[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 22 09:12:06 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d9f5714f by security tracker role at 2024-04-22T08:11:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-4022 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...)
+ TODO: check
+CVE-2024-4021 (A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-18 ...)
+ TODO: check
+CVE-2024-32698 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32693 (Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automati ...)
+ TODO: check
+CVE-2024-32690 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32418 (An issue in flusity CMS v2.33 allows a remote attacker to execute arbi ...)
+ TODO: check
+CVE-2024-30799 (An issue in PX4 Autopilot v1.14 and before allows a remote attacker to ...)
+ TODO: check
+CVE-2024-28722 (Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3 ...)
+ TODO: check
+CVE-2023-7252 (The Tickera WordPress plugin before 3.5.2.5 does not prevent users fr ...)
+ TODO: check
+CVE-2018-25101 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2015-10132 (A vulnerability classified as problematic was found in Thimo Grauerhol ...)
+ TODO: check
CVE-2024-32041 [OutOfBound Read in zgfx_decompress_segment]
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 <unfixed>
@@ -1922,7 +1952,7 @@ CVE-2024-XXXX [Stored XSS in Avatar block]
NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1933,7 +1963,7 @@ CVE-2024-3865 (Memory safety bugs present in Firefox 124. Some of these bugs sho
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thund ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1951,7 +1981,7 @@ CVE-2024-3862 (The MarkStack assignment operator, part of the JavaScript engine,
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent self-move ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1962,7 +1992,7 @@ CVE-2024-3860 (An out-of-memory condition during object initialization could res
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an out-of- ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1973,7 +2003,7 @@ CVE-2024-3858 (It was possible to mutate a JavaScript object so that the JIT cou
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases. This le ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1987,7 +2017,7 @@ CVE-2024-3855 (In certain cases the JIT incorrectly optimized MSubstr operations
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch statements ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -1998,7 +2028,7 @@ CVE-2024-3853 (A use-after-free could result if a JavaScript realm was in the pr
- firefox 125.0.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
CVE-2024-3852 (GetBoundName could return the wrong version of an object when JIT opti ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -2305,7 +2335,7 @@ CVE-2024-29219 (Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 a
NOT-FOR-US: KEYENCE KV STUDIO
CVE-2024-29218 (Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and ea ...)
NOT-FOR-US: KEYENCE KV STUDIO
-CVE-2024-29217
+CVE-2024-29217 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Apache Answer
CVE-2024-28957 (Generation of predictable identifiers issue exists in Cente middleware ...)
NOT-FOR-US: Cente
@@ -6564,7 +6594,7 @@ CVE-2024-2322 (The WooCommerce Cart Abandonment Recovery WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2024-29734 (Uncontrolled search path element issue exists in SonicDICOM Media View ...)
NOT-FOR-US: SonicDICOM Media Viewer
-CVE-2024-29733
+CVE-2024-29733 (Improper Certificate Validation vulnerability in Apache Airflow FTP Pr ...)
NOT-FOR-US: Airflow FTP provider
CVE-2024-29434 (An issue in the system image upload interface of Alldata v0.4.6 allows ...)
NOT-FOR-US: Alldata
@@ -10729,7 +10759,7 @@ CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce valu
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
CVE-2024-2609 (The permission prompt input delay could expire while the window is not ...)
- {DSA-5663-1 DLA-3790-1}
+ {DSA-5670-1 DSA-5663-1 DLA-3790-1}
- firefox 124.0-1
- firefox-esr 115.10.0esr-1
- thunderbird 1:115.10.1-1
@@ -12833,6 +12863,7 @@ CVE-2024-27902 (Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP
CVE-2024-27900 (Due to missing authorization check, attacker with business user accoun ...)
NOT-FOR-US: SAP
CVE-2024-27297 (Nix is a package manager for Linux and other Unix systems. A fixed-out ...)
+ {DSA-5669-1}
- guix 1.4.0-6 (bug #1066113)
- nix <unfixed> (bug #1066812)
[bookworm] - nix <no-dsa> (Minor issue)
@@ -45228,6 +45259,7 @@ CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vu
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-50186 [AV1 codec parser buffer overflow]
+ {DSA-5583-1}
- gst-plugins-bad1.0 1.22.8-1
[bullseye] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
[buster] - gst-plugins-bad1.0 <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f5714f4e49a5c60526a501ccf071a9df08fa33
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f5714f4e49a5c60526a501ccf071a9df08fa33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240422/525edc6a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list