[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 7 09:12:40 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3b9c2788 by security tracker role at 2024-08-07T08:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2024-6494 (The WordPress File Upload WordPress plugin before 4.24.8 does not prop ...)
+ TODO: check
+CVE-2024-42219 (1Password 8 before 8.10.36 for macOS allows local attackers to exfiltr ...)
+ TODO: check
+CVE-2024-42218 (1Password 8 before 8.10.38 for macOS allows local attackers to exfiltr ...)
+ TODO: check
+CVE-2024-41270 (An issue discovered in the RunHTTPServer function in Gorush v1.18.4 al ...)
+ TODO: check
+CVE-2024-3973 (The House Manager WordPress plugin through 1.0.8.4 does not sanitise ...)
+ TODO: check
+CVE-2024-38206 (An authenticated attacker can bypass Server-Side Request Forgery (SSRF ...)
+ TODO: check
+CVE-2024-38166 (An unauthenticated attacker can exploit improper neutralization of inp ...)
+ TODO: check
+CVE-2024-37403 (Ivanti Docs at Work for Android, before 2.26.0 is affected by the 'Dirty ...)
+ TODO: check
+CVE-2024-36132 (Insufficient verification of authentication controls in EPMM prior to ...)
+ TODO: check
+CVE-2024-36131 (An insecure deserialization vulnerability in web component of EPMM pri ...)
+ TODO: check
+CVE-2024-36130 (An insufficient authorization vulnerability in web component of EPMM p ...)
+ TODO: check
+CVE-2024-34788 (An improper authentication vulnerability in web component of EPMM prio ...)
+ TODO: check
+CVE-2024-34636 (Use of implicit intent for sensitive communication in Samsung Email pr ...)
+ TODO: check
+CVE-2024-34635 (Out-of-bounds read in parsing textbox object in Samsung Notes prior to ...)
+ TODO: check
+CVE-2024-34634 (Out-of-bounds read in parsing connected object list in Samsung Notes p ...)
+ TODO: check
+CVE-2024-34633 (Out-of-bounds read in parsing object header in Samsung Notes prior to ...)
+ TODO: check
+CVE-2024-34632 (Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4 ...)
+ TODO: check
+CVE-2024-34631 (Out-of-bounds read in applying new binary in Samsung Notes prior to ve ...)
+ TODO: check
+CVE-2024-34630 (Out-of-bounds read in applying own binary with textbox in Samsung Note ...)
+ TODO: check
+CVE-2024-34629 (Out-of-bounds read in applying binary with text common object in Samsu ...)
+ TODO: check
+CVE-2024-34628 (Out-of-bounds read in applying binary with path in Samsung Notes prior ...)
+ TODO: check
+CVE-2024-34627 (Out-of-bounds read in parsing implemention in Samsung Notes prior to v ...)
+ TODO: check
+CVE-2024-34626 (Out-of-bounds read in applying own binary in Samsung Notes prior to ve ...)
+ TODO: check
+CVE-2024-34625 (Out-of-bounds read in applying connection point in Samsung Notes prior ...)
+ TODO: check
+CVE-2024-34624 (Out-of-bounds read in applying paragraphs in Samsung Notes prior to ve ...)
+ TODO: check
+CVE-2024-34623 (Out-of-bounds write in applying connected information in Samsung Notes ...)
+ TODO: check
+CVE-2024-34622 (Out-of-bounds write in appending paragraph in Samsung Notes prior to v ...)
+ TODO: check
+CVE-2024-34621 (Out-of-bounds read in applying binary with data in Samsung Notes prior ...)
+ TODO: check
+CVE-2024-34620 (Improper privilege management in SumeNNService prior to SMR Aug-2024 R ...)
+ TODO: check
+CVE-2024-34619 (Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 ...)
+ TODO: check
+CVE-2024-34618 (Improper access control in System property prior to SMR Aug-2024 Relea ...)
+ TODO: check
+CVE-2024-34617 (Improper handling of insufficient permission in Telephony prior to SMR ...)
+ TODO: check
+CVE-2024-34616 (Improper handling of insufficient permission in KnoxDualDARPolicy prio ...)
+ TODO: check
+CVE-2024-34615 (Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allow ...)
+ TODO: check
+CVE-2024-34614 (Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allow ...)
+ TODO: check
+CVE-2024-34613 (Improper access control in Galaxy Watch prior to SMR Aug-2024 Release ...)
+ TODO: check
+CVE-2024-34612 (Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Rel ...)
