Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0d4f0c9c by security tracker role at 2024-09-05T08:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2024-8178 (The ctl_write_buffer and ctl_read_buffer functions allocated
memory to ...)
+ TODO: check
+CVE-2024-7627 (The Bit File Manager plugin for WordPress is vulnerable to
Remote Code ...)
+ TODO: check
+CVE-2024-6846 (The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not
valida ...)
+ TODO: check
+CVE-2024-6835 (The Ivory Search \u2013 WordPress Search Plugin plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-45692 (Webmin before 2.202 and Virtualmin before 7.20.2 allow a
network traff ...)
+ TODO: check
+CVE-2024-45429 (Cross-site scripting vulnerability exists in Advanced Custom
Fields ve ...)
+ TODO: check
+CVE-2024-45399 (Indico is an event management system that uses
Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2024-45395 (sigstore-go, a Go library for Sigstore signing and
verification, is su ...)
+ TODO: check
+CVE-2024-45288 (A missing null-termination character in the last element of an
nvlist ...)
+ TODO: check
+CVE-2024-45287 (A malicious value of size in a structure of packed libnv can
cause an ...)
+ TODO: check
+CVE-2024-45063 (The function ctl_write_buffer incorrectly set a flag which
resulted in ...)
+ TODO: check
+CVE-2024-43110 (The ctl_request_sense function could expose up to three bytes
of the k ...)
+ TODO: check
+CVE-2024-43102 (Concurrent removals of certain anonymous shared memory
mappings by usi ...)
+ TODO: check
+CVE-2024-42416 (The ctl_report_supported_opcodes function did not sufficiently
validat ...)
+ TODO: check
+CVE-2024-41928 (Malicious software running in a guest VM can exploit the
buffer overfl ...)
+ TODO: check
+CVE-2024-32668 (An insufficient boundary validation in the USB code could lead
to an o ...)
+ TODO: check
+CVE-2024-2166 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-20506 (A vulnerability in the ClamD service module of Clam AntiVirus
(ClamAV) ...)
+ TODO: check
+CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus
(ClamAV) v ...)
+ TODO: check
CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1.
They cont ...)
TODO: check
CVE-2024-8417 (A vulnerability was found in
\u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u670 ...)
@@ -480,9 +518,11 @@ CVE-2024-45160
NOTE: Unit test:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7
(v2.19.2)
NOTE: Fixed by:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d
(v2.19.2)
CVE-2024-7970 (Out of bounds write in V8 in Google Chrome prior to
128.0.6613.119 all ...)
+ {DSA-5766-1}
- chromium 128.0.6613.119-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8362 (Use after free in WebAudio in Google Chrome prior to
128.0.6613.119 al ...)
+ {DSA-5766-1}
- chromium 128.0.6613.119-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-8389 (Memory safety bugs present in Firefox 129. Some of these bugs
showed e ...)
@@ -12096,6 +12136,7 @@ CVE-2024-6540 (Improper filtering of fields when using
the export function in th
NOT-FOR-US: OTRS
NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny
which forked from 6.x
CVE-2024-6345 (A vulnerability in the package_index module of pypa/setuptools
version ...)
+ {DLA-3876-1}
- setuptools 70.3.0-2
NOTE: https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
NOTE: Fixed by merge:
https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
(v70.0.0)
@@ -15375,7 +15416,7 @@ CVE-2023-39324
CVE-2024-40767 (In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29
before 29.1. ...)
- nova <not-affected> (Incomplete fix/regression never introduced in
Debian as fix for CVE-2024-32498 complete)
CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0,
Glance bef ...)
- {DSA-5756-1 DSA-5755-1 DSA-5754-1}
+ {DSA-5756-1 DSA-5755-1 DSA-5754-1 DLA-3873-1 DLA-3872-1 DLA-3871-1}
- cinder 2:24.0.0-5 (bug #1074763)
- glance 2:28.0.1-3+deb12u1 (bug #1074761)
- nova 2:29.0.2-4 (bug #1074762)
@@ -49753,6 +49794,7 @@ CVE-2024-29018 (Moby is an open source container
framework that is a key compone
CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application
crash can be ...)
+ {DLA-3875-1}
[experimental] - gnutls28 3.8.4-1
- gnutls28 3.8.4-2 (bug #1067463)
[bookworm] - gnutls28 3.7.9-2+deb12u3
@@ -49765,6 +49807,7 @@ CVE-2024-28835 (A flaw has been discovered in GnuTLS
where an application crash
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/e369e67a62f44561d417cb233acc566cc696d82d
(3.8.4)
NOTE: Introduced with:
https://gitlab.com/gnutls/gnutls/-/commit/d268f19510a95f92d11d8f8dc7d94fcae4d765cc
(3.7.0)
CVE-2024-28834 (A flaw was found in GnuTLS. The Minerva attack is a
cryptographic vuln ...)
+ {DLA-3875-1}
[experimental] - gnutls28 3.8.4-1
- gnutls28 3.8.4-2 (bug #1067464)
[bookworm] - gnutls28 3.7.9-2+deb12u3
@@ -97507,7 +97550,7 @@ CVE-2023-3497 (Out of bounds read in Google Security
Processor firmware in Googl
CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted
passwo ...)
NOT-FOR-US: TWinSoft Configuration Tool
CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09
mishandles acces ...)
- {DLA-3483-1}
+ {DLA-3874-1 DLA-3483-1}
- nsis 3.09-1 (bug #1040880)
[bookworm] - nsis 3.08-3+deb12u1
NOTE:
https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0
(v309)
@@ -105448,6 +105491,7 @@ CVE-2023-22372 (In the pre connection stage, an
improper enforcement of message
CVE-2023-2089 (A vulnerability was found in SourceCodester Complaint
Management Syste ...)
NOT-FOR-US: SourceCodester Complaint Management System
CVE-2023-2088 (A flaw was found in OpenStack due to an inconsistency between
Cinder a ...)
+ {DLA-3871-1}
- cinder 2:21.1.0-3 (bug #1035961)
[buster] - cinder <no-dsa> (Minor issue)
- python-glance-store 4.1.0-4 (bug #1035962; bug #1035978)
@@ -157454,6 +157498,7 @@ CVE-2022-40898 (An issue discovered in Python
Packaging Authority (PyPA) Wheel 0
NOTE: https://github.com/pypa/wheel/issues/498
NOTE: Negligible security impact
CVE-2022-40897 (Python Packaging Authority (PyPA) setuptools before 65.5.1
allows remo ...)
+ {DLA-3876-1}
- setuptools 65.6.3-1
NOTE:
https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
(v65.5.1)
CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in
pygments ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d4f0c9cb3c6c98f5d82cd48ea134798c662c9ff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d4f0c9cb3c6c98f5d82cd48ea134798c662c9ff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
