[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 4 20:12:34 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20c0b522 by security tracker role at 2024-12-04T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2024-8962 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-8894 (Out-of-bounds Writevulnerability was discovered in Open Design Allianc ...)
+ TODO: check
+CVE-2024-7488 (Improper Input Validation vulnerability in RestApp Inc. Online Orderin ...)
+ TODO: check
+CVE-2024-5020 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-54158 (In JetBrains YouTrack before 2024.3.52635 potential spoofing attack wa ...)
+ TODO: check
+CVE-2024-54157 (In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible ...)
+ TODO: check
+CVE-2024-54156 (In JetBrains YouTrack before 2024.3.52635 multiple merge functions wer ...)
+ TODO: check
+CVE-2024-54155 (In JetBrains YouTrack before 2024.3.51866 improper access control allo ...)
+ TODO: check
+CVE-2024-54154 (In JetBrains YouTrack before 2024.3.51866 system takeover was possible ...)
+ TODO: check
+CVE-2024-54153 (In JetBrains YouTrack before 2024.3.51866 unauthenticated database bac ...)
+ TODO: check
+CVE-2024-54134 (A publish-access account was compromised for `@solana/web3.js`, a Java ...)
+ TODO: check
+CVE-2024-54132 (The GitHub CLI is GitHub\u2019s official command line tool. A security ...)
+ TODO: check
+CVE-2024-54002 (Dependency-Track is a Component Analysis platform that allows organiza ...)
+ TODO: check
+CVE-2024-53614 (A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attac ...)
+ TODO: check
+CVE-2024-52676 (Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to ...)
+ TODO: check
+CVE-2024-52278
+ REJECTED
+CVE-2024-52277 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
+CVE-2024-52276 (** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation o ...)
+ TODO: check
+CVE-2024-52275 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
+ TODO: check
+CVE-2024-52274 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
+ TODO: check
+CVE-2024-52273 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
+ TODO: check
+CVE-2024-52272 (Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology ...)
+ TODO: check
+CVE-2024-52269 (** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation o ...)
+ TODO: check
+CVE-2024-51465 (IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, ...)
+ TODO: check
+CVE-2024-48453 (An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to exe ...)
+ TODO: check
+CVE-2024-40745 (Reflected Cross site scripting vulnerability in Convert Forms componen ...)
+ TODO: check
+CVE-2024-40744 (Unrestricted file upload via security bypass in Convert Forms componen ...)
+ TODO: check
+CVE-2024-39163 (binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Re ...)
+ TODO: check
+CVE-2024-37575 (The Mister org.mistergroup.shouldianswer application 1.4.264 for Andro ...)
+ TODO: check
+CVE-2024-37574 (The GriceMobile com.grice.call application 4.5.2 for Android enables a ...)
+ TODO: check
+CVE-2024-20397 (A vulnerability in the bootloader of Cisco NX-OS Software could allow ...)
+ TODO: check
+CVE-2024-12196 (Incorrect authorization in the permission component in Devolutions Ser ...)
+ TODO: check
+CVE-2024-12151 (Incorrect permission assignment in the user migration feature in Devol ...)
+ TODO: check
+CVE-2024-12149 (Incorrect permission assignment in temporary access requests component ...)
+ TODO: check
+CVE-2024-12148 (Incorrect authorization in permission validation component in Devoluti ...)
+ TODO: check
+CVE-2024-12147 (A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has bee ...)
+ TODO: check
+CVE-2024-12138 (A vulnerability classified as critical was found in horilla up to 1.2. ...)
+ TODO: check
+CVE-2024-12107 (Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint I ...)
+ TODO: check
+CVE-2024-12056 (The Client secret is not checked when using the OAuth Password grant t ...)
+ TODO: check
+CVE-2024-11952 (The Classic Addons \u2013 WPBakery Page Builder plugin for WordPress i ...)
+ TODO: check
+CVE-2024-11935 (The Email Address Obfuscation plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-11880 (The B Testimonial \u2013 testimonial plugin for WP plugin for WordPres ...)
+ TODO: check
+CVE-2024-11854 (The Listdom \u2013 Business Directory and Classified Ads Listings Word ...)
+ TODO: check
+CVE-2024-11814 (The Additional Custom Order Status for WooCommerce plugin for WordPres ...)
+ TODO: check
+CVE-2024-11643 (The Accessibility by AllAccessible plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-10787 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-10576 (Infinix devices contain a pre-loaded "com.transsion.agingfunction" app ...)
+ TODO: check
+CVE-2024-10567 (The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unau ...)