+ TODO: check
+CVE-2024-34611 (Improper access control in KnoxService prior to SMR Aug-2024 Release 1 ...)
+ TODO: check
+CVE-2024-34610 (Improper access control in ExtControlDeviceService prior to SMR Aug-20 ...)
+ TODO: check
+CVE-2024-34609 (Improper access control in VoiceNoteService prior to SMR Aug-2024 Rele ...)
+ TODO: check
+CVE-2024-34608 (Improper access control in PaymentManagerService prior to SMR Aug-2024 ...)
+ TODO: check
+CVE-2024-34607 (Improper access control in SamsungNotesService prior to SMR Aug-2024 R ...)
+ TODO: check
+CVE-2024-34606 (Improper access control in SmartThingsService prior to SMR Aug-2024 Re ...)
+ TODO: check
+CVE-2024-34605 (Improper access control in SamsungHealthService prior to SMR Aug-2024 ...)
+ TODO: check
+CVE-2024-34604 (Improper access control in LedCoverService prior to SMR Aug-2024 Relea ...)
+ TODO: check
CVE-2024-7564 (Logsign Unified SecOps Platform Directory Traversal Information Disclo ...)
NOT-FOR-US: Logsign Unified SecOps Platform
CVE-2024-7552 (A vulnerability was found in DataGear up to 5.0.0. It has been declare ...)
@@ -178,25 +268,26 @@ CVE-2024-5290
{DSA-5739-1}
- wpa 2:2.10-22
NOTE: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
-CVE-2024-7550
+CVE-2024-7550 (Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7536
+CVE-2024-7536 (Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7535
+CVE-2024-7535 (Inappropriate implementation in V8 in Google Chrome prior to 127.0.653 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7534
+CVE-2024-7534 (Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7533
+CVE-2024-7533 (Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533. ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-7532
+CVE-2024-7532 (Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7531 (Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7531
@@ -205,6 +296,7 @@ CVE-2024-7530 (Incorrect garbage collection interaction could have led to a use-
- firefox 129.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7530
CVE-2024-7529 (The date picker could partially obscure security prompts. This could b ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -215,13 +307,15 @@ CVE-2024-7528 (Incorrect garbage collection interaction in IndexedDB could have
- firefox 129.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7528
CVE-2024-7527 (Unexpected marking work at the start of sweeping could have led to a u ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7527
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7527
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7527
-CVE-2024-7526 (ANGLE failed to initialize parameters which lead to reading from unini ...)
+CVE-2024-7526 (ANGLE failed to initialize parameters which led to reading from uninit ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -229,6 +323,7 @@ CVE-2024-7526 (ANGLE failed to initialize parameters which lead to reading from
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7526
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7526
CVE-2024-7525 (It was possible for a web extension with minimal permissions to create ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -236,6 +331,7 @@ CVE-2024-7525 (It was possible for a web extension with minimal permissions to c
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7525
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7525
CVE-2024-7524 (Firefox adds web-compatibility shims in place of some tracking scripts ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7524
@@ -244,6 +340,7 @@ CVE-2024-7523 (A select option could partially obscure security prompts. This co
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7523
CVE-2024-7522 (Editor code failed to check an attribute value. This could have led to ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -251,6 +348,7 @@ CVE-2024-7522 (Editor code failed to check an attribute value. This could have l
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7522
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7522
CVE-2024-7521 (Incomplete WebAssembly exception handing could have led to a use-after ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -261,6 +359,7 @@ CVE-2024-7520 (A type confusion bug in WebAssembly could be leveraged by an atta
- firefox 129.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7520
CVE-2024-7519 (Insufficient checks when processing graphics shared memory could have ...)
+ {DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird <unfixed>
@@ -286,9 +385,9 @@ CVE-2024-41989
- python-django 3:4.2.15-1 (bug #1078074)
NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE: https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/ (4.2.15)
-CVE-2024-42062
+CVE-2024-42062 (CloudStack account-users by default use username and password based au ...)
NOT-FOR-US: Apache CloudStack
-CVE-2024-42222
+CVE-2024-42222 (In Apache CloudStack 4.19.1.0, a regression in the network listing API ...)
NOT-FOR-US: Apache CloudStack
CVE-2024-7506 (A vulnerability has been found in itsourcecode Tailoring Management Sy ...)
NOT-FOR-US: itsourcecode Tailoring Management System
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b9c2788cd33ff1926ed1a6ebf200bcad5abab23
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b9c2788cd33ff1926ed1a6ebf200bcad5abab23
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240807/7e79e63f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list