulnerability exists in the Pi
Camera pr ...)
+ TODO: check
+CVE-2024-44808 (An issue in Vypor Attack API System v.1.0 allows a remote
attacker to ...)
+ TODO: check
+CVE-2024-44400 (D-Link DI-8400 16.07.26A1 is vulnerable to Command Injection
via upgra ...)
+ TODO: check
+CVE-2024-44383 (WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution
via msp_in ...)
+ TODO: check
+CVE-2024-43405 (Nuclei is a vulnerability scanner powered by YAML based
templates. Sta ...)
+ TODO: check
+CVE-2024-43402 (Rust is a programming language. The fix for CVE-2024-24576,
where `std ...)
+ TODO: check
+CVE-2024-42642 (Micron Crucial MX500 Series Solid State Drives M3CR046 is
vulnerable t ...)
+ TODO: check
+CVE-2024-42039 (Access control vulnerability in the SystemUI module Impact:
Successful ...)
+ TODO: check
+CVE-2024-41927 (Cleartext transmission of sensitive information vulnerability
exists i ...)
+ TODO: check
+CVE-2024-41716 (Cleartext storage of sensitive information vulnerability
exists in Win ...)
+ TODO: check
+CVE-2024-41434 (PingCAP TiDB v8.1.0 was discovered to contain a buffer
overflow via th ...)
+ TODO: check
+CVE-2024-41433 (PingCAP TiDB v8.1.0 was discovered to contain a buffer
overflow via th ...)
+ TODO: check
+CVE-2024-39921 (Observable timing discrepancy issue exists in IPCOM EX2 Series
V01L02N ...)
+ TODO: check
+CVE-2024-34661 (Improper handling of insufficient permissions in Samsung
Assistant pri ...)
+ TODO: check
+CVE-2024-34660 (Heap-based out-of-bounds write in Samsung Notes prior to
version 4.4.2 ...)
+ TODO: check
+CVE-2024-34659 (Exposure of sensitive information in GroupSharing prior to
version 13. ...)
+ TODO: check
+CVE-2024-34658 (Out-of-bounds read in Samsung Notes allows local attackers to
bypass A ...)
+ TODO: check
+CVE-2024-34657 (Stack-based out-of-bounds write in Samsung Notes prior to
version 4.4. ...)
+ TODO: check
+CVE-2024-34656 (Path traversal in Samsung Notes prior to version 4.4.21.62
allows loca ...)
+ TODO: check
+CVE-2024-34655 (Incorrect use of privileged API in UniversalCredentialManager
prior to ...)
+ TODO: check
+CVE-2024-34654 (Improper Export of android application component in My Files
prior to ...)
+ TODO: check
+CVE-2024-34653 (Path Traversal in My Files prior to SMR Sep-2024 Release 1
allows phys ...)
+ TODO: check
+CVE-2024-34652 (Incorrect authorization in kperfmon prior to SMR Sep-2024
Release 1 al ...)
+ TODO: check
+CVE-2024-34651 (Improper authorization in My Files prior to SMR Sep-2024
Release 1 all ...)
+ TODO: check
+CVE-2024-34650 (Incorrect authorization in CocktailbarService prior to SMR
Sep-2024 Re ...)
+ TODO: check
+CVE-2024-34649 (Improper access control in new Dex Mode in multitasking
framework prio ...)
+ TODO: check
+CVE-2024-34648 (Improper Handling of Insufficient Permissions in
KnoxMiscPolicy prior ...)
+ TODO: check
+CVE-2024-34647 (Incorrect use of privileged API in DualDarManagerProxy prior
to SMR Se ...)
+ TODO: check
+CVE-2024-34646 (Improper access control in DualDarManagerProxy prior to SMR
Sep-2024 R ...)
+ TODO: check
+CVE-2024-34645 (Improper input validation in ThemeCenter prior to SMR Sep-2024
Release ...)
+ TODO: check
+CVE-2024-34644 (Improper access control in item selection related in Dressroom
prior t ...)
