Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e1f5a10c by security tracker role at 2024-11-26T20:12:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,101 +1,245 @@
+CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated
user to ...)
+ TODO: check
+CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not
restrict ex ...)
+ TODO: check
+CVE-2024-9461 (The Total Upkeep \u2013 WordPress Backup Plugin plus Restore &
Migrate ...)
+ TODO: check
+CVE-2024-9170 (The Booster for WooCommerce plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-8899 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
Sensitive ...)
+ TODO: check
+CVE-2024-8676 (A vulnerability was found in CRI-O, where it can be requested
to take ...)
+ TODO: check
+CVE-2024-8237 (A Denial of Service (DoS) issue has been discovered in GitLab
CE/EE af ...)
+ TODO: check
+CVE-2024-8236 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
+ TODO: check
+CVE-2024-8177 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
+ TODO: check
+CVE-2024-8114 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2024-53976 (Under certain circumstances, navigating to a webpage would
result in t ...)
+ TODO: check
+CVE-2024-53975 (Accessing a non-secure HTTP site that uses a non-existent port
may cau ...)
+ TODO: check
+CVE-2024-53844 (E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to
connect ...)
+ TODO: check
+CVE-2024-53620 (A cross-site scripting (XSS) vulnerability in the Article
module of SP ...)
+ TODO: check
+CVE-2024-53619 (An authenticated arbitrary file upload vulnerability in the
Documents ...)
+ TODO: check
+CVE-2024-53555 (A CSV injection vulnerability in Taiga v6.8.1 allows attackers
to exec ...)
+ TODO: check
+CVE-2024-53365 (A stored cross-site scripting (XSS) vulnerability was
identified in PH ...)
+ TODO: check
+CVE-2024-53267 (sigstore-java is a sigstore java client for interacting with
sigstore ...)
+ TODO: check
+CVE-2024-52337 (A log spoofing flaw was found in the Tuned package due to
improper san ...)
+ TODO: check
+CVE-2024-52336 (A script injection vulnerability was identified in the Tuned
package. ...)
+ TODO: check
+CVE-2024-52008 (Fides is an open-source privacy engineering platform. The user
invite ...)
+ TODO: check
+CVE-2024-51058 (Local File Inclusion (LFI) vulnerability has been discovered
in TCPDF ...)
+ TODO: check
+CVE-2024-50377 (A CWE-798 "Use of Hard-coded Credentials" was discovered
affecting the ...)
+ TODO: check
+CVE-2024-50376 (A CWE-79 "Improper Neutralization of Input During Web Page
Generation ...)
+ TODO: check
+CVE-2024-50375 (A CWE-306 "Missing Authentication for Critical Function" was
discovere ...)
+ TODO: check
+CVE-2024-50374 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50373 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50372 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50371 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50370 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50369 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50368 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50367 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50366 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50365 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50364 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50363 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50362 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50361 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50360 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50359 (A CWE-78 "Improper Neutralization of Special Elements used in
an OS Co ...)
+ TODO: check
+CVE-2024-50358 (A CWE-15 "External Control of System or Configuration Setting"
was dis ...)
+ TODO: check
+CVE-2024-49053 (Microsoft Dynamics 365 Sales Spoofing Vulnerability)
+ TODO: check
+CVE-2024-49052 (Missing authentication for critical function in Microsoft
Azure Policy ...)
+ TODO: check
+CVE-2024-49038 (Improper neutralization of input during web page generation
('Cross-si ...)
+ TODO: check
+CVE-2024-49035 (An improper access control vulnerability in
Partner.Microsoft.com allo ...)
+ TODO: check
+CVE-2024-38834 (VMware Aria Operations contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2024-38833 (VMware Aria Operations contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2024-38832 (VMware Aria Operations contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2024-38831 (VMware Aria Operations contains a local privilege escalation
vulnerabi ...)
+ TODO: check
+CVE-2024-38830 (VMware Aria Operations contains a local privilege escalation
vulnerabi ...)
+ TODO: check
+CVE-2024-36463 (The implementation of atob in "Zabbix JS" allows to create a
string wi ...)
+ TODO: check
+CVE-2024-32965 (Lobe Chat is an open-source, AI chat framework. Versions of
lobe-chat ...)
+ TODO: check
+CVE-2024-22117 (When a URL is added to the map element, it is recorded in the
database ...)
+ TODO: check
+CVE-2024-11828 (A denial of service (DoS) condition was discovered in GitLab
CE/EE aff ...)
+ TODO: check
+CVE-2024-11743 (A vulnerability, which was classified as problematic, was
found in Sou ...)
