[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 27 Nov 2024 00:12:29 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
431abe7c by security tracker role at 2024-11-27T08:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto 
Networ ...)
+       TODO: check
+CVE-2024-53849 (editorconfig-core-c  is  theEditorConfig core library written 
in C (fo ...)
+       TODO: check
+CVE-2024-53676 (A directory traversal vulnerability in Hewlett Packard 
Enterprise Insi ...)
+       TODO: check
+CVE-2024-53675 (An XML external entity injection (XXE) vulnerability in HPE 
Insight Re ...)
+       TODO: check
+CVE-2024-53674 (An XML external entity injection (XXE) vulnerability in HPE 
Insight Re ...)
+       TODO: check
+CVE-2024-53673 (A java deserialization vulnerability in HPE Remote Insight 
Support all ...)
+       TODO: check
+CVE-2024-52959 (A Improper Control of Generation of Code ('Code Injection') 
vulnerabil ...)
+       TODO: check
+CVE-2024-52958 (A improper verification of cryptographic signature 
vulnerability in pl ...)
+       TODO: check
+CVE-2024-50942 (qiwen-file v1.4.0 was discovered to contain a SQL injection 
vulnerabil ...)
+       TODO: check
+CVE-2024-43784 (lakeFS is an open-source tool that transforms object storage 
into a Gi ...)
+       TODO: check
+CVE-2024-36467 (An authenticated user with API access (e.g.: user with default 
User ro ...)
+       TODO: check
+CVE-2024-11820 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2024-11819 (A vulnerability classified as critical was found in 1000 
Projects Port ...)
+       TODO: check
+CVE-2024-11818 (A vulnerability classified as critical has been found in 
PHPGurukul Us ...)
+       TODO: check
+CVE-2024-11817 (A vulnerability was found in PHPGurukul User Registration & 
Login and  ...)
+       TODO: check
+CVE-2024-11745 (A vulnerability was found in Tenda AC8 16.03.34.09 and 
classified as c ...)
+       TODO: check
+CVE-2024-11744 (A vulnerability has been found in 1000 Projects Portfolio 
Management S ...)
+       TODO: check
+CVE-2024-11622 (An XML external entity injection (XXE) vulnerability in HPE 
Insight Re ...)
+       TODO: check
+CVE-2024-11219 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for 
Gutenberg E ...)
+       TODO: check
+CVE-2024-11083 (The ProfilePress plugin for WordPress is vulnerable to 
Sensitive Infor ...)
+       TODO: check
+CVE-2024-10895 (The Counter Up \u2013 Animated Number Counter & Milestone 
Showcase plu ...)
+       TODO: check
+CVE-2024-10580 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, 
Popups plu ...)
+       TODO: check
+CVE-2024-10175 (The Pricing Tables For WPBakery Page Builder (formerly Visual 
Composer ...)
+       TODO: check
 CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated 
user to ...)
        NOT-FOR-US: Hitachi Energy
 CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not 
restrict ex ...)
@@ -8632,7 +8678,7 @@ CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 
through 2.0.18, if a ma
 CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to 
1.0.12 ar ...)
        NOT-FOR-US: Delta Electronics
 CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling 
crafted  ...)
-       {DSA-5811-1}
+       {DSA-5811-1 DLA-3967-1}
        - mpg123 1.32.8-1 (bug #1086443)
        NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
        NOTE: https://sourceforge.net/p/mpg123/bugs/322/
@@ -13258,7 +13304,7 @@ CVE-2024-9444 (The ElementsReady Addons for Elementor 
plugin for WordPress is vu
 CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub 
source ...)
        NOT-FOR-US: Docker Desktop
 CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs 
with u ...)
-       {DLA-3942-1}
+       {DLA-3942-2 DLA-3942-1}
        [experimental] - openssl 3.4.0-1
        - openssl 3.3.2-2 (bug #1085378)
        [bookworm] - openssl 3.0.15-1~deb12u1
@@ -38888,7 +38934,7 @@ CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 
1.21.3, an attacker can modi
        - krb5 1.21.3-1
        NOTE: 
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef 
(krb5-1.21.3-final)
 CVE-2024-5535 (Issue summary: Calling the OpenSSL API function 
SSL_select_next_proto  ...)
-       {DLA-3942-1}
+       {DLA-3942-2 DLA-3942-1}
        - openssl 3.3.2-1 (bug #1074487)
        [bookworm] - openssl 3.0.15-1~deb12u1
        NOTE: https://www.openssl.org/news/secadv/20240627.txt
@@ -47440,7 +47486,7 @@ CVE-2023-35949 (Multiple stack-based buffer overflow 
vulnerabilities exist in th
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
        NOTE: https://github.com/libigl/libigl/issues/2387
 CVE-2024-4741 (Issue summary: Calling the OpenSSL API function 
SSL_free_buffers may c ...)
-       {DLA-3942-1}
+       {DLA-3942-2 DLA-3942-1}
        - openssl 3.2.2-1 (bug #1072113)
        [bookworm] - openssl 3.0.14-1~deb12u1
        [buster] - openssl <postponed> (Minor issue, fix along with next update 
round)
@@ -67133,7 +67179,7 @@ CVE-2024-26811 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.8.9-1
        NOTE: 
https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
 CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can 
cause un ...)
-       {DLA-3942-1}
+       {DLA-3942-2 DLA-3942-1}
        [experimental] - openssl 3.3.0-1
        - openssl 3.2.2-1 (bug #1068658)
        [bookworm] - openssl 3.0.14-1~deb12u1
@@ -86155,7 +86201,7 @@ CVE-2023-33757 (A lack of SSL certificate validation in 
Splicecom iPCS (iOS App)
 CVE-2024-0822 (An authentication bypass vulnerability was found in 
overt-engine. This ...)
        NOT-FOR-US: ovirt-engine
 CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file 
may lead ...)
-       {DLA-3942-1}
+       {DLA-3942-2 DLA-3942-1}
        - openssl 3.1.5-1 (bug #1061582)
        [bookworm] - openssl 3.0.13-1~deb12u1
        [buster] - openssl <postponed> (Minor issue, DoS, Low severity)
@@ -102783,7 +102829,7 @@ CVE-2023-5717 (A heap out-of-bounds write 
vulnerability in the Linux kernel's Li
        [bookworm] - linux 6.1.64-1
        NOTE: 
https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7)
 CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or 
checking e ...)
-       {DLA-3942-1}
+       {DLA-3942-2 DLA-3942-1}
        - openssl 3.0.12-2 (bug #1055473)
        [bookworm] - openssl 3.0.13-1~deb12u1
        [buster] - openssl <postponed> (Minor issue; can be fixed along with 
future update)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431abe7c2cce16d9dc878bd211d813fe619aa6df

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431abe7c2cce16d9dc878bd211d813fe619aa6df
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to