[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 24 08:12:06 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3be2670 by security tracker role at 2024-02-24T08:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-27133 (Insufficient sanitization in MLflow leads to XSS when running a recipe ...)
+	TODO: check
+CVE-2024-27132 (Insufficient sanitization in MLflow leads to XSS when running an untru ...)
+	TODO: check
+CVE-2024-26192 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-26188 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
+CVE-2024-25730 (Hitron CODA-4582 and CODA-4589 devices have default PSKs that are gene ...)
+	TODO: check
+CVE-2024-25469 (SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before all ...)
+	TODO: check
+CVE-2024-24681 (Insecure AES key in Yealink Configuration Encrypt Tool below verrsion  ...)
+	TODO: check
+CVE-2024-24310 (In the module "Generate barcode on invoice / delivery slip" (ecgenerat ...)
+	TODO: check
+CVE-2024-24309 (In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 fro ...)
+	TODO: check
+CVE-2024-22988 (An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute ar ...)
+	TODO: check
+CVE-2024-22395 (Improper access control vulnerability has been identified in the SMA10 ...)
+	TODO: check
+CVE-2024-21502 (Versions of the package fastecdsa before 2.3.2 are vulnerable to Use o ...)
+	TODO: check
+CVE-2024-21501 (Versions of the package sanitize-html before 2.12.1 are vulnerable to  ...)
+	TODO: check
+CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
+	TODO: check
+CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for WordPress is  ...)
+	TODO: check
 CVE-2024-22371
 	NOT-FOR-US: Apache Camel
 CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...)
@@ -159826,11 +159856,11 @@ CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075
 CVE-2021-44457
-	RESERVED
+	REJECTED
 CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...)
 	NOT-FOR-US: Intel
 CVE-2021-43351
-	RESERVED
+	REJECTED
 CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
 	NOT-FOR-US: Crater
 CVE-2021-26946
@@ -160854,7 +160884,7 @@ CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi a
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075
 CVE-2021-37405
-	RESERVED
+	REJECTED
 CVE-2021-33847 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...)
 	NOT-FOR-US: Intel
 CVE-2021-26950 (Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) ...)
@@ -170087,7 +170117,7 @@ CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strl
 CVE-2021-3886
 	REJECTED
 CVE-2021-3885
-	RESERVED
+	REJECTED
 CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
 	{DSA-5009-1}
 	- tomcat9 9.0.54-1
@@ -171507,25 +171537,25 @@ CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an express
 CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...)
 	NOT-FOR-US: Telegram for Android
 CVE-2021-41860
-	RESERVED
+	REJECTED
 CVE-2021-41859
-	RESERVED
+	REJECTED
 CVE-2021-41858
-	RESERVED
+	REJECTED
 CVE-2021-41857
-	RESERVED
+	REJECTED
 CVE-2021-41856
-	RESERVED
+	REJECTED
 CVE-2021-41855
-	RESERVED
+	REJECTED
 CVE-2021-41854
-	RESERVED
+	REJECTED
 CVE-2021-41853
-	RESERVED
+	REJECTED
 CVE-2021-41852
-	RESERVED
+	REJECTED
 CVE-2021-41851
-	RESERVED
+	REJECTED
 CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site)
 	NOT-FOR-US: firefly-iii
 CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...)
@@ -193534,69 +193564,69 @@ CVE-2021-33169
 CVE-2021-33168
 	RESERVED
 CVE-2021-33167
-	RESERVED
+	REJECTED
 CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...)
 	NOT-FOR-US: Intel
 CVE-2021-33165
-	RESERVED
+	REJECTED
 CVE-2021-33164 (Improper access control in BIOS firmware for some Intel(R) NUCs before ...)
 	NOT-FOR-US: Intel
 CVE-2021-33163
-	RESERVED
+	REJECTED
 CVE-2021-33162
-	RESERVED
+	REJECTED
 CVE-2021-33161
-	RESERVED
+	REJECTED
 CVE-2021-33160
-	RESERVED
+	REJECTED
 CVE-2021-33159 (Improper authentication in subsystem for Intel(R) AMT before versions  ...)
 	NOT-FOR-US: Intel
 CVE-2021-33158
-	RESERVED
+	REJECTED
 CVE-2021-33157
-	RESERVED
+	REJECTED
 CVE-2021-33156
-	RESERVED
+	REJECTED
 CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...)
 	NOT-FOR-US: Intel
 CVE-2021-33154
-	RESERVED
+	REJECTED
 CVE-2021-33153
-	RESERVED
+	REJECTED
 CVE-2021-33152
-	RESERVED
+	REJECTED
 CVE-2021-33151
-	RESERVED
+	REJECTED
 CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime for some  ...)
 	NOT-FOR-US: Intel
 CVE-2021-33149 (Observable behavioral discrepancy in some Intel(R) Processors may allo ...)
 	NOT-FOR-US: Intel
 CVE-2021-33148
-	RESERVED
+	REJECTED
 CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
 	NOT-FOR-US: Intel
 CVE-2021-33146
-	RESERVED
+	REJECTED
 CVE-2021-33145
-	RESERVED
+	REJECTED
 CVE-2021-33144
-	RESERVED
+	REJECTED
 CVE-2021-33143
-	RESERVED
+	REJECTED
 CVE-2021-33142
-	RESERVED
+	REJECTED
 CVE-2021-33141
-	RESERVED
+	REJECTED
 CVE-2021-33140
-	RESERVED
+	REJECTED
 CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...)