+ TODO: check
+CVE-2024-11742 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-11680 (ProjectSend versions prior to r1720 are affected by an
improper authen ...)
+ TODO: check
+CVE-2024-11669 (An issue was discovered in GitLab CE/EE affecting all versions
from 16 ...)
+ TODO: check
+CVE-2024-11668 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2024-11407 (There exists a denial of service through Data corruption in
gRPC-C++ - ...)
+ TODO: check
+CVE-2024-11192 (The Spotify Play Button for WordPress plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-11177
+ REJECTED
+CVE-2024-11145 (Valor Apps Easy Folder Listing Pro has a deserialization
vulnerability ...)
+ TODO: check
+CVE-2024-11119 (The BNE Gallery Extended plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-11091 (The Support SVG \u2013 Upload svg files in wordpress without
hassle pl ...)
+ TODO: check
+CVE-2024-11032 (The Parsi Date plugin for WordPress is vulnerable to Reflected
Cross-S ...)
+ TODO: check
+CVE-2024-11024 (The AppPresser \u2013 Mobile App Framework plugin for
WordPress is vul ...)
+ TODO: check
+CVE-2024-10878 (The Sugar Calendar \u2013 Simple Event Management plugin for
WordPress ...)
+ TODO: check
+CVE-2024-10579 (The Hustle \u2013 Email Marketing, Lead Generation, Optins,
Popups plu ...)
+ TODO: check
+CVE-2024-10308 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-10240 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
CVE-2024-XXXX [Supplemental group inheritance grants unintended access to GID
0 due to lack of supplemental groups from mod_sql]
- proftpd-dfsg 1.3.8.b+dfsg-4 (bug #1082326)
NOTE: https://github.com/proftpd/proftpd/issues/1830
NOTE: Pending confirmation for CVE assignment (likely to get
CVE-2024-48651)
-CVE-2024-11699
+CVE-2024-11699 (Memory safety bugs present in Firefox 132, Firefox ESR 128.4,
and Thun ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11699
-CVE-2024-11708
+CVE-2024-11708 (Missing thread synchronization primitives could have led to a
data rac ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11708
-CVE-2024-11706
+CVE-2024-11706 (A null pointer dereference may have inadvertently occurred in
`pk12uti ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11706
-CVE-2024-11705
+CVE-2024-11705 (`NSC_DeriveKey` inadvertently assumed that the `phKey`
parameter is al ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11705
-CVE-2024-11698
+CVE-2024-11698 (A flaw in handling fullscreen transitions may have
inadvertently cause ...)
- firefox <not-affected> (Only affects Firefox on MacOS)
- firefox-esr <not-affected> (Only affects Firefox ESR on MacOS)
- thunderbird <not-affected> (Only affects Thunderbird on MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11698
-CVE-2024-11704
+CVE-2024-11704 (A double-free issue could have occurred in
`sec_pkcs7_decoder_start_de ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11704
-CVE-2024-11697
+CVE-2024-11697 (When handling keypress events, an attacker may have been able
to trick ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11697
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11697
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11697
-CVE-2024-11696
+CVE-2024-11696 (The application failed to account for exceptions thrown by the
`loadMa ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11696
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11696
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11696
-CVE-2024-11703
+CVE-2024-11703 (On Android, Firefox may have inadvertently allowed viewing
saved passw ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11703
-CVE-2024-11695
+CVE-2024-11695 (A crafted URL containing Arabic script and whitespace
characters could ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11695
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11695
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11695
-CVE-2024-11694
+CVE-2024-11694 (Enhanced Tracking Protection's Strict mode may have
inadvertently allo ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11694
-CVE-2024-11693
+CVE-2024-11693 (The executable file warning was not presented when downloading
.librar ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
- thunderbird <not-affected> (Only affects Thunderbird on Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11693
-CVE-2024-11702
+CVE-2024-11702 (Copying sensitive information from Private Browsing tabs on
Android, s ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11702
-CVE-2024-11701
+CVE-2024-11701 (The incorrect domain may have been displayed in the address
bar during ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11701
-CVE-2024-11692
+CVE-2024-11692 (An attacker could cause a select dropdown to be shown over
another tab ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11692
-CVE-2024-11700
+CVE-2024-11700 (Malicious websites may have been able to user intent
confirmation thro ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11700
-CVE-2024-11691
+CVE-2024-11691 (Certain WebGL operations on Apple silicon M series devices
could have ...)
