Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4e02bad by Moritz Muehlenhoff at 2024-10-04T17:27:00+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -105,7 +105,7 @@ CVE-2024-45871 (Bandisoft BandiView 7.05 is Incorrect
Access Control via sub_0x2
CVE-2024-45870 (Bandisoft BandiView 7.05 is vulnerable to Incorrect Access
Control in ...)
NOT-FOR-US: Bandisoft BandiView
CVE-2024-42415 (An integer overflow vulnerability exists in the Compound
Document Bina ...)
- - libgsf <unfixed>
+ - libgsf <unfixed> (bug #1084056)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069
NOTE: https://gitlab.gnome.org/GNOME/libgsf/-/issues/34
NOTE:
https://gitlab.gnome.org/GNOME/libgsf/-/commit/06d0cb92a4c02e7126ef2ff6f5e29fd74b4be9e0
@@ -148,22 +148,22 @@ CVE-2024-41163 (A directory traversal vulnerability
exists in the archive downlo
CVE-2024-39755 (A privilege escalation vulnerability exists in the Veertu Anka
Build 1 ...)
NOT-FOR-US: Veertu Anka
CVE-2024-36474 (An integer overflow vulnerability exists in the Compound
Document Bina ...)
- - libgsf <unfixed>
+ - libgsf <unfixed> (bug #1084056)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068
NOTE: https://gitlab.gnome.org/GNOME/libgsf/-/issues/34
NOTE:
https://gitlab.gnome.org/GNOME/libgsf/-/commit/06d0cb92a4c02e7126ef2ff6f5e29fd74b4be9e0
CVE-2024-34535 (In Mastodon 4.1.6, API endpoint rate limiting can be bypassed
by setti ...)
- mastodon <itp> (bug #859741)
CVE-2024-0125 (NVIDIA CUDA Toolkit for Windows and Linux contains a
vulnerability in ...)
- - nvidia-cuda-toolkit <unfixed>
+ - nvidia-cuda-toolkit <unfixed> (bug #1084054)
[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
CVE-2024-0124 (NVIDIA CUDA Toolkit for Windows and Linux contains a
vulnerability in ...)
- - nvidia-cuda-toolkit <unfixed>
+ - nvidia-cuda-toolkit <unfixed> (bug #1084054)
[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
CVE-2024-0123 (NVIDIA CUDA toolkit for Windows and Linux contains a
vulnerability in ...)
- - nvidia-cuda-toolkit <unfixed>
+ - nvidia-cuda-toolkit <unfixed> (bug #1084054)
[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
CVE-2023-37822 (Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use
the depre ...)
@@ -425,7 +425,7 @@ CVE-2024-9411 (A vulnerability classified as problematic
has been found in OFCMS
CVE-2024-9405 (An incorrect limitation of a path to a restricted directory
(path trav ...)
NOT-FOR-US: Pluck CMS
CVE-2024-9341 (A flaw was found in Go. When FIPS mode is enabled on a system,
contain ...)
- - golang-github-containers-common <unfixed>
+ - golang-github-containers-common <unfixed> (bug #1084061)
[bookworm] - golang-github-containers-common <no-dsa> (Minor issue,
only affects FIPS-enabled containers)
[bullseye] - golang-github-containers-common <postponed> (Limited
support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315691
@@ -694,7 +694,7 @@ CVE-2024-47641 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2024-47536 (Citizen is a MediaWiki skin that makes extensions part of the
cohesive ...)
NOT-FOR-US: MediaWiki skin
CVE-2024-47532 (RestrictedPython is a restricted execution environment for
Python to r ...)
- - restrictedpython <unfixed>
+ - restrictedpython <unfixed> (bug #1084057)
NOTE:
https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-5rfv-66g4-jr8h
NOTE: Fixed by:
https://github.com/zopefoundation/RestrictedPython/commit/d701cc36cccac36b21fa200f1f2d1945a9a215e6
(7.3)
CVE-2024-47531 (Scout is a web-based visualizer for VCF-files. Due to the lack
of sani ...)
@@ -732,7 +732,7 @@ CVE-2024-46293 (Sourcecodester Online Medicine Ordering
System 1.0 is vulnerable
CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper
Access ...)
NOT-FOR-US: PIX-LINK
CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow
via gif2 ...)
- - giflib <unfixed>
+ - giflib <unfixed> (bug #1084058)
NOTE: https://gitlab.com/mthandazo/project-pov
CVE-2024-45920 (A Stored Cross-Site Scripting (XSS) vulnerability in Solvait
24.4.2 al ...)
NOT-FOR-US: Solvait
@@ -868,7 +868,7 @@ CVE-2024-47186 (Filament is a collection of full-stack
components for Laravel de
CVE-2024-46453 (A cross-site scripting (XSS) vulnerability in the component
/test/ of ...)
NOT-FOR-US: iq3xcite
CVE-2024-38796 (EDK2 contains a vulnerability in the
PeCoffLoaderRelocateImage(). An A ...)
- - edk2 <unfixed>
+ - edk2 <unfixed> (bug #1084055)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1993
NOTE: https://github.com/tianocore/edk2/pull/6249
@@ -18963,18 +18963,18 @@ CVE-2024-6679 (A vulnerability classified as critical
has been found in witmy my
CVE-2024-6643
REJECTED
CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
- - twitter-bootstrap4 <unfixed>
+ - twitter-bootstrap4 <unfixed> (bug #1084059)
- twitter-bootstrap3 <not-affected> (Only affects 4.x)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
NOT-FOR-US: Schneider Electric
CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that
could e ...)
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- - twitter-bootstrap3 <unfixed>
+ - twitter-bootstrap3 <unfixed> (bug #1084060)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- - twitter-bootstrap3 <unfixed>
+ - twitter-bootstrap3 <unfixed> (bug #1084060)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could
cause di ...)
NOT-FOR-US: Schneider Electric
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4e02bad49be6385cfbd217c4d5f333037befe41
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4e02bad49be6385cfbd217c4d5f333037befe41
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
