[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 26 20:12:24 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7e3d089 by security tracker role at 2024-12-26T20:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2024-8994 (Some Honor products are affected by information leak vulnerability, su ...)
+	TODO: check
+CVE-2024-8993 (Some Honor products are affected by information leak vulnerability, su ...)
+	TODO: check
+CVE-2024-8992 (Some Honor products are affected by information leak vulnerability, su ...)
+	TODO: check
+CVE-2024-56433 (shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /et ...)
+	TODO: check
+CVE-2024-54907 (TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Exe ...)
+	TODO: check
+CVE-2024-51540 (Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vu ...)
+	TODO: check
+CVE-2024-47157 (Some Honor products are affected by incorrect privilege assignment vul ...)
+	TODO: check
+CVE-2024-47156 (Some Honor products are affected by information leak vulnerability, su ...)
+	TODO: check
+CVE-2024-47155 (Some Honor products are affected by information leak vulnerability, su ...)
+	TODO: check
+CVE-2024-47154 (Some Honor products are affected by information leak vulnerability, su ...)
+	TODO: check
+CVE-2024-47153 (Some Honor products are affected by information leak vulnerability, su ...)
+	TODO: check
+CVE-2024-47151 (Some Honor products are affected by file writing vulnerability, succes ...)
+	TODO: check
+CVE-2024-47150 (Some Honor products are affected by information leak vulnerability, su ...)
+	TODO: check
+CVE-2024-47149 (Some Honor products are affected by incorrect privilege assignment vul ...)
+	TODO: check
+CVE-2024-47148 (Some Honor products are affected by incorrect privilege assignment vul ...)
+	TODO: check
+CVE-2024-12964 (A vulnerability was found in 1000 Projects Daily College Class Work Re ...)
+	TODO: check
+CVE-2024-12963 (A vulnerability was found in code-projects Job Recruitment 1.0 and cla ...)
+	TODO: check
+CVE-2024-12962 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...)
+	TODO: check
+CVE-2024-12961 (A vulnerability, which was classified as critical, was found in 1000 P ...)
+	TODO: check
+CVE-2024-12960 (A vulnerability, which was classified as critical, has been found in 1 ...)
+	TODO: check
+CVE-2024-12959 (A vulnerability classified as critical was found in 1000 Projects Port ...)
+	TODO: check
+CVE-2024-12958 (A vulnerability classified as critical has been found in 1000 Projects ...)
+	TODO: check
+CVE-2024-12956 (A vulnerability was found in 1000 Projects Portfolio Management System ...)
+	TODO: check
+CVE-2024-12955 (A vulnerability has been found in PHPGurukul Blood Bank & Donor Manage ...)
+	TODO: check
+CVE-2024-12954 (A vulnerability, which was classified as critical, was found in 1000 P ...)
+	TODO: check
+CVE-2024-12953 (A vulnerability, which was classified as critical, has been found in 1 ...)
+	TODO: check
+CVE-2024-12952 (A vulnerability classified as critical was found in melMass comfy_mtb  ...)
+	TODO: check
+CVE-2024-12951 (A vulnerability classified as critical has been found in 1000 Projects ...)
+	TODO: check
+CVE-2024-12950 (A vulnerability was found in code-projects Travel Management System 1. ...)
+	TODO: check
+CVE-2024-12949 (A vulnerability was found in code-projects Travel Management System 1. ...)
+	TODO: check
+CVE-2024-12948 (A vulnerability was found in code-projects Travel Management System 1. ...)
+	TODO: check
+CVE-2024-12947 (A vulnerability was found in Codezips Hospital Management System 1.0 a ...)
+	TODO: check
+CVE-2024-12946 (A vulnerability, which was classified as critical, has been found in 1 ...)
+	TODO: check
+CVE-2024-12945 (A vulnerability classified as critical was found in code-projects Simp ...)
+	TODO: check
+CVE-2024-12944 (A vulnerability was found in CodeAstro House Rental Management System  ...)
+	TODO: check
+CVE-2024-12943 (A vulnerability was found in CodeAstro House Rental Management System  ...)
+	TODO: check
+CVE-2024-12908 (Delinea addressed a reported case on Secret Server v11.7.31 (protocol  ...)
+	TODO: check
+CVE-2023-7300 (Huawei Home Music System has a path traversal vulnerability. Successfu ...)
+	TODO: check
 CVE-2024-12942 (A vulnerability was found in 1000 Projects Portfolio Management System ...)
 	NOT-FOR-US: 1000 Projects Portfolio Management System
 CVE-2024-12941 (A vulnerability was found in CodeAstro Blood Donor Management System 1 ...)
@@ -1678,9 +1754,11 @@ CVE-2024-56082 (ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown b
 CVE-2024-56074 (gitingest before 9996a06 mishandles symbolic links that point outside  ...)
 	NOT-FOR-US: gitingest
 CVE-2024-56073 (An issue was discovered in FastNetMon Community Edition through 1.2.7. ...)
+	{DSA-5837-1}
 	- fastnetmon 1.2.8-1 (bug #1090387)
 	NOTE: https://github.com/pavel-odintsov/fastnetmon/commit/a36718525e08ad0f2a809363001bf105efc5fe1c (v1.2.8)
 CVE-2024-56072 (An issue was discovered in FastNetMon Community Edition through 1.2.7. ...)