+ TODO: check
+CVE-2024-34643 (Improper access control in key input related function in
Dressroom pri ...)
+ TODO: check
+CVE-2024-34642 (Improper authorization in One UI Home prior to SMR Sep-2024
Release 1 ...)
+ TODO: check
+CVE-2024-34641 (Improper Export of Android Application Components in
FeliCaTest prior ...)
+ TODO: check
+CVE-2024-34640 (Improper access control vulnerability in BGProtectManager
prior to SMR ...)
+ TODO: check
+CVE-2024-34639 (Improper handling of exceptional conditions in Setupwizard
prior to SM ...)
+ TODO: check
+CVE-2024-34638 (Improper handling of exceptional conditions in ThemeCenter
prior to SM ...)
+ TODO: check
+CVE-2024-34637 (Improper access control in WindowManagerService prior to SMR
Sep-2024 ...)
+ TODO: check
+CVE-2024-20503 (A vulnerability in Cisco Duo Epic for Hyperdrive could allow
an authen ...)
+ TODO: check
+CVE-2024-20497 (A vulnerability in Cisco Expressway Edge (Expressway-E) could
allow an ...)
+ TODO: check
+CVE-2024-20469 (A vulnerability in specific CLI commands in Cisco Identity
Services En ...)
+ TODO: check
+CVE-2024-20440 (A vulnerability in Cisco Smart Licensing Utility could allow
an unauth ...)
+ TODO: check
+CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility could allow
an unauth ...)
+ TODO: check
CVE-2024-44082
- ironic <unfixed>
- ironic-python-agent <unfixed>
@@ -11,10 +359,10 @@ CVE-2024-45160
NOTE: Introduced by:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/06d771cbc2d5c752354c50f83e4912e5879f9aa2
(v2.18.0)
NOTE: Unit test:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7
(v2.19.2)
NOTE: Fixed by:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d
(v2.19.2)
-CVE-2024-7970
+CVE-2024-7970 (Out of bounds write in V8 in Google Chrome prior to
128.0.6613.119 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8362
+CVE-2024-8362 (Use after free in WebAudio in Google Chrome prior to
128.0.6613.119 al ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8389 (Memory safety bugs present in Firefox 129. Some of these bugs
showed e ...)
@@ -33,21 +381,25 @@ CVE-2024-8385 (A difference in the handling of
StructFields and ArrayTypes in WA
- firefox 130.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
CVE-2024-8384 (The JavaScript garbage collector could mis-color
cross-compartment obj ...)
+ {DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8384
CVE-2024-8383 (Firefox normally asks for confirmation before asking the
operating sys ...)
+ {DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8383
CVE-2024-8382 (Internal browser event interfaces were exposed to web content
when pri ...)
+ {DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8382
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8382
CVE-2024-8381 (A potentially exploitable type confusion could be triggered
when looki ...)
+ {DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8381
@@ -146,7 +498,7 @@ CVE-2024-45230
- python-django 3:4.2.16-1
NOTE:
https://www.djangoproject.com/weblog/2024/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
(4.2.16)
-CVE-2024-45506
+CVE-2024-45506 (HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x
through 3.1 ...)
- haproxy 2.9.10-1
[bookworm] - haproxy <not-affected> (Only exploitable with
zero-copy-forward)
[bullseye] - haproxy <not-affected> (Only exploitable with
zero-copy-forward)
@@ -182,27 +534,27 @@ CVE-2024-42057 (A command injection vulnerability in the
IPSec VPN feature of Zy
NOT-FOR-US: Zyxel
CVE-2024-37136 (Dell Path to PowerProtect, versions 1.1, 1.2, contains an
Exposure of ...)
NOT-FOR-US: Dell
-CVE-2024-45620
+CVE-2024-45620 (A vulnerability was found in the pkcs15-init tool in OpenSC.
An attack ...)
- opensc <unfixed>
[bookworm] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309289
-CVE-2024-45619
+CVE-2024-45619 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11
module, min ...)
