Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9f5f27fe by security tracker role at 2024-11-28T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2024-53860 (sp-php-email-handler is a PHP package for handling contact
form submis ...)
+ TODO: check
+CVE-2024-53859 (go-gh is a Go module for interacting with the `gh` utility and
the Git ...)
+ TODO: check
+CVE-2024-53858 (The gh cli is GitHub\u2019s official command line tool. A
security vul ...)
+ TODO: check
+CVE-2024-53260 (Autolab is a course management service that enables
auto-graded progra ...)
+ TODO: check
+CVE-2024-53008 (Inconsistent interpretation of HTTP requests ('HTTP
Request/Response S ...)
+ TODO: check
+CVE-2024-46939 (The game extension engine of versions 1.2.7.0 and earlier
exposes some ...)
+ TODO: check
+CVE-2024-38658 (There is an Out-of-bounds read vulnerability in V-Server
(v4.0.19.0 an ...)
+ TODO: check
+CVE-2024-38389 (There is an Out-of-bounds read vulnerability in TELLUS
(v4.0.19.0 and ...)
+ TODO: check
+CVE-2024-38309 (There are multiple stack-based buffer overflow vulnerabilities
in V-SF ...)
+ TODO: check
+CVE-2024-36466 (A bug in the code allows an attacker to sign a forged
zbx_session cook ...)
+ TODO: check
+CVE-2024-11933 (Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based
Buffer Overfl ...)
+ TODO: check
+CVE-2024-11925 (The JobSearch WP Job Board plugin for WordPress is vulnerable
to privi ...)
+ TODO: check
+CVE-2024-11918 (The Image Alt Text plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-11803 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing
Out-Of-Bounds ...)
+ TODO: check
+CVE-2024-11802 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing
Stack-Based Bu ...)
+ TODO: check
+CVE-2024-11801 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing
Out-Of-Bounds ...)
+ TODO: check
+CVE-2024-11800 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing
Stack-based Bu ...)
+ TODO: check
+CVE-2024-11799 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing
Stack-based Bu ...)
+ TODO: check
+CVE-2024-11798 (Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds
Write Remo ...)
+ TODO: check
+CVE-2024-11797 (Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds
Write Remo ...)
+ TODO: check
+CVE-2024-11796 (Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds
Write Rem ...)
+ TODO: check
+CVE-2024-11795 (Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based
Buffer Overf ...)
+ TODO: check
+CVE-2024-11794 (Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds
Write Rem ...)
+ TODO: check
+CVE-2024-11793 (Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds
Write Rem ...)
+ TODO: check
+CVE-2024-11792 (Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based
Buffer Overf ...)
+ TODO: check
+CVE-2024-11791 (Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based
Buffer Over ...)
+ TODO: check
+CVE-2024-11790 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based
Buffer Over ...)
+ TODO: check
+CVE-2024-11789 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based
Buffer Over ...)
+ TODO: check
+CVE-2024-11787 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based
Buffer Over ...)
+ TODO: check
+CVE-2024-10896 (The Logo Slider WordPress plugin before 4.5.0 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-10510 (The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress
plugin t ...)
+ TODO: check
+CVE-2024-10493 (The Element Pack Elementor Addons (Header Footer, Template
Library, Dy ...)
+ TODO: check
+CVE-2024-10473 (The Logo Slider WordPress plugin before 4.5.0 does not
sanitise and e ...)
+ TODO: check
CVE-2024-11738
- rust-rustls <not-affected> (Vulnerable code introduced later)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0399.html
@@ -42178,16 +42244,19 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12
allows code execution in situ
CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C
through e5dad3 ...)
NOT-FOR-US: The Algorithms - C
CVE-2024-38441 (Netatalk before 3.2.1 has an off-by-one error and resultant
heap-based ...)
+ {DLA-3968-1}
- netatalk 3.1.18~ds-2 (bug #1074475)
NOTE: https://github.com/Netatalk/netatalk/issues/1098
NOTE: https://netatalk.io/security/CVE-2024-38441
NOTE:
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5
(netatalk-3-2-1)
CVE-2024-38440 (Netatalk before 3.2.1 has an off-by-one error, and resultant
heap-base ...)
+ {DLA-3968-1}
- netatalk 3.1.18~ds-2 (bug #1074474)
NOTE: https://github.com/Netatalk/netatalk/issues/1097
NOTE: https://netatalk.io/security/CVE-2024-38440
NOTE:
https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5
(netatalk-3-2-1)
CVE-2024-38439 (Netatalk before 3.2.1 has an off-by-one error and resultant
heap-based ...)