- firefox <not-affected> (Only affects Firefox on MacOS)
- firefox-esr <not-affected> (Only affects Firefox ESR on MacOS)
- thunderbird <not-affected> (Only affects Thunderbird on MacOS)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11691
-CVE-2024-51569
+CVE-2024-51569 (Out-of-bounds Read vulnerability in Apache NimBLE. Missing
proper val ...)
NOT-FOR-US: Apache NimBLE
-CVE-2024-47250
+CVE-2024-47250 (Out-of-bounds Read vulnerability in Apache NimBLE. Missing
proper val ...)
NOT-FOR-US: Apache NimBLE
-CVE-2024-47249
+CVE-2024-47249 (Improper Validation of Array Index vulnerability in Apache
NimBLE. La ...)
NOT-FOR-US: Apache NimBLE
-CVE-2024-47248
+CVE-2024-47248 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
NOT-FOR-US: Apache NimBLE
CVE-2024-9504 (The Booking calendar, Appointment Booking System plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
@@ -1735,27 +1879,32 @@ CVE-2024-11477 (7-Zip Zstandard Decompression Integer
Underflow Remote Code Exec
- p7zip <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
CVE-2024-11233 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26,
8.3.* before ...)
+ {DSA-5819-1}
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43
NOTE:
https://github.com/php/php-src/commit/a6c84cd7efd7eaaaefd4463412508df570d35358
(php-8.2.26)
CVE-2024-11234 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26,
8.3.* before ...)
+ {DSA-5819-1}
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2
NOTE:
https://github.com/php/php-src/commit/cf6700e86d6357420a7c8386da63d48fec55f633
(php-8.2.26)
CVE-2024-11236 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26,
8.3.* before ...)
+ {DSA-5819-1}
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv
NOTE:
https://github.com/php/php-src/commit/7742f79a8a9c20522dbf40e1dc1d4ccad71d399c
(php-8.2.26)
NOTE:
https://github.com/php/php-src/commit/2dbe1425c5768faea2aa7bca26081dd208c94ac8
(php-8.2.26)
CVE-2024-8929 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.*
before ...)
+ {DSA-5819-1}
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678
NOTE:
https://github.com/php/php-src/commit/6c0e2eb2f839d066924c164f65f17d1261529334
(php-8.2.26)
CVE-2024-8932 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.*
before ...)
+ {DSA-5819-1}
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
@@ -10588,6 +10737,7 @@ CVE-2024-53899 (virtualenv before 20.26.6 allows
command injection through the a
NOTE: https://github.com/pypa/virtualenv/pull/2771
NOTE: Fixed by:
https://github.com/pypa/virtualenv/commit/86dddeda7c991f8529e1995bbff280fb7b761972
(20.26.6)
CVE-2024-9287 (A vulnerability has been found in the CPython `venv` module and
CLI wh ...)
+ {DLA-3966-1}
- python3.13 <unfixed>
- python3.12 <unfixed>
- python3.11 <removed>
@@ -36715,7 +36865,7 @@ CVE-2024-6603 (In an out-of-memory scenario an
allocation could fail but free wo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6603
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-6603
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-6603
-CVE-2024-6602 (A mismatch between allocator and deallocator could have lead to
memory ...)
+CVE-2024-6602 (A mismatch between allocator and deallocator could have led to
memory ...)
{DSA-5807-1 DSA-5733-1 DSA-5727-1 DLA-3937-1}
- firefox 128.0-1
- firefox-esr 115.13.0esr-1
@@ -127868,8 +128018,8 @@ CVE-2023-2144 (A vulnerability was found in Campcodes
Online Thesis Archiving Sy
NOT-FOR-US: Campcodes Online Thesis Archiving System
CVE-2023-2143 (The Enable SVG, WebP & ICO Upload WordPress plugin through
1.0.3 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2142
- RESERVED
+CVE-2023-2142 (In Nunjucks versions prior to version 3.2.4, it was possible
to bypas ...)
+ TODO: check
CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release
2017 th ...)
NOT-FOR-US: DELMIA Apriso
CVE-2023-2140 (A Server-Side Request Forgery vulnerability in DELMIA Apriso
Release ...)
@@ -134679,8 +134829,8 @@ CVE-2023-1523 (Using the TIOCLINUX ioctl request, a
malicious snap could inject
NOTE: Tests:
https://github.com/snapcore/snapd/commit/390dc62a71884c0463e2411fb13f5bd5abdc7442
(2.59.5)
CVE-2023-1522 (SQL Injection in the Hardware Inventory report of Security
Center 5.11 ...)
NOT-FOR-US: Security Center
-CVE-2023-1521
- RESERVED
+CVE-2023-1521 (On Linux the sccache client can execute arbitrary code with the
privil ...)
