[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 26 20:12:24 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7e3d089 by security tracker role at 2024-12-26T20:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2024-8994 (Some Honor products are affected by information leak vulnerability, su ...)
+ TODO: check
+CVE-2024-8993 (Some Honor products are affected by information leak vulnerability, su ...)
+ TODO: check
+CVE-2024-8992 (Some Honor products are affected by information leak vulnerability, su ...)
+ TODO: check
+CVE-2024-56433 (shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /et ...)
+ TODO: check
+CVE-2024-54907 (TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Exe ...)
+ TODO: check
+CVE-2024-51540 (Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vu ...)
+ TODO: check
+CVE-2024-47157 (Some Honor products are affected by incorrect privilege assignment vul ...)
+ TODO: check
+CVE-2024-47156 (Some Honor products are affected by information leak vulnerability, su ...)
+ TODO: check
+CVE-2024-47155 (Some Honor products are affected by information leak vulnerability, su ...)
+ TODO: check
+CVE-2024-47154 (Some Honor products are affected by information leak vulnerability, su ...)
+ TODO: check
+CVE-2024-47153 (Some Honor products are affected by information leak vulnerability, su ...)
+ TODO: check
+CVE-2024-47151 (Some Honor products are affected by file writing vulnerability, succes ...)
+ TODO: check
+CVE-2024-47150 (Some Honor products are affected by information leak vulnerability, su ...)
+ TODO: check
+CVE-2024-47149 (Some Honor products are affected by incorrect privilege assignment vul ...)
+ TODO: check
+CVE-2024-47148 (Some Honor products are affected by incorrect privilege assignment vul ...)
+ TODO: check
+CVE-2024-12964 (A vulnerability was found in 1000 Projects Daily College Class Work Re ...)
+ TODO: check
+CVE-2024-12963 (A vulnerability was found in code-projects Job Recruitment 1.0 and cla ...)
+ TODO: check
+CVE-2024-12962 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...)
+ TODO: check
+CVE-2024-12961 (A vulnerability, which was classified as critical, was found in 1000 P ...)
+ TODO: check
+CVE-2024-12960 (A vulnerability, which was classified as critical, has been found in 1 ...)
+ TODO: check
+CVE-2024-12959 (A vulnerability classified as critical was found in 1000 Projects Port ...)
+ TODO: check
+CVE-2024-12958 (A vulnerability classified as critical has been found in 1000 Projects ...)
+ TODO: check
+CVE-2024-12956 (A vulnerability was found in 1000 Projects Portfolio Management System ...)
+ TODO: check
+CVE-2024-12955 (A vulnerability has been found in PHPGurukul Blood Bank & Donor Manage ...)
+ TODO: check
+CVE-2024-12954 (A vulnerability, which was classified as critical, was found in 1000 P ...)
+ TODO: check
+CVE-2024-12953 (A vulnerability, which was classified as critical, has been found in 1 ...)
+ TODO: check
+CVE-2024-12952 (A vulnerability classified as critical was found in melMass comfy_mtb ...)
+ TODO: check
+CVE-2024-12951 (A vulnerability classified as critical has been found in 1000 Projects ...)
+ TODO: check
+CVE-2024-12950 (A vulnerability was found in code-projects Travel Management System 1. ...)
+ TODO: check
+CVE-2024-12949 (A vulnerability was found in code-projects Travel Management System 1. ...)
+ TODO: check
+CVE-2024-12948 (A vulnerability was found in code-projects Travel Management System 1. ...)
+ TODO: check
+CVE-2024-12947 (A vulnerability was found in Codezips Hospital Management System 1.0 a ...)
+ TODO: check
+CVE-2024-12946 (A vulnerability, which was classified as critical, has been found in 1 ...)
+ TODO: check
+CVE-2024-12945 (A vulnerability classified as critical was found in code-projects Simp ...)
+ TODO: check
+CVE-2024-12944 (A vulnerability was found in CodeAstro House Rental Management System ...)
+ TODO: check
+CVE-2024-12943 (A vulnerability was found in CodeAstro House Rental Management System ...)
+ TODO: check
+CVE-2024-12908 (Delinea addressed a reported case on Secret Server v11.7.31 (protocol ...)
+ TODO: check
+CVE-2023-7300 (Huawei Home Music System has a path traversal vulnerability. Successfu ...)
+ TODO: check
CVE-2024-12942 (A vulnerability was found in 1000 Projects Portfolio Management System ...)
NOT-FOR-US: 1000 Projects Portfolio Management System
CVE-2024-12941 (A vulnerability was found in CodeAstro Blood Donor Management System 1 ...)
@@ -1678,9 +1754,11 @@ CVE-2024-56082 (ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown b
CVE-2024-56074 (gitingest before 9996a06 mishandles symbolic links that point outside ...)
NOT-FOR-US: gitingest
CVE-2024-56073 (An issue was discovered in FastNetMon Community Edition through 1.2.7. ...)
