[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 7 21:12:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aaed8e51 by security tracker role at 2024-08-07T20:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,78 +1,170 @@
-CVE-2024-42250 [cachefiles: add missing lock protection when polling]
+CVE-2024-7585 (A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classifi ...)
+ TODO: check
+CVE-2024-7584 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-7583 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-7582 (A vulnerability classified as critical was found in Tenda i22 1.0.0.3( ...)
+ TODO: check
+CVE-2024-7581 (A vulnerability classified as critical has been found in Tenda A301 15 ...)
+ TODO: check
+CVE-2024-7580 (A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24. ...)
+ TODO: check
+CVE-2024-7579 (A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24. ...)
+ TODO: check
+CVE-2024-7578 (A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24. ...)
+ TODO: check
+CVE-2024-7553 (Incorrect validation of files loaded from a local untrusted directory ...)
+ TODO: check
+CVE-2024-7355 (The Organization chart plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-7353 (The Accept Stripe Payments plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-7267 (Exposure of Sensitive Informationvulnerability in Naukowa i Akademicka ...)
+ TODO: check
+CVE-2024-7266 (Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0 ...)
+ TODO: check
+CVE-2024-7265 (Incorrect User Management vulnerability in Naukowa i Akademicka Sie\u0 ...)
+ TODO: check
+CVE-2024-7143 (A flaw was found in the Pulp package. When a role-based access control ...)
+ TODO: check
+CVE-2024-7061 (Okta Verify for Windows is vulnerable to privilege escalation through ...)
+ TODO: check
+CVE-2024-6522 (The Modern Events Calendar plugin for WordPress is vulnerable to Serve ...)
+ TODO: check
+CVE-2024-43199 (Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios t ...)
+ TODO: check
+CVE-2024-43045 (Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a ...)
+ TODO: check
+CVE-2024-43044 (Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent proces ...)
+ TODO: check
+CVE-2024-41912 (A vulnerability was discovered in the firmware builds up to 10.10.2.2 ...)
+ TODO: check
+CVE-2024-41432 (An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5 ...)
+ TODO: check
+CVE-2024-41309 (An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 ...)
+ TODO: check
+CVE-2024-41308 (An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows ...)
+ TODO: check
+CVE-2024-41252 (An Incorrect Access Control vulnerability was found in /smsa/admin_stu ...)
+ TODO: check
+CVE-2024-41251 (An Incorrect Access Control vulnerability was found in /smsa/admin_tea ...)
+ TODO: check
+CVE-2024-41250 (An Incorrect Access Control vulnerability was found in /smsa/view_stud ...)
+ TODO: check
+CVE-2024-41249 (An Incorrect Access Control vulnerability was found in /smsa/view_subj ...)
+ TODO: check
+CVE-2024-41248 (An Incorrect Access Control vulnerability was found in /smsa/add_subje ...)
+ TODO: check
+CVE-2024-41247 (An Incorrect Access Control vulnerability was found in /smsa/add_class ...)
+ TODO: check
+CVE-2024-41246 (An Incorrect Access Control vulnerability was found in /smsa/admin_das ...)
+ TODO: check
+CVE-2024-41245 (An Incorrect Access Control vulnerability was found in /smsa/view_teac ...)
+ TODO: check
+CVE-2024-41244 (An Incorrect Access Control vulnerability was found in /smsa/view_clas ...)
+ TODO: check
+CVE-2024-41243 (An Incorrect Access Control vulnerability was found in /smsa/view_mark ...)
+ TODO: check
+CVE-2024-41242 (A Reflected Cross Site Scripting (XSS) vulnerability was found in /sms ...)
+ TODO: check
+CVE-2024-41241 (A Reflected Cross Site Scripting (XSS) vulnerability was found in " /s ...)
+ TODO: check
+CVE-2024-41240 (A Reflected Cross Site Scripting (XSS) vulnerability was found in " /s ...)
+ TODO: check
+CVE-2024-41239 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/ ...)
+ TODO: check
+CVE-2024-41237 (A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara ...)
+ TODO: check
+CVE-2024-34480 (SourceCodester Computer Laboratory Management System 1.0 allows admin/ ...)
+ TODO: check
+CVE-2024-34479 (SourceCodester Computer Laboratory Management System 1.0 allows classe ...)
