[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 8 21:12:26 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5da139a9 by security tracker role at 2024-08-08T20:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,152 @@
-CVE-2024-7348
+CVE-2024-7610 (A Denial of Service (DoS) condition has been discovered in GitLab CE/E ...)
+ TODO: check
+CVE-2024-7554 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2024-7490 (Improper Input Validation vulnerability in Microchip Techology Advance ...)
+ TODO: check
+CVE-2024-7480 (AnImproper access control vulnerability was found in Avaya Aura System ...)
+ TODO: check
+CVE-2024-7477 (A SQL injection vulnerability was found which could allow a command li ...)
+ TODO: check
+CVE-2024-7394 (Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable ...)
+ TODO: check
+CVE-2024-7123
+ REJECTED
+CVE-2024-7121
+ REJECTED
+CVE-2024-6329 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-5423 (Multiple Denial of Service (DoS) conditions has been discovered in Git ...)
+ TODO: check
+CVE-2024-4784 (An issue was discovered in GitLab EE starting from version 16.7 before ...)
+ TODO: check
+CVE-2024-4210 (A Denial of Service (DoS) condition has been discovered in GitLab CE/E ...)
+ TODO: check
+CVE-2024-4207 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
+ TODO: check
+CVE-2024-42493 (Dorsett Controls InfoScan is vulnerable due to a leak of possible sen ...)
+ TODO: check
+CVE-2024-42408 (The InfoScan client download page can be intercepted with a proxy, to ...)
+ TODO: check
+CVE-2024-42366 (VRCX is an assistant/companion application for VRChat. In versions pri ...)
+ TODO: check
+CVE-2024-42365 (Asterisk is an open source private branch exchange (PBX) and telephony ...)
+ TODO: check
+CVE-2024-42357 (Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6 ...)
+ TODO: check
+CVE-2024-42356 (Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6 ...)
+ TODO: check
+CVE-2024-42355 (Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_fe ...)
+ TODO: check
+CVE-2024-42354 (Shopware is an open commerce platform. The store-API works with regula ...)
+ TODO: check
+CVE-2024-42038 (Vulnerability of PIN enhancement failures in the screen lock module Im ...)
+ TODO: check
+CVE-2024-42037 (Vulnerability of uncaught exceptions in the Graphics module Impact: Su ...)
+ TODO: check
+CVE-2024-42036 (Access permission verification vulnerability in the Notepad module Imp ...)
+ TODO: check
+CVE-2024-42035 (Permission control vulnerability in the App Multiplier module Impact:S ...)
+ TODO: check
+CVE-2024-42034 (LaunchAnywhere vulnerability in the account module. Impact: Successful ...)
+ TODO: check
+CVE-2024-42033 (Access control vulnerability in the security verification module mpact ...)
+ TODO: check
+CVE-2024-42032 (Access permission verification vulnerability in the Contacts module Im ...)
+ TODO: check
+CVE-2024-42031 (Access permission verification vulnerability in the Settings module. I ...)
+ TODO: check
+CVE-2024-42030 (Access permission verification vulnerability in the content sharing po ...)
+ TODO: check
+CVE-2024-42001 (An improper authentication vulnerability affecting Vonets ind ...)
+ TODO: check
+CVE-2024-41942 (JupyterHub is software that allows one to create a multi-user server f ...)
+ TODO: check
+CVE-2024-41936 (A directory traversal vulnerability affecting Vonets industrial wifi b ...)
+ TODO: check
+CVE-2024-41238 (A SQL injection vulnerability in /smsa/student_login.php in Kashipara ...)
+ TODO: check
+CVE-2024-41161 (Use of hard-coded credentials vulnerability affecting Vonets industria ...)
+ TODO: check
+CVE-2024-40488 (A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kas ...)
+ TODO: check
+CVE-2024-40487 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_ ...)
+ TODO: check
+CVE-2024-40486 (A SQL injection vulnerability in "/index.php" of Kashipara Live Member ...)
+ TODO: check
+CVE-2024-40484 (A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oa ...)
+ TODO: check
+CVE-2024-40482 (An Unrestricted file upload vulnerability was found in "/Membership/ed ...)
+ TODO: check
+CVE-2024-40481 (A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin ...)
+ TODO: check
+CVE-2024-40477 (A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in ...)
+ TODO: check
+CVE-2024-40476 (A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceC ...)