+ TODO: check
CVE-2023-1520
RESERVED
CVE-2023-1519
@@ -139783,6 +139933,7 @@ CVE-2023-27045
CVE-2023-27044
RESERVED
CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses
e-mail ad ...)
+ {DLA-3966-1}
- python3.12 3.12.6-1 (bug #1059299)
- python3.11 <removed> (bug #1059298)
[bookworm] - python3.11 <postponed> (Minor issue, wait until upstream
has decided whether to backport to older branches)
@@ -152279,8 +152430,8 @@ CVE-2023-0210 (A bug affects the Linux kernel\u2019s
ksmbd NTLMv2 authentication
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/797805d81baa814f76cf7bdab35f86408a79d707
NOTE: https://www.openwall.com/lists/oss-security/2023/01/04/1
-CVE-2023-0163
- RESERVED
+CVE-2023-0163 (Improperly Controlled Modification of Object Prototype
Attributes ('Pr ...)
+ TODO: check
CVE-2023-0162 (The CPO Companion plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: CPO Companion plugin for WordPress
CVE-2023-0161
@@ -165711,7 +165862,7 @@ CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4
and 4.17.x before 4.17.1, t
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/403
NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/merge_requests/85
CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An
unnecessary quadra ...)
- {DLA-3477-1 DLA-3432-1}
+ {DLA-3966-1 DLA-3477-1 DLA-3432-1}
- python3.11 3.11.1-1
- python3.10 3.10.9-1
- python3.9 <removed>
@@ -228595,7 +228746,7 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub
repository vim prior to 8.2.
NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
NOTE:
https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a
(v8.2.4218)
CVE-2022-0391 (A flaw was found in Python, specifically within the
urllib.parse modul ...)
- {DLA-3575-1}
+ {DLA-3966-1 DLA-3575-1}
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
@@ -256577,7 +256728,7 @@ CVE-2021-3738 (In DCE/RPC it is possible to share the
handles (cookies for resou
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response
in the ...)
- {DLA-3477-1 DLA-3432-1 DLA-2808-1}
+ {DLA-3966-1 DLA-3477-1 DLA-3432-1 DLA-2808-1}
[experimental] - python3.9 3.9.6-1
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -285629,6 +285780,7 @@ CVE-2021-28863
CVE-2021-28862
RESERVED
CVE-2021-28861 (Python 3.x through 3.10 has an open redirection vulnerability
in lib/h ...)
+ {DLA-3966-1}
- python3.11 3.11.0~b4-1 (unimportant)
- python3.10 3.10.6-1 (unimportant)
- python3.9 <removed> (unimportant)
@@ -311925,6 +312077,7 @@ CVE-2021-1737 (An out-of-bounds write was addressed
with improved input validati
CVE-2021-1736 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-29651 (A denial of service via regular expression in the
py.path.svnwc compon ...)
+ {DLA-3966-1}
- python-py 1.10.0-1
[buster] - python-py <no-dsa> (Minor issue)
[stretch] - python-py <postponed> (Minor issue)
@@ -362766,7 +362919,7 @@ CVE-2020-10736 (An authorization bypass vulnerability
was found in Ceph versions
NOTE:
https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868
(master)
NOTE:
https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2
(v15.2.2)
CVE-2020-10735 (A flaw was found in python. In algorithms with quadratic time
complexi ...)
- {DLA-3477-1}
+ {DLA-3966-1 DLA-3477-1}
- python3.11 3.11.0~rc2-1
- python3.10 3.10.7-1
- python3.9 <removed>
@@ -396656,8 +396809,8 @@ CVE-2019-17084
RESERVED
CVE-2019-17083
RESERVED
-CVE-2019-17082
- RESERVED
+CVE-2019-17082 (Missing Authentication for Critical Function vulnerability in
OpenText ...)
+ TODO: check
CVE-2019-17081
RESERVED
CVE-2019-17080 (mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows
code ex ...)
@@ -466295,10 +466448,10 @@ CVE-2017-18309 (A micro-core of QMP transportation
may cause a macro-core to rea
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18308 (Modem segments are unlocked after authentication, leaving
modem segmen ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-18307
- RESERVED
-CVE-2017-18306
- RESERVED
+CVE-2017-18307 (Information disclosure possible while audio playback.)
+ TODO: check
+CVE-2017-18306 (Information disclosure due to uninitialized variable.)
+ TODO: check
CVE-2017-18305 (XBL sec mem dump system call allows complete control of EL3 by
unlocki ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18304 (Insufficient memory allocation in boot due to incorrect size
being pas ...)