+ {DLA-3968-1}
- netatalk 3.1.18~ds-2 (bug #1074473)
NOTE: https://github.com/Netatalk/netatalk/issues/1096
NOTE: https://netatalk.io/security/CVE-2024-38439
@@ -152712,7 +152781,7 @@ CVE-2023-0144 (The Event Manager and Tickets Selling
Plugin for WooCommerce Word
NOT-FOR-US: WordPress plugin
CVE-2023-0143 (The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2
does n ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0142 (Uncontrolled search path element vulnerability in Backup
Management Fu ...)
+CVE-2023-0142 (Uncontrolled search path element vulnerability in Backup
Management fu ...)
NOT-FOR-US: Synology
CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior
to 109. ...)
{DSA-5317-1}
@@ -233050,7 +233119,7 @@ CVE-2022-22997 (Addressed a remote code execution
vulnerability by resolving a c
CVE-2022-22996 (The G-RAID 4/8 Software Utility setups for Windows were
affected by a ...)
NOT-FOR-US: Western Digital Windows setup
CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their
default ...)
- {DLA-3706-1}
+ {DLA-3968-1 DLA-3706-1}
- netatalk 3.1.18~ds-1 (bug #1053545)
NOTE: https://netatalk.sourceforge.io/CVE-2022-22995.php
NOTE: https://github.com/Netatalk/netatalk/pull/509
@@ -475004,15 +475073,15 @@ CVE-2018-9379
RESERVED
CVE-2018-9378
RESERVED
-CVE-2018-9377
- RESERVED
+CVE-2018-9377 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp,
there ...)
+ TODO: check
CVE-2018-9376
RESERVED
NOT-FOR-US: Android
CVE-2018-9375
RESERVED
-CVE-2018-9374
- RESERVED
+CVE-2018-9374 (In installPackageLI of PackageManagerService.java, there is a
possible ...)
+ TODO: check
CVE-2018-9373
RESERVED
CVE-2018-9372 (In cmd_flash_mmc_sparse_img of dl_commands.c, there is a
possible out ...)
@@ -475052,18 +475121,18 @@ CVE-2018-9356 (In bnep_data_ind of bnep_main.c,
there is a possible remote code
NOT-FOR-US: Android
CVE-2018-9355 (In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out
of boun ...)
NOT-FOR-US: Android
-CVE-2018-9354
- RESERVED
-CVE-2018-9353
- RESERVED
-CVE-2018-9352
- RESERVED
-CVE-2018-9351
- RESERVED
-CVE-2018-9350
- RESERVED
-CVE-2018-9349
- RESERVED
+CVE-2018-9354 (In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit,
there is ...)
+ TODO: check
+CVE-2018-9353 (In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a
possible ...)
+ TODO: check
+CVE-2018-9352 (In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a
possible re ...)
+ TODO: check
+CVE-2018-9351 (In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is
a possi ...)
+ TODO: check
+CVE-2018-9350 (In ih264d_assign_pic_num of ih264d_utils.c there is a possible
out of ...)
+ TODO: check
+CVE-2018-9349 (In mv_err_cost of mcomp.c there is a possible out of bounds
read due t ...)
+ TODO: check
CVE-2018-9348 (In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer
overfl ...)
NOT-FOR-US: Android Media Framework
CVE-2018-9347 (In function SMF_ParseMetaEvent of file eas_smf.c there is
incorrect in ...)
@@ -513870,17 +513939,14 @@ CVE-2017-13325
RESERVED
CVE-2017-13324
RESERVED
-CVE-2017-13323
- RESERVED
+CVE-2017-13323 (In String16 of String16.cpp, there is a possible out of bounds
write d ...)
NOT-FOR-US: Android
CVE-2017-13322
RESERVED
NOT-FOR-US: Android
-CVE-2017-13321
- RESERVED
+CVE-2017-13321 (In SensorService::isDataInjectionEnabled
offrameworks/native/services/ ...)
NOT-FOR-US: Android
-CVE-2017-13320
- RESERVED
+CVE-2017-13320 (In impeg2d_bit_stream_flush() of libmpeg2dec there is a
possible OOB r ...)
NOT-FOR-US: Android Media Framework
CVE-2017-13319 (In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp,
there is ...)
NOT-FOR-US: Android Media Framework
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f5f27fec415a546c9244bf1fe23aa6800e1293f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f5f27fec415a546c9244bf1fe23aa6800e1293f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