+ TODO: check
+CVE-2024-40475 (SourceCodester Best House Rental Management System v1.0 is vulnerable ...)
+ TODO: check
+CVE-2024-3958 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
+CVE-2024-3659 (Firmware in KAONAR2140 routers prior to version 4.2.16 is vulnerable t ...)
+ TODO: check
+CVE-2024-3114 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-3035 (A permission check vulnerability in GitLab CE/EE affecting all version ...)
+ TODO: check
+CVE-2024-39815 (Improper check or handling of exceptional conditions vulnerability af ...)
+ TODO: check
+CVE-2024-39791 (Stack-based buffer overflow vulnerabilities affecting Vonets in ...)
+ TODO: check
+CVE-2024-39287 (Dorsett Controls Central Server update server has potential informatio ...)
+ TODO: check
+CVE-2024-37382 (An issue discovered in import host feature in Ab Initio Metadata Hub a ...)
+ TODO: check
+CVE-2024-37023 (Multiple OS command injection vulnerabilities affecting Vonets indu ...)
+ TODO: check
+CVE-2024-2800 (ReDoS flaw in RefMatcher when matching branch names using wildcards in ...)
+ TODO: check
+CVE-2024-29082 (Improper access control vulnerability affecting Vonets industrial wi ...)
+ TODO: check
+CVE-2024-0108 (NVIDIA Jetson Linux contains a vulnerability in NvGPU where error hand ...)
+ TODO: check
+CVE-2024-0107 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ TODO: check
+CVE-2024-0104 (NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a v ...)
+ TODO: check
+CVE-2024-0101 (NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a v ...)
+ TODO: check
+CVE-2023-7265 (Permission verification vulnerability in the lock screen module Impact ...)
+ TODO: check
+CVE-2023-40261 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 ...)
+ TODO: check
+CVE-2023-33206 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 ...)
+ TODO: check
+CVE-2024-7348 (Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in Postgr ...)
- postgresql-16 16.4-1
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
NOTE: https://www.postgresql.org/support/security/CVE-2024-7348/
-CVE-2024-42257 [ext4: use memtostr_pad() for s_volume_name]
+CVE-2024-42257 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/be27cd64461c45a6088a91a04eba5cd44e1767ef (6.11-rc1)
-CVE-2024-42256 [cifs: Fix server re-repick on subrequest retry]
+CVE-2024-42256 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/de40579b903883274fe203865f29d66b168b7236 (6.11-rc1)
-CVE-2024-42255 [tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()]
+CVE-2024-42255 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7dc357d343f134bf59815ff6098b93503ec8a23b (6.11-rc1)
-CVE-2024-42254 [io_uring: fix error pbuf checking]
+CVE-2024-42254 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bcc87d978b834c298bbdd9c52454c5d0a946e97e (6.11-rc1)
-CVE-2024-42253 [gpio: pca953x: fix pca953x_irq_bus_sync_unlock race]
+CVE-2024-42253 (In the Linux kernel, the following vulnerability has been resolved: g ...)
- linux 6.9.11-1
NOTE: https://git.kernel.org/linus/bfc6444b57dc7186b6acc964705d7516cbaf3904 (6.10-rc6)
-CVE-2024-42252 [closures: Change BUG_ON() to WARN_ON()]
+CVE-2024-42252 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.9.11-1
NOTE: https://git.kernel.org/linus/339b84ab6b1d66900c27bd999271cb2ae40ce812 (6.10-rc5)
-CVE-2024-42251 [mm: page_ref: remove folio_try_get_rcu()]
+CVE-2024-42251 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.9.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -562,7 +686,7 @@ CVE-2024-7530 (Incorrect garbage collection interaction could have led to a use-
- firefox 129.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7530
CVE-2024-7529 (The date picker could partially obscure security prompts. This could b ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -573,7 +697,7 @@ CVE-2024-7528 (Incorrect garbage collection interaction in IndexedDB could have
- firefox 129.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7528
CVE-2024-7527 (Unexpected marking work at the start of sweeping could have led to a u ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -581,7 +705,7 @@ CVE-2024-7527 (Unexpected marking work at the start of sweeping could have led t
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7527
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7527
CVE-2024-7526 (ANGLE failed to initialize parameters which led to reading from uninit ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -589,7 +713,7 @@ CVE-2024-7526 (ANGLE failed to initialize parameters which led to reading from u
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7526
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7526
CVE-2024-7525 (It was possible for a web extension with minimal permissions to create ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -606,7 +730,7 @@ CVE-2024-7523 (A select option could partially obscure security prompts. This co
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7523
CVE-2024-7522 (Editor code failed to check an attribute value. This could have led to ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -614,7 +738,7 @@ CVE-2024-7522 (Editor code failed to check an attribute value. This could have l
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7522
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/#CVE-2024-7522
CVE-2024-7521 (Incomplete WebAssembly exception handing could have led to a use-after ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -625,7 +749,7 @@ CVE-2024-7520 (A type confusion bug in WebAssembly could be leveraged by an atta
- firefox 129.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7520
CVE-2024-7519 (Insufficient checks when processing graphics shared memory could have ...)