+ TODO: check
CVE-2024-53908 [Potential SQL injection in HasKey(lhs, rhs) on Oracle]
- python-django 3:4.2.17-1
NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
@@ -6,70 +102,70 @@ CVE-2024-53907 [Potential denial-of-service in django.utils.html.strip_tags()]
- python-django 3:4.2.17-1
NOTE: https://www.djangoproject.com/weblog/2024/dec/04/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b (4.2.17)
-CVE-2024-53140 [netlink: terminate outstanding dump on socket close]
+CVE-2024-53140 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/1904fb9ebf911441f90a68e96b22aa73e4410505 (6.12)
-CVE-2024-53139 [sctp: fix possible UAF in sctp_v6_available()]
+CVE-2024-53139 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/eb72e7fcc83987d5d5595b43222f23b295d5de7f (6.12)
-CVE-2024-53138 [net/mlx5e: kTLS, Fix incorrect page refcounting]
+CVE-2024-53138 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/dd6e972cc5890d91d6749bb48e3912721c4e4b25 (6.12)
-CVE-2024-53137 [ARM: fix cacheflush with PAN]
+CVE-2024-53137 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ca29cfcc4a21083d671522ad384532e28a43f033 (6.12)
-CVE-2024-53136 [mm: revert "mm: shmem: fix data-race in shmem_getattr()"]
+CVE-2024-53136 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/d1aa0c04294e29883d65eac6c2f72fe95cc7c049 (6.12)
-CVE-2024-53135 [KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN]
+CVE-2024-53135 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/aa0d42cacf093a6fcca872edc954f6f812926a17 (6.12)
-CVE-2024-53134 [pmdomain: imx93-blk-ctrl: correct remove path]
+CVE-2024-53134 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 6.11.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f7c7c5aa556378a2c8da72c1f7f238b6648f95fb (6.12)
-CVE-2024-53133 [drm/amd/display: Handle dml allocation failure to avoid crash]
+CVE-2024-53133 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.10-1
NOTE: https://git.kernel.org/linus/6825cb07b79ffeb1d90ffaa7a1227462cdca34ae (6.12)
-CVE-2024-53132 [drm/xe/oa: Fix "Missing outer runtime PM protection" warning]
+CVE-2024-53132 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c0403e4ceecaefbeaf78263dffcd3e3f06a19f6b (6.12)
-CVE-2024-53131 [nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint]
+CVE-2024-53131 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471 (6.12)
-CVE-2024-53130 [nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint]
+CVE-2024-53130 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/2026559a6c4ce34db117d2db8f710fe2a9420d5a (6.12)
-CVE-2024-53129 [drm/rockchip: vop: Fix a dereferenced before check warning]
+CVE-2024-53129 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ab1c793f457f740ab7108cc0b1340a402dbf484d (6.12)
-CVE-2024-53128 [sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers]
+CVE-2024-53128 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.10-1
NOTE: https://git.kernel.org/linus/fd7b4f9f46d46acbc7af3a439bb0d869efdc5c58 (6.12)
-CVE-2024-53127 [Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"]
+CVE-2024-53127 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.11.10-1
[bookworm] - linux 6.1.119-1
NOTE: https://git.kernel.org/linus/1635e407a4a64d08a8517ac59ca14ad4fc785e75 (6.12)
-CVE-2024-53126 [vdpa: solidrun: Fix UB bug with devres]
+CVE-2024-53126 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.11.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0b364cf53b20204e92bac7c6ebd1ee7d3ec62931 (6.12)
-CVE-2024-53125 [bpf: sync_linked_regs() must preserve subreg_def]
+CVE-2024-53125 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
NOTE: https://git.kernel.org/linus/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 (6.12-rc4)
CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity vulnerability ...)
@@ -966,10 +1062,12 @@ CVE-2024-36618 (FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the liba
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857 (n7.0)
CVE-2024-36617 (FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF ...)
+ {DSA-5712-1}
- ffmpeg 7:7.0.1-3
NOTE: https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7 (n7.0)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/f0e780370cc1c437d64f10d326b1d656ef490b5f (n5.1.5)
CVE-2024-36616 (An integer overflow in the component /libavformat/westwood_vqa.c of FF ...)
+ {DSA-5712-1}
- ffmpeg 7:7.0.1-3
NOTE: https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661 (n7.0)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/a8beef67993aa267de87599007143d9f0ba67c23 (n5.1.5)
@@ -1001,6 +1099,7 @@ CVE-2024-35367 (FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8ds
[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 (n7.0)
CVE-2024-35366 (FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the par ...)
+ {DSA-5712-1}
- ffmpeg 7:7.0.1-3
NOTE: https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6 (n7.0)
NOTE: https://github.com/ffmpeg/ffmpeg/commit/4db0eb4653efad967ddcf71f564fd2f1169bafcb (n5.1.5)
@@ -415194,7 +415293,7 @@ CVE-2019-11883
RESERVED
CVE-2019-11882
RESERVED
-CVE-2019-11881 (A vulnerability exists in Rancher 2.1.4 in the login component, where ...)
+CVE-2019-11881 (A vulnerability exists in Rancher before 2.2.4 in the login component, ...)
NOT-FOR-US: Rancher
CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter. This is ...)
NOT-FOR-US: CommSy
@@ -476298,14 +476397,14 @@ CVE-2018-9397
RESERVED
CVE-2018-9396
RESERVED
-CVE-2018-9395
- RESERVED
-CVE-2018-9394
- RESERVED
-CVE-2018-9393
- RESERVED
-CVE-2018-9392
- RESERVED
+CVE-2018-9395 (In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor ...)
+ TODO: check
+CVE-2018-9394 (In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen ...)
+ TODO: check
+CVE-2018-9393 (In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/l ...)
+ TODO: check
+CVE-2018-9392 (In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps ...)
+ TODO: check
CVE-2018-9391
RESERVED
CVE-2018-9390
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20c0b52261bd0e7db6f913a5a47fd88930fc53db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20c0b52261bd0e7db6f913a5a47fd88930fc53db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241204/c6e381e5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list