+ {DSA-5837-1}
- fastnetmon 1.2.8-1 (bug #1090387)
NOTE: https://github.com/pavel-odintsov/fastnetmon/commit/a36718525e08ad0f2a809363001bf105efc5fe1c (v1.2.8)
CVE-2024-56072 (An issue was discovered in FastNetMon Community Edition through 1.2.7. ...)
+ {DSA-5837-1}
- fastnetmon 1.2.8-1 (bug #1090388)
NOTE: https://github.com/pavel-odintsov/fastnetmon/commit/5164a29603fff9dd445b7660a35090989f005000 (v1.2.8)
NOTE: https://github.com/pavel-odintsov/fastnetmon/commit/65c40ee92dd5bcad1ab52cbafa1afd62cf669e48 (v1.2.8)
@@ -11844,11 +11922,13 @@ CVE-2024-49369 (Icinga is a monitoring system which checks the availability of n
NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c (v2.12.11)
NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831 (v2.11.12)
CVE-2024-45819 (PVH guests have their ACPI tables constructed by the toolstack. The c ...)
+ {DSA-5836-1}
[experimental] - xen 4.19.1-1~exp1
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-464.html
CVE-2024-45818 (The hypervisor contains code to accelerate VGA memory accesses for HVM ...)
+ {DSA-5836-1}
[experimental] - xen 4.19.1-1~exp1
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -25060,6 +25140,7 @@ CVE-2024-42505 (Command injection vulnerabilities in the underlying CLI service
CVE-2024-38324 (IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd C ...)
NOT-FOR-US: IBM
CVE-2024-45817 (In x86's APIC (Advanced Programmable Interrupt Controller) architectur ...)
+ {DSA-5836-1}
[experimental] - xen 4.19.1-1~exp1
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -73609,7 +73690,7 @@ CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7.
CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2201 (A cross-privilege Spectre v2 vulnerability allows attackers to bypass ...)
- {DSA-5658-1}
+ {DSA-5836-1 DSA-5658-1}
- linux 6.8.9-1
[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen 4.19.1-1
@@ -73619,11 +73700,13 @@ CVE-2024-2201 (A cross-privilege Spectre v2 vulnerability allows attackers to by
NOTE: https://download.vusec.net/papers/inspectre_sec24.pdf
NOTE: https://xenbits.xen.org/xsa/advisory-456.html
CVE-2024-31146 (When multiple devices share resources and one of them is to be passed ...)
+ {DSA-5836-1}
[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-461.html
CVE-2024-31145 (Certain PCI devices in a system might be assigned Reserved Memory Regi ...)
+ {DSA-5836-1}
[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -73632,11 +73715,13 @@ CVE-2024-31144 [Xapi: Metadata injection attack against backup/restore functiona
- xen-api <removed>
NOTE: https://xenbits.xen.org/xsa/advisory-459.html
CVE-2024-31143 (An optional feature of PCI MSI called "Multiple Message" allows a devi ...)
+ {DSA-5836-1}
[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-458.html
CVE-2024-31142 (Because of a logical error in XSA-407 (Branch Type Confusion), the mit ...)
+ {DSA-5836-1}
[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -82144,7 +82229,7 @@ CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation Inte
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
CVE-2023-28746 (Information exposure through microarchitectural state after transient ...)
- {DSA-5681-1 DLA-3842-1 DLA-3808-1}
+ {DSA-5836-1 DSA-5681-1 DLA-3842-1 DLA-3808-1}
- intel-microcode 3.20240312.1 (bug #1066108)
[bookworm] - intel-microcode 3.20240312.1~deb12u1
[bullseye] - intel-microcode 3.20240312.1~deb11u1
@@ -82160,6 +82245,7 @@ CVE-2023-28746 (Information exposure through microarchitectural state after tran
NOTE: https://xenbits.xen.org/xsa/advisory-452.html
NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
CVE-2024-2193 (A Speculative Race Condition (SRC) vulnerability that impacts modern C ...)
+ {DSA-5836-1}
- linux <unfixed>
[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen 4.19.1-1
@@ -93739,12 +93825,14 @@ CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file
CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as ...)
NOT-FOR-US: CloudLinux CageFS
CVE-2023-46842 (Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit a ...)
+ {DSA-5836-1}
[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
- xen 4.19.1-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <not-affected> (Vulnerable code not present)
NOTE: https://xenbits.xen.org/xsa/advisory-454.html
CVE-2023-46841 (Recent x86 CPUs offer functionality named Control-flow Enforcement Tec ...)
+ {DSA-5836-1}
- xen 4.17.3+36-g54dacb5c02-1
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
[buster] - xen <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7e3d0898f0ca26d7648dffaf4594ce4b1783223
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7e3d0898f0ca26d7648dffaf4594ce4b1783223
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241226/f2f938b6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list