- opensc <unfixed>
[bookworm] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309288
-CVE-2024-45618
+CVE-2024-45618 (A vulnerability was found in pkcs15-init in OpenSC. An
attacker could ...)
- opensc <unfixed>
[bookworm] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309287
-CVE-2024-45617
+CVE-2024-45617 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11
module, min ...)
- opensc <unfixed>
[bookworm] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309286
-CVE-2024-45616
+CVE-2024-45616 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11
module, min ...)
- opensc <unfixed>
[bookworm] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309290
-CVE-2024-45615
+CVE-2024-45615 (A vulnerability was found in OpenSC, OpenSC tools, PKCS#11
module, min ...)
- opensc <unfixed>
[bookworm] - opensc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309285
@@ -1022,7 +1374,7 @@ CVE-2024-39771 (QBiC CLOUD CC-2L v1.1.30 and earlier and
Safie One v1.8.2 and ea
NOT-FOR-US: QBiC CLOUD
CVE-2024-39584 (Dell Client Platform BIOS contains a Use of Default
Cryptographic Key ...)
NOT-FOR-US: Dell
-CVE-2023-45896 (ntfs3 in the Linux kernel before 6.5.11 allows a physically
proximate ...)
+CVE-2023-45896 (ntfs3 in the Linux kernel through 6.8.0 allows a physically
proximate ...)
- linux 6.5.13-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/013ff63b649475f0ee134e2c8d0c8e65284ede50 (6.6-rc7)
@@ -11687,7 +12039,8 @@ CVE-2023-52885 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/fc80fc2d4e39137869da3150ee169b40bf879287 (6.5-rc1)
CVE-2024-6465 (The WP Links Page plugin for WordPress is vulnerable to
unauthorized m ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-6716 (A flaw was found in the libtiff library. An out-of-memory issue
in the ...)
+CVE-2024-6716
+ REJECTED
- tiff <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2297636
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/620
@@ -64729,7 +65082,7 @@ CVE-2023-52108 (Vulnerability of process priorities
being raised in the Activity
NOT-FOR-US: Huawei
CVE-2023-52107 (Vulnerability of permissions being not strictly verified in
the WMS mo ...)
NOT-FOR-US: Huawei
-CVE-2023-52106 (The DownloadProviderMain module has a vulnerability in API
permission ...)
+CVE-2023-52106 (Vulnerability of permission verification for APIs in the
DownloadProvi ...)
NOT-FOR-US: Huawei
CVE-2023-52105 (The nearby module has a privilege escalation vulnerability.
Successful ...)
NOT-FOR-US: Huawei
@@ -99233,7 +99586,8 @@ CVE-2023-34249 (benjjvi/PyBB is an open source bulletin
board. Prior to commit d
NOT-FOR-US: benjjvi/PyBB
CVE-2023-34247 (Keystone is a content management system for Node.JS. There is
an open ...)
NOT-FOR-US: Keystone CMS
-CVE-2023-34122 (Improper input validation in the installer for Zoom for
Windows clien ...)
+CVE-2023-34122
+ REJECTED
NOT-FOR-US: Zoom
CVE-2023-34121 (Improper input validation in the Zoom for Windows, Zoom
Rooms, Zoom V ...)
NOT-FOR-US: Zoom
@@ -99243,7 +99597,8 @@ CVE-2023-34115 (Buffer copy without checking size of
input in Zoom Meeting SDK
NOT-FOR-US: Zoom
CVE-2023-34114 (Exposure of resource to wrong sphere in Zoom for Windows and
Zoom for ...)
NOT-FOR-US: Zoom
-CVE-2023-34113 (Insufficient verification of data authenticity in Zoom for
Windows cl ...)
+CVE-2023-34113
+ REJECTED
NOT-FOR-US: Zoom
CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE
(All vers ...)
NOT-FOR-US: Siemens
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b0028ff1302008fea6375c34c7f1c7ae6033c74
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b0028ff1302008fea6375c34c7f1c7ae6033c74
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
