[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 13 09:12:01 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35bc06b6 by security tracker role at 2024-04-13T08:11:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2024-3027 (The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2024-32028 (OpenTelemetry dotnet is a dotnet telemetry framework. In affected vers ...)
+	TODO: check
+CVE-2024-32019 (Netdata is an open source observability tool. In affected versions the ...)
+	TODO: check
+CVE-2024-32005 (NiceGUI is an easy-to-use, Python-based UI framework. A local file inc ...)
+	TODO: check
+CVE-2024-32003 (wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk ...)
+	TODO: check
+CVE-2024-31462 (stable-diffusion-webui is a web interface for Stable Diffusion, implem ...)
+	TODO: check
+CVE-2024-2583 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...)
+	TODO: check
+CVE-2024-29023 (Xibo is an Open Source Digital Signage platform with a web content man ...)
+	TODO: check
+CVE-2024-29022 (Xibo is an Open Source Digital Signage platform with a web content man ...)
+	TODO: check
+CVE-2024-28869 (Traefik is an HTTP reverse proxy and load balancer. In affected versio ...)
+	TODO: check
+CVE-2024-1957 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
+	TODO: check
 CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...)
 	NOT-FOR-US: OpenGnsys
 CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...)
@@ -916,9 +938,11 @@ CVE-2021-47181 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux 4.19.232-1
 	NOTE: https://git.kernel.org/linus/14651496a3de6807a17c310f63c894ea0c5d858e (5.16-rc1)
 CVE-2024-26816 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1)
 CVE-2024-26815 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1824,6 +1848,7 @@ CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7.
 CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2201 [Native Branch History Injection]
+	{DSA-5658-1}
 	- linux <unfixed>
 	- xen <unfixed>
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -2093,6 +2118,7 @@ CVE-2014-125111 (A vulnerability was found in namithjawahar Wp-Insert up to 2.0.
 CVE-2011-10006 (A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
 CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...)
@@ -2556,19 +2582,24 @@ CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS v
 CVE-2023-48426 (u-boot bug that allows for u-boot shell and interrupt over UART)
 	NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian)
 CVE-2024-27437 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/fe9a7082684eb059b925c535682e68c34d487d43 (6.9-rc1)
 CVE-2024-26814 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7447d911af699a15f8d050dfcb7c680a86f87012 (6.9-rc1)
 CVE-2024-26813 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/675daf435e9f8e5a5eab140a9864dfad6668b375 (6.9-rc1)
 CVE-2024-26812 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/18c198c96a815c962adc2b9b77909eec0be7df4d (6.9-rc1)
 CVE-2024-26810 (In the Linux kernel, the following vulnerability has been resolved:  v ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/810cd4bb53456d0503cc4e7934e063835152c1b7 (6.9-rc1)
 CVE-2024-24746 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
@@ -2773,6 +2804,7 @@ CVE-2023-36644 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remot
 CVE-2023-36643 (Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote atta ...)
 	NOT-FOR-US: ITB-GmbH TradePro
 CVE-2024-26809 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee (6.9-rc1)
@@ -2815,6 +2847,7 @@ CVE-2024-26801 (In the Linux kernel, the following vulnerability has been resolv
 	[bookworm] - linux 6.1.82-1
 	NOTE: https://git.kernel.org/linus/2449007d3f73b2842c9734f45f0aadb522daf592 (6.8-rc7)
 CVE-2024-26800 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
+	{DSA-5658-1}
 	- linux 6.7.9-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -3716,6 +3749,7 @@ CVE-2023-52637 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/efe7cf828039aedb297c1f9920b638fffee6aabc (6.8-rc5)
 CVE-2024-31083 (A use-after-free vulnerability was found in the ProcRenderAddGlyphs()  ...)
+	{DSA-5657-1}
 	- xorg-server 2:21.1.11-3
 	- xwayland <unfixed>
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -3730,12 +3764,14 @@ CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the X.o
 	NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
 	NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component
 CVE-2024-31081 (A heap-based buffer over-read vulnerability was found in the X.org ser ...)
+	{DSA-5657-1}
 	- xorg-server 2:21.1.11-3
 	- xwayland <unfixed>
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee
 	NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
 CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the X.org ser ...)
+	{DSA-5657-1}
 	- xorg-server 2:21.1.11-3
 	- xwayland <unfixed>
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -4439,6 +4475,7 @@ CVE-2024-26655 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8 (6.9-rc2)
 CVE-2024-26654 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/051e0840ffa8ab25554d6b14b62c9ab9e4901457 (6.9-rc2)
 CVE-2024-26653 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
@@ -7226,10 +7263,12 @@ CVE-2023-49837 (Uncontrolled Resource Consumption vulnerability in David Artiss
 CVE-2023-47715 (IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an  ...)
 	NOT-FOR-US: IBM
 CVE-2024-26643 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/552705a3650bbf46a22b1adedc1b04181490fc36 (6.8)
 CVE-2024-26642 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/16603605b667b70da974bea8216c93e7db043bf1 (6.8)
 CVE-2023-52620 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
@@ -15173,10 +15212,12 @@ CVE-2023-6477 (An issue has been discovered in GitLab EE affecting all versions
 CVE-2024-1451 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <not-affected> (Only affects 16.9)
 CVE-2024-26585 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
+	{DSA-5658-1}
 	- linux 6.7.7-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb (6.8-rc5)
 CVE-2024-26584 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	{DSA-5658-1}
 	- linux 6.7.7-1
 	NOTE: https://git.kernel.org/linus/8590541473188741055d27b955db0777569438e3 (6.8-rc5)
 CVE-2024-26583 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
@@ -18913,9 +18954,11 @@ CVE-2024-24859 (A race condition was found in the Linux kernel's net/bluetooth i
 	- linux <unfixed>
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8153
 CVE-2024-24858 (A race condition was found in the Linux kernel's net/bluetooth in {con ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8154
 CVE-2024-24857 (A race condition was found in the Linux kernel's net/bluetooth device  ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8155
 CVE-2024-24855 (A race condition was found in the Linux kernel's scsi device driver in ...)
@@ -35807,6 +35850,7 @@ CVE-2023-47234 (An issue was discovered in FRRouting FRR through 9.0.1. A crash
 	- frr 9.1-0.1 (bug #1055852)
 	NOTE: https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf
 CVE-2023-47233 (The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf ...)
+	{DSA-5658-1}
 	- linux <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1216702
 CVE-2023-45189 (A vulnerability in IBM Robotic Process Automation and IBM Robotic Proc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bc06b65b4e036fabdca415dfb9fe5a596c79d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35bc06b65b4e036fabdca415dfb9fe5a596c79d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240413/bf945ba1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list