+	{DSA-5837-1}
 	- fastnetmon 1.2.8-1 (bug #1090388)
 	NOTE: https://github.com/pavel-odintsov/fastnetmon/commit/5164a29603fff9dd445b7660a35090989f005000 (v1.2.8)
 	NOTE: https://github.com/pavel-odintsov/fastnetmon/commit/65c40ee92dd5bcad1ab52cbafa1afd62cf669e48 (v1.2.8)
@@ -11844,11 +11922,13 @@ CVE-2024-49369 (Icinga is a monitoring system which checks the availability of n
 	NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c (v2.12.11)
 	NOTE: Fixed by: https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831 (v2.11.12)
 CVE-2024-45819 (PVH guests have their ACPI tables constructed by the toolstack.  The c ...)
+	{DSA-5836-1}
 	[experimental] - xen 4.19.1-1~exp1
 	- xen 4.19.1-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-464.html
 CVE-2024-45818 (The hypervisor contains code to accelerate VGA memory accesses for HVM ...)
+	{DSA-5836-1}
 	[experimental] - xen 4.19.1-1~exp1
 	- xen 4.19.1-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -25060,6 +25140,7 @@ CVE-2024-42505 (Command injection vulnerabilities in the underlying CLI service
 CVE-2024-38324 (IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd C ...)
 	NOT-FOR-US: IBM
 CVE-2024-45817 (In x86's APIC (Advanced Programmable Interrupt Controller) architectur ...)
+	{DSA-5836-1}
 	[experimental] - xen 4.19.1-1~exp1
 	- xen 4.19.1-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -73609,7 +73690,7 @@ CVE-2023-41677 (A insufficiently protected credentials in Fortinet FortiProxy 7.
 CVE-2022-4965 (The Invitation Code Content Restriction Plugin from CreativeMinds plug ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2201 (A cross-privilege Spectre v2 vulnerability allows attackers to bypass  ...)
-	{DSA-5658-1}
+	{DSA-5836-1 DSA-5658-1}
 	- linux 6.8.9-1
 	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen 4.19.1-1
@@ -73619,11 +73700,13 @@ CVE-2024-2201 (A cross-privilege Spectre v2 vulnerability allows attackers to by
 	NOTE: https://download.vusec.net/papers/inspectre_sec24.pdf
 	NOTE: https://xenbits.xen.org/xsa/advisory-456.html
 CVE-2024-31146 (When multiple devices share resources and one of them is to be passed  ...)
+	{DSA-5836-1}
 	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen 4.19.1-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-461.html
 CVE-2024-31145 (Certain PCI devices in a system might be assigned Reserved Memory Regi ...)
+	{DSA-5836-1}
 	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen 4.19.1-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -73632,11 +73715,13 @@ CVE-2024-31144 [Xapi: Metadata injection attack against backup/restore functiona
 	- xen-api <removed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-459.html
 CVE-2024-31143 (An optional feature of PCI MSI called "Multiple Message" allows a devi ...)
+	{DSA-5836-1}
 	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen 4.19.1-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-458.html
 CVE-2024-31142 (Because of a logical error in XSA-407 (Branch Type Confusion), the mit ...)
+	{DSA-5836-1}
 	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen 4.19.1-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -82144,7 +82229,7 @@ CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation Inte
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-28746 (Information exposure through microarchitectural state after transient  ...)
-	{DSA-5681-1 DLA-3842-1 DLA-3808-1}
+	{DSA-5836-1 DSA-5681-1 DLA-3842-1 DLA-3808-1}
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode 3.20240312.1~deb12u1
 	[bullseye] - intel-microcode 3.20240312.1~deb11u1
@@ -82160,6 +82245,7 @@ CVE-2023-28746 (Information exposure through microarchitectural state after tran
 	NOTE: https://xenbits.xen.org/xsa/advisory-452.html
 	NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
 CVE-2024-2193 (A Speculative Race Condition (SRC) vulnerability that impacts modern C ...)
+	{DSA-5836-1}
 	- linux <unfixed>
 	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen 4.19.1-1
@@ -93739,12 +93825,14 @@ CVE-2020-36772 (CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file
 CVE-2020-36771 (CloudLinux CageFS 7.1.1-1 or below passes the authentication token as  ...)
 	NOT-FOR-US: CloudLinux CageFS
 CVE-2023-46842 (Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit a ...)
+	{DSA-5836-1}
 	[experimental] - xen 4.19.0+14-g0918434e0f-1~exp1
 	- xen 4.19.1-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	[buster] - xen <not-affected> (Vulnerable code not present)
 	NOTE: https://xenbits.xen.org/xsa/advisory-454.html
 CVE-2023-46841 (Recent x86 CPUs offer functionality named Control-flow Enforcement Tec ...)
+	{DSA-5836-1}
 	- xen 4.17.3+36-g54dacb5c02-1
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	[buster] - xen <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7e3d0898f0ca26d7648dffaf4594ce4b1783223

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7e3d0898f0ca26d7648dffaf4594ce4b1783223
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241226/f2f938b6/attachment.htm>


More information about the debian-security-tracker-commits mailing list