@@ -467747,8 +467900,7 @@ CVE-2018-11954
REJECTED
CVE-2018-11953 (While processing ssid IE length from remote AP, possible
out-of-bounds ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11952
- RESERVED
+CVE-2018-11952 (An image with a version lower than the fuse version may
potentially be ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11951 (Improper access control in core module lead XBL_LOADER
performs the ZI ...)
NOT-FOR-US: Qualcomm components for Android
@@ -467808,8 +467960,8 @@ CVE-2018-11924 (Improper buffer length validation in
WLAN function can lead to a
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11923 (Improper buffer length check before copying can lead to
integer overfl ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11922
- RESERVED
+CVE-2018-11922 (Wrong configuration in Touch Pal application can collect user
behavior ...)
+ TODO: check
CVE-2018-11921 (Failure condition is not handled properly and the correct
error code i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11920
@@ -468021,8 +468173,7 @@ CVE-2018-11818 (In all android releases (Android for
MSM, Firefox OS for MSM, QR
CVE-2018-11817
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11816
- RESERVED
+CVE-2018-11816 (Crafted Binder Request Causes Heap UAF in MediaServer)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11815
RESERVED
@@ -482511,8 +482662,7 @@ CVE-2017-18155 (While playing HEVC content using HD
DMB in Snapdragon Automobile
NOT-FOR-US: Snapdragon
CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in
MediaServer i ...)
NOT-FOR-US: Android Mediaserver
-CVE-2017-18153
- RESERVED
+CVE-2017-18153 (A race condition exists in a driver potentially leading to a
use-after ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18152
RESERVED
@@ -485218,8 +485368,8 @@ CVE-2018-5854 (A stack-based buffer overflow can
occur in fastboot from all Andr
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5853 (A race condition exists in a driver in all Android releases
from CAF u ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5852
- RESERVED
+CVE-2018-5852 (An unsigned integer underflow vulnerability in IPA driver
result into ...)
+ TODO: check
CVE-2018-5851 (Buffer over flow can occur while processing a
HTT_T2H_MSG_TYPE_TX_COMP ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5850 (In the function csr_update_fils_params_rso(), insufficient
validation ...)
@@ -492058,8 +492208,7 @@ CVE-2017-17774 (admin/configuration.php in Piwigo
2.9.2 has CSRF.)
- piwigo <removed>
CVE-2017-17773 (In Snapdragon Automobile, Snapdragon Wearable and Snapdragon
Mobile MD ...)
NOT-FOR-US: Android Qualcomm closed-source components
-CVE-2017-17772
- RESERVED
+CVE-2017-17772 (In multiple functions that process 802.11 frames,
out-of-bounds reads ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-17771 (In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for
MSM, an ...)
NOT-FOR-US: Qualcomm component for Android
@@ -506253,8 +506402,7 @@ CVE-2017-15834 (In Android for MSM, Firefox OS for
MSM, QRD Android, with all An
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15833 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15832
- RESERVED
+CVE-2017-15832 (Buffer overwrite in the WLAN host driver by leveraging a
compromised W ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15831 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Qualcomm components for Android
@@ -514993,8 +515141,7 @@ CVE-2016-10410 (In Android before 2018-04-05 or
earlier security patch level on
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10409 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2016-10408
- RESERVED
+CVE-2016-10408 (QSEE will randomly experience a fatal error during execution
due to sp ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10407 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
@@ -520770,8 +520917,8 @@ CVE-2017-11078 (In all android releases(Android for
MSM, Firefox OS for MSM, QRD
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11077
RESERVED
-CVE-2017-11076
- RESERVED
+CVE-2017-11076 (On some hardware revisions where VP9 decoding is
hardware-accelerated, ...)
+ TODO: check
CVE-2017-11075 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD
Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11074 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
@@ -525774,8 +525921,7 @@ CVE-2017-9304 (libyara/re.c in the regexp module in
YARA 3.5.0 allows remote att
NOTE:
https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699
CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1)
running Fle ...)
NOT-FOR-US: FlexNet Publisher
-CVE-2016-10394
- RESERVED
+CVE-2016-10394 (Initial xbl_sec revision does not have all the debug policy
features a ...)
NOT-FOR-US: Android Qualcomm closed-source components
CVE-2016-10393 (In Android for MSM, Firefox OS for MSM, QRD Android, with all
Android ...)
NOT-FOR-US: Android Qualcomm closed-source components
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1f5a10c673ed8123bb2e9e39baee77d49137b4a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1f5a10c673ed8123bb2e9e39baee77d49137b4a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