+ TODO: check
+CVE-2024-20479 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-20454 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2024-20451 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2024-20450 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2024-20443 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
+CVE-2024-42250 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cf5bb09e742a9cf6349127e868329a8f69b7a014 (6.10)
-CVE-2024-42249 [spi: don't unoptimize message in spi_async()]
+CVE-2024-42249 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c86a918b1bdba78fb155184f8d88dfba1e63335d (6.10)
-CVE-2024-42248 [tty: serial: ma35d1: Add a NULL check for of_node]
+CVE-2024-42248 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.9.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/acd09ac253b5de8fd79fc61a482ee19154914c7a (6.10)
-CVE-2024-42247 [wireguard: allowedips: avoid unaligned 64-bit memory accesses]
+CVE-2024-42247 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.9.10-1
NOTE: https://git.kernel.org/linus/948f991c62a4018fb81d85804eeab3029c6209f8 (6.10)
-CVE-2024-42246 [net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket]
+CVE-2024-42246 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.9.10-1
NOTE: https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde (6.10)
-CVE-2024-42245 [Revert "sched/fair: Make sure to try to detach at least one movable task"]
+CVE-2024-42245 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2feab2492deb2f14f9675dd6388e9e2bf669c27a (6.10)
-CVE-2024-42244 [USB: serial: mos7840: fix crash on resume]
+CVE-2024-42244 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.9.10-1
NOTE: https://git.kernel.org/linus/c15a688e49987385baa8804bf65d570e362f8576 (6.10)
-CVE-2024-42243 [mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray]
+CVE-2024-42243 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/099d90642a711caae377f53309abfe27e8724a8b (6.10)
-CVE-2024-42242 [mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE]
+CVE-2024-42242 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/63d20a94f24fc1cbaf44d0e7c0e0a8077fde0aef (6.10)
-CVE-2024-42241 [mm/shmem: disable PMD-sized page cache if needed]
+CVE-2024-42241 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9fd154ba926b34c833b7bfc4c14ee2e931b3d743 (6.10)
-CVE-2024-42240 [x86/bhi: Avoid warning in #DB handler due to BHI mitigation]
+CVE-2024-42240 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ac8b270b61d48fcc61f052097777e3b5e11591e0 (6.10)
-CVE-2024-42239 [bpf: Fail bpf_timer_cancel when callback is being cancelled]
+CVE-2024-42239 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d4523831f07a267a943f0dde844bf8ead7495f13 (6.10)
-CVE-2024-42238 [firmware: cs_dsp: Return error if block header overflows file]
+CVE-2024-42238 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/959fe01e85b7241e3ec305d657febbe82da16a02 (6.10)
-CVE-2024-42237 [firmware: cs_dsp: Validate payload length before processing block]
+CVE-2024-42237 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.9.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6598afa9320b6ab13041616950ca5f8f938c0cf1 (6.10)
-CVE-2024-42236 [usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()]
+CVE-2024-42236 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.9.10-1
NOTE: https://git.kernel.org/linus/6d3c721e686ea6c59e18289b400cc95c76e927e0 (6.10)
-CVE-2024-42235 [s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()]
+CVE-2024-42235 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.9.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b5efb63acf7bddaf20eacfcac654c25c446eabe8 (6.10)
-CVE-2024-42234 [mm: fix crashes from deferred split racing folio migration]
+CVE-2024-42234 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/be9581ea8c058d81154251cb0695987098996cad (6.10)
-CVE-2024-42233 [filemap: replace pte_offset_map() with pte_offset_map_nolock()]
+CVE-2024-42233 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.9.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/24be02a42181f0707be0498045c4c4b13273b16d (6.10)
-CVE-2024-42232 [libceph: fix race between delayed_work() and ceph_monc_stop()]
+CVE-2024-42232 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.9.10-1
NOTE: https://git.kernel.org/linus/69c7b2fe4c9cc1d3b1186d1c5606627ecf0de883 (6.10)
CVE-2024-6494 (The WordPress File Upload WordPress plugin before 4.24.8 does not prop ...)
@@ -341,7 +433,7 @@ CVE-2024-23456 (Anti-tampering can be disabled under certain conditions without
NOT-FOR-US: Zscaler
CVE-2023-40819 (ID4Portais in version < V.2022.837.002a returns message parameter unsa ...)
NOT-FOR-US: ID4Portais
-CVE-2024-5290
+CVE-2024-5290 (An issue was discovered in Ubuntu wpa_supplicant that resulted in load ...)
{DSA-5739-1}
- wpa 2:2.10-22
NOTE: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
@@ -446,19 +538,19 @@ CVE-2024-7519 (Insufficient checks when processing graphics shared memory could
CVE-2024-7518 (Select options could obscure the fullscreen notification dialog. This ...)
- firefox 129.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7518
-CVE-2024-42005
+CVE-2024-42005 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE: https://github.com/django/django/commit/f4af67b9b41e0f4c117a8741da3abbd1c869ab28/ (4.2.15)
-CVE-2024-41991
+CVE-2024-41991 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE: https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/ (4.2.15)
-CVE-2024-41990
+CVE-2024-41990 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE: https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88/ (4.2.15)
-CVE-2024-41989
+CVE-2024-41989 (An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2. ...)
- python-django 3:4.2.15-1 (bug #1078074)
NOTE: https://www.djangoproject.com/weblog/2024/aug/06/security-releases/
NOTE: https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b/ (4.2.15)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaed8e51fbe52e118faba0229e0a89c3a9f7c311
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aaed8e51fbe52e118faba0229e0a89c3a9f7c311
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240807/fce76da4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list