[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 16 Sep 2024 13:16:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
940b2644 by security tracker role at 2024-09-16T20:16:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2024-8766 (Local privilege escalation due to DLL hijacking vulnerability. 
The fol ...)
+       TODO: check
+CVE-2024-8752 (The Windows version of WebIQ 2.15.9 is affected by a directory 
travers ...)
+       TODO: check
+CVE-2024-8661 (Concrete CMS versions 9.0.0 to 9.3.4 and below 8.5.18 are 
vulnerable t ...)
+       TODO: check
+CVE-2024-7104 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
+       TODO: check
+CVE-2024-7098 (Improper Restriction of XML External Entity Reference 
vulnerability in ...)
+       TODO: check
+CVE-2024-6401 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-46970 (In JetBrains IntelliJ IDEA before 2024.1 hTML injection via 
the projec ...)
+       TODO: check
+CVE-2024-46937 (An improper access control (IDOR) vulnerability in the 
/api-selfportal ...)
+       TODO: check
+CVE-2024-46451 (TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer 
overflow vulner ...)
+       TODO: check
+CVE-2024-46424 (TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer 
overflow vulner ...)
+       TODO: check
+CVE-2024-46419 (TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer 
overflow vulner ...)
+       TODO: check
+CVE-2024-45835 (Mattermost Desktop App versions <=5.8.0 fail to sufficiently 
configure ...)
+       TODO: check
+CVE-2024-45801 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS 
sanitizer for H ...)
+       TODO: check
+CVE-2024-45800 (Snappymail is an open source web-based email client. 
SnappyMail uses t ...)
+       TODO: check
+CVE-2024-45799 (FluxCP is a web-based Control Panel for rAthena servers 
written in PHP ...)
+       TODO: check
+CVE-2024-44623 (An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote 
attacker ...)
+       TODO: check
+CVE-2024-44445 (An issue was discovered in BSC Smart Contract 
0x0506e571aba3dd4c9d71be ...)
+       TODO: check
+CVE-2024-42798 (An Incorrect Access Control vulnerability was found in 
/music/index.ph ...)
+       TODO: check
+CVE-2024-42796 (An Incorrect Access Control vulnerability was found in 
/music/ajax.php ...)
+       TODO: check
+CVE-2024-42795 (An Incorrect Access Control vulnerability was found in 
/music/view_use ...)
+       TODO: check
+CVE-2024-42794 (Kashipara Music Management System v1.0 is vulnerable to 
Incorrect Acce ...)
+       TODO: check
+CVE-2024-39910 (decidim is a Free Open-Source participatory democracy, citizen 
partici ...)
+       TODO: check
+CVE-2024-39772 (Mattermost Desktop App versions <=5.8.0 fail to safeguard 
screen captu ...)
+       TODO: check
+CVE-2024-38315 (IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate 
session a ...)
+       TODO: check
+CVE-2024-36261 (Improper access control in Intel(R) RAID Web Console software 
all vers ...)
+       TODO: check
+CVE-2024-36247 (Improper access control in Intel(R) RAID Web Console all 
versions may  ...)
+       TODO: check
+CVE-2024-34545 (Improper input validation in some Intel(R) RAID Web Console 
software a ...)
+       TODO: check
+CVE-2024-34543 (Improper access control in Intel(R) RAID Web Console software 
for all  ...)
+       TODO: check
+CVE-2024-34153 (Uncontrolled search path element in Intel(R) RAID Web Console 
software ...)
+       TODO: check
+CVE-2024-34016 (Local privilege escalation due to DLL hijacking vulnerability. 
The fol ...)
+       TODO: check
+CVE-2024-33848 (Uncaught exception in Intel(R) RAID Web Console software all 
versions  ...)
+       TODO: check
+CVE-2024-32940 (Improper access control in Intel(R) RAID Web Console software 
for all  ...)
+       TODO: check
+CVE-2024-32666 (NULL pointer dereference in Intel(R) RAID Web Console software 
for all ...)
+       TODO: check
+CVE-2024-32034 (decidim is a Free Open-Source participatory democracy, citizen 
partici ...)
+       TODO: check
+CVE-2024-28170 (Improper access control in Intel(R) RAID Web Console all 
versions may  ...)
+       TODO: check
+CVE-2024-23599 (Race condition in Seamless Firmware Updates for some Intel(R) 
referenc ...)
+       TODO: check
+CVE-2024-22013 (U-Boot environment is read from unauthenticated partition.)
+       TODO: check
+CVE-2024-21871 (Improper input validation in UEFI firmware for some Intel(R) 
Processor ...)
+       TODO: check
+CVE-2024-21829 (Improper input validation in UEFI firmware error handler for 
some Inte ...)
+       TODO: check
+CVE-2024-21781 (Improper input validation in UEFI firmware for some Intel(R) 
Processor ...)
+       TODO: check
+CVE-2023-45854 (A Business Logic vulnerability in Shopkit 1.0 allows an 
attacker to ad ...)
+       TODO: check
+CVE-2023-43753 (Improper conditions check in some Intel(R) Processors with 
Intel(R) SG ...)
+       TODO: check
+CVE-2023-43626 (Improper access control in UEFI firmware for some Intel(R) 
Processors  ...)
+       TODO: check
+CVE-2023-42772 (Untrusted pointer dereference in UEFI firmware for some 
Intel(R) refer ...)
+       TODO: check
+CVE-2023-41833 (A race condition in UEFI firmware for some Intel(R) processors 
may all ...)