- {DSA-5740-1}
+ {DSA-5744-1 DSA-5740-1}
- firefox 129.0-1
- firefox-esr 115.14.0esr-1
- thunderbird 1:128.1.0esr-1
@@ -923,13 +1047,16 @@ CVE-2024-6472 (Certificate Validation user interface in LibreOffice allows poten
NOTE: https://github.com/LibreOffice/core/commit/2587dbff640e2443f0800f9c1a865723500de1c5 (distro/mimo/7-0)
NOTE: https://github.com/LibreOffice/core/commit/b8c9ba427e23e45ef782d6a144f4415cae3c9b13 (distro/mimo/6-2)
CVE-2024-42010 (mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allo ...)
+ {DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE: https://github.com/roundcube/roundcubemail/commit/602d0f566eb39b6dcb739ad78323ec434a3b92ce
CVE-2024-42009 (A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1. ...)
+ {DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE: https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
NOTE: https://github.com/roundcube/roundcubemail/commit/68af7c864a36e1941764238dac440ab0d99a8d26
CVE-2024-42008 (A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() ...)
+ {DSA-5743-1}
- roundcube 1.6.8+dfsg-1 (bug #1077969)
NOTE: https://github.com/roundcube/roundcubemail/commit/89c8fe9ae9318c015807fbcbf7e39555fb30885d
NOTE: Regression/follow-up: https://github.com/roundcube/roundcubemail/commit/32fed15346e5b842042e5dd1001d6878225c5367
@@ -13349,7 +13476,7 @@ CVE-2024-0892 (The Schema App Structured Data plugin for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-0103 (NVIDIA Triton Inference Server for Linux contains a vulnerability wher ...)
NOT-FOR-US: NVIDIA
-CVE-2024-0102
+CVE-2024-0102 (NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdi ...)
- nvidia-cuda-toolkit <unfixed> (bug #1076164)
[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
@@ -25180,7 +25307,7 @@ CVE-2024-4765 (Web application manifests were stored by using an insecure MD5 ha
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765
CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which would al ...)
- {DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
+ {DSA-5742-1 DSA-5693-1 DSA-5691-1 DLA-3817-1 DLA-3815-1}
- firefox 126.0-1
- firefox-esr 115.11.0esr-1
- thunderbird 1:115.11.0-1
@@ -104510,8 +104637,8 @@ CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allo
- linux 6.1.20-2
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
-CVE-2023-28865
- RESERVED
+CVE-2023-28865 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 ...)
+ TODO: check
CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker to expl ...)
- chef <removed>
[buster] - chef <not-affected> (chef package does not include upstream chef-server)
@@ -119330,12 +119457,12 @@ CVE-2023-24066
RESERVED
CVE-2023-24065 (NOSH 4a5cfdb allows stored XSS via the create user page. For example, ...)
NOT-FOR-US: NOSH
-CVE-2023-24064
- RESERVED
-CVE-2023-24063
- RESERVED
-CVE-2023-24062
- RESERVED
+CVE-2023-24064 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to ...)
+ TODO: check
+CVE-2023-24063 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails t ...)
+ TODO: check
+CVE-2023-24062 (Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 ...)
+ TODO: check
CVE-2023-24061
RESERVED
CVE-2023-24060 (Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[u ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5da139a9d03b5dfbac63a3d7309f0fd873a7ee2f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5da139a9d03b5dfbac63a3d7309f0fd873a7ee2f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240808/e3dbb0c4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list