 	NOT-FOR-US: Intel
 CVE-2021-33138
-	RESERVED
+	REJECTED
 CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...)
 	NOT-FOR-US: Intel
 CVE-2021-33136
-	RESERVED
+	REJECTED
 CVE-2021-33135 (Uncontrolled resource consumption in the Linux kernel drivers for Inte ...)
 	- linux 5.16.18-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -193605,13 +193635,13 @@ CVE-2021-33135 (Uncontrolled resource consumption in the Linux kernel drivers fo
 	NOTE: https://git.kernel.org/linus/08999b2489b4c9b939d7483dbd03702ee4576d96 (5.17-rc8)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html
 CVE-2021-33134
-	RESERVED
+	REJECTED
 CVE-2021-33133
-	RESERVED
+	REJECTED
 CVE-2021-33132
-	RESERVED
+	REJECTED
 CVE-2021-33131
-	RESERVED
+	REJECTED
 CVE-2021-33130 (Insecure default variable initialization of Intel(R) RealSense(TM) ID  ...)
 	NOT-FOR-US: Intel
 CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...)
@@ -193619,11 +193649,11 @@ CVE-2021-33129 (Incorrect default permissions in the software installer for the
 CVE-2021-33128 (Improper access control in the firmware for some Intel(R) E810 Etherne ...)
 	NOT-FOR-US: Intel
 CVE-2021-33127
-	RESERVED
+	REJECTED
 CVE-2021-33126 (Improper access control in the firmware for some Intel(R) 700 and 722  ...)
 	NOT-FOR-US: Intel
 CVE-2021-33125
-	RESERVED
+	REJECTED
 CVE-2021-33124 (Out-of-bounds write in the BIOS authenticated code module for some Int ...)
 	NOT-FOR-US: Intel
 CVE-2021-33123 (Improper access control in the BIOS authenticated code module for some ...)
@@ -193631,7 +193661,7 @@ CVE-2021-33123 (Improper access control in the BIOS authenticated code module fo
 CVE-2021-33122 (Insufficient control flow management in the BIOS firmware for some Int ...)
 	NOT-FOR-US: Intel
 CVE-2021-33121
-	RESERVED
+	REJECTED
 CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...)
 	- intel-microcode 3.20220207.1
 	[bullseye] - intel-microcode 3.20220207.1~deb11u1
@@ -193648,7 +193678,7 @@ CVE-2021-33117 (Improper access control for some 3rd Generation Intel(R) Xeon(R)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html
 	NOTE: Fixed via m_87_606a6_0d000331.inc: sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
 CVE-2021-33116
-	RESERVED
+	REJECTED
 CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...)
 	NOT-FOR-US: Intel
 CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
@@ -193656,13 +193686,13 @@ CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi
 CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
 	NOT-FOR-US: Intel
 CVE-2021-33112
-	RESERVED
+	REJECTED
 CVE-2021-33111
-	RESERVED
+	REJECTED
 CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
 	NOT-FOR-US: Intel
 CVE-2021-33109
-	RESERVED
+	REJECTED
 CVE-2021-33108 (Improper input validation in the Intel(R) In-Band Manageability softwa ...)
 	NOT-FOR-US: Intel
 CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R)  ...)
@@ -193676,13 +193706,13 @@ CVE-2021-33104 (Improper access control in the Intel(R) OFU software before vers
 CVE-2021-33103 (Unintended intermediary in the BIOS authenticated code module for some ...)
 	NOT-FOR-US: Intel
 CVE-2021-33102
-	RESERVED
+	REJECTED
 CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...)
 	NOT-FOR-US: Intel
 CVE-2021-33100
-	RESERVED
+	REJECTED
 CVE-2021-33099
-	RESERVED
+	REJECTED
 CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ...)
 	- linux 5.10.46-1
 	[buster] - linux 4.19.194-1
@@ -193713,9 +193743,9 @@ CVE-2021-33087 (Improper authentication in the installer for the Intel(R) NUC M1
 CVE-2021-33086 (Out-of-bounds write in firmware for some Intel(R) NUCs may allow an au ...)
 	NOT-FOR-US: Intel
 CVE-2021-33085
-	RESERVED
+	REJECTED
 CVE-2021-33084
-	RESERVED
+	REJECTED
 CVE-2021-33083 (Improper authentication in firmware for some Intel(R) SSD, Intel(R) Op ...)
 	NOT-FOR-US: Intel
 CVE-2021-33082 (Sensitive information in resource not removed before reuse in firmware ...)
@@ -193739,7 +193769,7 @@ CVE-2021-33074 (Protection mechanism failure in firmware for some Intel(R) SSD,
 CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution of Open ...)
 	NOT-FOR-US: Intel
 CVE-2021-33072
-	RESERVED
+	REJECTED
 CVE-2021-33071 (Incorrect default permissions in the installer for the Intel(R) oneAPI ...)
 	NOT-FOR-US: Intel
 CVE-2021-33070



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3be2670022a92d1b8508a13587589cc595a81e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3be2670022a92d1b8508a13587589cc595a81e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240224/c5410d80/attachment.htm>


More information about the debian-security-tracker-commits mailing list