+       TODO: check
 CVE-2024-XXXX [Integer Overflow to Buffer Overflow vulnerability in 
"string_free_split" functions]
        - weechat <unfixed> (bug #1081942)
        [bookworm] - weechat <no-dsa> (Minor issue)
@@ -270,7 +360,7 @@ CVE-2024-41874 (ColdFusion versions 2023.9, 2021.15 and 
earlier are affected by
        NOT-FOR-US: Adobe
 CVE-2024-41869 (Acrobat Reader versions 24.002.21005, 24.001.30159, 
20.005.30655, 24.0 ...)
        NOT-FOR-US: Adobe
-CVE-2024-41867 (After Effects versions 23.6.6, 24.5 and earlier are affected 
by a Stac ...)
+CVE-2024-41867 (After Effects versions 23.6.6, 24.5 and earlier are affected 
by an out ...)
        NOT-FOR-US: Adobe
 CVE-2024-41859 (After Effects versions 23.6.6, 24.5 and earlier are affected 
by an out ...)
        NOT-FOR-US: Adobe
@@ -305,7 +395,7 @@ CVE-2024-31414 (The Eaton Foreseer software provides users 
the capability to cus
 CVE-2024-46713 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)
-CVE-2024-22399
+CVE-2024-22399 (Deserialization of Untrusted Data vulnerability in Apache 
Seata.  When ...)
        NOT-FOR-US: Apache Seata
 CVE-2024-8762 (A vulnerability was found in code-projects Crud Operation 
System 1.0.  ...)
        NOT-FOR-US: Crud Operation System
@@ -1038,13 +1128,13 @@ CVE-2024-8096 (When curl is told to use the Certificate 
Status Request TLS exten
        NOTE: https://curl.se/docs/CVE-2024-8096.html
        NOTE: Introduced with: 
https://github.com/curl/curl/commit/f13669a375f5bfd14797bda91642cabe076974fa 
(curl-7_41_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/aeb1a281cab13c7ba791cb104e556b20e713941f 
(curl-8_10_0)
-CVE-2024-24968
+CVE-2024-24968 (Improper finite state machines (FSMs) in hardware logic in 
some Intel( ...)
        - intel-microcode <unfixed> (bug #1081363)
        [bookworm] - intel-microcode <no-dsa> (Minor issue)
        [bullseye] - intel-microcode <postponed> (Minor issue)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
-CVE-2024-23984
+CVE-2024-23984 (Observable discrepancy in RAPL interface for some Intel(R) 
Processors  ...)
        - intel-microcode <unfixed> (bug #1081363)
        [bookworm] - intel-microcode <no-dsa> (Minor issue)
        [bullseye] - intel-microcode <postponed> (Minor issue)
@@ -1570,6 +1660,7 @@ CVE-2024-6795 (In Connex health portal released 
before8/30/2024, SQL injection v
 CVE-2024-6572 (Improper host key checking in active check 'Check SFTP Service' 
and sp ...)
        - check-mk <removed>
 CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances, 
the san ...)
+       {DLA-3888-1}
        [experimental] - php-twig 3.14.0-1
        - php-twig 3.8.0-4 (bug #1081561)
        - twig <removed>
@@ -17284,7 +17375,7 @@ CVE-2024-6126 (A flaw was found in the cockpit package. 
This flaw allows an auth
        NOTE: Fixed by: 
https://github.com/cockpit-project/cockpit/commit/08965365ac311f906a520cbf65427742d5f84ba4
 (320)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2292897
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2290859
-CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29, 
2.1.0p45, an ...)
+CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 
2.1.0p45, and ...)
        - check-mk <removed>
 CVE-2024-5887
        REJECTED
@@ -24908,7 +24999,7 @@ CVE-2023-6966 (The The Moneytizer plugin for WordPress 
is vulnerable to unauthor
 CVE-2023-6956 (The EasyAzon \u2013 Amazon Associates Affiliate Plugin plugin 
for Word ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-5629 (An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or 
earlier ...)
-       {DLA-3832-1}
+       {DLA-3889-1 DLA-3832-1}
        - pymongo 4.7.3-1
        [bookworm] - pymongo 3.11.0-1+deb12u1
        NOTE: https://jira.mongodb.org/browse/PYTHON-4305
@@ -122444,10 +122535,10 @@ CVE-2023-25933 (A type confusion bug in TypedArray 
prior to commit e6ed9c1a4b02d
        NOT-FOR-US: Facebook Hermes
 CVE-2023-25756 (Out-of-bounds read in the BIOS firmware for some Intel(R) 
Processors m ...)
        NOT-FOR-US: Intel
-CVE-2023-25546
-       RESERVED
-CVE-2023-23904
-       RESERVED
+CVE-2023-25546 (Out-of-bounds read in UEFI firmware for some Intel(R) 
Processors may a ...)
+       TODO: check
+CVE-2023-23904 (NULL pointer dereference in the UEFI firmware for some 
Intel(R) Proces ...)
+       TODO: check
 CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android 
application b ...)
        NOT-FOR-US: Intel
 CVE-2023-22449 (Improper input validation in some Intel(R) NUC BIOS firmware 
may allow ...)
@@ -122456,8 +122547,8 @@ CVE-2023-22444 (Improper initialization in some 
Intel(R) NUC 13 Extreme Compute
        NOT-FOR-US: Intel
 CVE-2023-22356 (Improper initialization in some Intel(R) NUC BIOS firmware may 
allow a ...)
        NOT-FOR-US: Intel
-CVE-2023-22351
-       RESERVED
+CVE-2023-22351 (Out-of-bounds write in UEFI firmware for some Intel(R) 
Processors may  ...)
+       TODO: check
 CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS 
firmware may a ...)
        NOT-FOR-US: Intel
 CVE-2023-22329 (Improper input validation in the BIOS firmware for some 
Intel(R) Proce ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/940b26442597b60882fdd6010077b44bce93e696

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/940b26442597b60882fdd6010077b44bce93e696
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to