Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5353f1b2 by security tracker role at 2024-10-28T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,52 @@
-CVE-2024-50067 [uprobe: avoid out-of-bounds memory access of fetching args]
+CVE-2024-9162 (The All-in-One WP Migration and Backup plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2024-50624 (ispdbservice.cpp in KDE Kmail before 6.2.0 allows
man-in-the-middle at ...)
+ TODO: check
+CVE-2024-50623 (In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and
LexiCom ...)
+ TODO: check
+CVE-2024-50616 (Ironman PowerShell Universal 5.x before 5.0.12 allows an
authenticated ...)
+ TODO: check
+CVE-2024-50615 (TinyXML2 through 10.0.0 has a reachable assertion for
UINT_MAX/digit, ...)
+ TODO: check
+CVE-2024-50614 (TinyXML2 through 10.0.0 has a reachable assertion for
UINT_MAX/16, tha ...)
+ TODO: check
+CVE-2024-50613 (libsndfile through 1.2.2 has a reachable assertion, that may
lead to a ...)
+ TODO: check
+CVE-2024-50612 (libsndfile through 1.2.2 has an ogg_vorbis.c
vorbis_analysis_wrote out ...)
+ TODO: check
+CVE-2024-50611 (CycloneDX cdxgen through 10.10.7, when run against an
untrusted codeba ...)
+ TODO: check
+CVE-2024-50610 (GSL (GNU Scientific Library) through 2.8 has an integer
signedness err ...)
+ TODO: check
+CVE-2024-50307 (Use of potentially dangerous function issue exists in Chatwork
Desktop ...)
+ TODO: check
+CVE-2024-38821 (Spring WebFlux applications that have Spring Security
authorization ru ...)
+ TODO: check
+CVE-2024-23843 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-10440 (The eHDR CTMS from Sunnet has a SQL Injection vulnerability,
allowing ...)
+ TODO: check
+CVE-2024-10439 (The eHRD CTMS from Sunnet has an Insecure Direct Object
Reference (IDO ...)
+ TODO: check
+CVE-2024-10438 (The eHRD CTMS from Sunnet has an Authentication Bypass
vulnerability, ...)
+ TODO: check
+CVE-2024-10435 (A vulnerability was found in didi Super-Jacoco 1.0. It has
been declar ...)
+ TODO: check
+CVE-2024-10434 (A vulnerability was found in Tenda AC1206 up to 20241027. It
has been ...)
+ TODO: check
+CVE-2024-10433 (A vulnerability was found in Project Worlds Simple Web-Based
Chat Appl ...)
+ TODO: check
+CVE-2024-10432 (A vulnerability has been found in Project Worlds Simple
Web-Based Chat ...)
+ TODO: check
+CVE-2024-10431 (A vulnerability, which was classified as critical, was found
in Codezi ...)
+ TODO: check
+CVE-2024-10430 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-10429 (A vulnerability classified as critical has been found in
WAVLINK WN530 ...)
+ TODO: check
+CVE-2024-10428 (A vulnerability was found in WAVLINK WN530H4, WN530HG4 and
WN572HG3 up ...)
+ TODO: check
+CVE-2024-50067 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/373b9338c9722a368925d83bc622c596896b328e (6.12-rc5)
CVE-2024-10427 (A vulnerability was found in Codezips Pet Shop Management
System 1.0. ...)
@@ -641,7 +689,7 @@ CVE-2024-0126 (NVIDIA GPU Display Driver for Windows and
Linux contains a vulner
NOTE: 525.147.05-6 turned the package into a metapackage to aid
switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1085976)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5586
-CVE-2024-48936
+CVE-2024-48936 (SchedMD Slurm before 24.05.4 has Incorrect Authorization. A
mistake in ...)
- slurm-wlm <unfixed> (bug #1086003)
[bookworm] - slurm-wlm <not-affected> (Vulnerable code introduced later)
[bullseye] - slurm-wlm <not-affected> (Vulnerable code introduced later)
@@ -935,12 +983,15 @@ CVE-2024-31029 (An issue in the server_handle_regular
function of the test_coap_
CVE-2024-26519 (An issue in Casa Systems NTC-221 version 2.0.99.0 and before
allows a ...)
NOT-FOR-US: Casa Systems NTC-221
CVE-2024-10231 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69
allowed a ...)
+ {DSA-5799-1}
- chromium 130.0.6723.69-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-10230 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69
allowed a ...)
+ {DSA-5799-1}
- chromium 130.0.6723.69-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-10229 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
+ {DSA-5799-1}
- chromium 130.0.6723.69-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-10045 (The Transients Manager plugin for WordPress is vulnerable to
Cross-Sit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5353f1b281ca71122fd9ccca8174d2eb9a19044e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5353f1b281ca71122fd9ccca8174d2eb9a19044e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
