[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 2 21:12:36 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3fb3389b by security tracker role at 2024-07-02T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,183 @@
+CVE-2024-6452 (A vulnerability classified as critical was found in linlinjava litemal ...)
+ TODO: check
+CVE-2024-6441 (A vulnerability was found in ORIPA up to 1.72. It has been declared as ...)
+ TODO: check
+CVE-2024-6440 (A vulnerability was found in SourceCodester Home Owners Collection Man ...)
+ TODO: check
+CVE-2024-6439 (A vulnerability was found in SourceCodester Home Owners Collection Man ...)
+ TODO: check
+CVE-2024-6438 (A vulnerability has been found in Hitout Carsale 1.0 and classified as ...)
+ TODO: check
+CVE-2024-6382 (Incorrect handling of certain string inputs may result in MongoDB Rust ...)
+ TODO: check
+CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be susc ...)
+ TODO: check
+CVE-2024-6341
+ REJECTED
+CVE-2024-6264 (The Post Meta Data Manager plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-6099 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-6088 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-6012 (The Cost Calculator Builder plugin for WordPress is vulnerable to unau ...)
+ TODO: check
+CVE-2024-6011 (The Cost Calculator Builder plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-5866 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The ...)
+ TODO: check
+CVE-2024-5865 (Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The ...)
+ TODO: check
+CVE-2024-5260 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...)
+ TODO: check
+CVE-2024-4897 (parisneo/lollms-webui, in its latest version, is vulnerable to remote ...)
+ TODO: check
+CVE-2024-4836 (Web services managed by Edito CMS (Content Management System) in versi ...)
+ TODO: check
+CVE-2024-4467 (A flaw was found in the QEMU disk image utility (qemu-img) 'info' comm ...)
+ TODO: check
+CVE-2024-4268 (The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPres ...)
+ TODO: check
+CVE-2024-3826 (In versions of Akana in versions prior to and including 2022.1.3 valid ...)
+ TODO: check
+CVE-2024-39894 (OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks aga ...)
+ TODO: check
+CVE-2024-39891 (In the Twilio Authy API, accessed by Authy Android before 25.1.0 and A ...)
+ TODO: check
+CVE-2024-39323 (aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Sta ...)
+ TODO: check
+CVE-2024-39316 (Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...)
+ TODO: check
+CVE-2024-39315 (Pomerium is an identity and context-aware access proxy. Prior to versi ...)
+ TODO: check
+CVE-2024-39206 (An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 all ...)
+ TODO: check
+CVE-2024-39143 (A stored cross-site scripting (XSS) vulnerability exists in ResidenceC ...)
+ TODO: check
+CVE-2024-39119 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+ TODO: check
+CVE-2024-38857 (Improper neutralization of input in Checkmk before versions 2.3.0p8, 2 ...)
+ TODO: check
+CVE-2024-38537 (Fides is an open-source privacy engineering platform. `fides.js`, a cl ...)
+ TODO: check
+CVE-2024-38519 (`yt-dlp` is a command-line audio/video downloader. Prior to version 20 ...)
+ TODO: check
+CVE-2024-37185 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
+ TODO: check
+CVE-2024-37077 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
+ TODO: check
+CVE-2024-37030 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
+ TODO: check
+CVE-2024-36404 (GeoTools is an open source Java library that provides tools for geospa ...)
+ TODO: check
+CVE-2024-36278 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-36260 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
+ TODO: check
+CVE-2024-36243 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbit ...)
+ TODO: check
+CVE-2024-34601 (Improper verification of intent by broadcast receiver vulnerability in ...)
+ TODO: check
+CVE-2024-34600 (Improper verification of intent by broadcast receiver vulnerability in ...)
+ TODO: check
+CVE-2024-34599 (Improper input validation in Tips prior to version 6.2.9.4 in Android ...)
+ TODO: check
+CVE-2024-34597 (Improper input validation in Samsung Health prior to version 6.27.0.11 ...)
+ TODO: check
+CVE-2024-34596 (Improper authentication in SmartThings prior to version 1.8.17 allows ...)
+ TODO: check
+CVE-2024-34595 (Improper access control in clickAdapterItem of SystemUI prior to SMR J ...)
+ TODO: check
+CVE-2024-34594 (Exposure of sensitive information in proc file system prior to SMR Jul ...)
+ TODO: check
+CVE-2024-34593 (Improper input validation in parsing and distributing RTCP packet in l ...)
+ TODO: check
+CVE-2024-34592 (Improper input validation in parsing RTCP SDES packet in librtp.so pri ...)
+ TODO: check
+CVE-2024-34591 (Improper input validation in parsing an item data from RTCP SDES packe ...)
+ TODO: check
+CVE-2024-34590 (Improper input validation\ud63bin parsing an item type from RTCP SDES ...)
+ TODO: check
+CVE-2024-34589 (Improper input validation in parsing RTCP RR packet in librtp.so prior ...)
+ TODO: check
+CVE-2024-34588 (Improper input validation\ud63bin parsing RTCP SR packet in librtp.so ...)
+ TODO: check
+CVE-2024-34587 (Improper input validation in parsing application information from RTCP ...)
+ TODO: check
+CVE-2024-34586 (Improper access control in KnoxCustomManagerService prior to SMR Jul-2 ...)
+ TODO: check
+CVE-2024-34585 (Improper access control in launchApp of SystemUI prior to SMR Jul-2024 ...)
+ TODO: check
+CVE-2024-34584 (Improper privilege management in SumeNNService prior to SMR Jul-2024 R ...)
+ TODO: check
+CVE-2024-34583 (Improper access control in system property prior to SMR Jul-2024 Relea ...)
+ TODO: check
+CVE-2024-34122 (Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an ...)
+ TODO: check
+CVE-2024-32932 (Under certain circumstances the web interface users credentials may be ...)
+ TODO: check
+CVE-2024-32757 (Under certain circumstances unnecessary user details are provided with ...)
+ TODO: check
+CVE-2024-32756 (Under certain circumstances the Linux users credentials may be recover ...)
+ TODO: check
+CVE-2024-32755 (Under certain circumstances the web interface will accept characters u ...)
+ TODO: check
+CVE-2024-31071 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-26314 (Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 ...)
+ TODO: check
+CVE-2024-25088 (Improper privilege management in Jungo WinDriver before 12.5.1 allows ...)
+ TODO: check
+CVE-2024-25087 (Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 ...)
+ TODO: check
+CVE-2024-25086 (Improper privilege management in Jungo WinDriver before 12.2.0 allows ...)
+ TODO: check
+CVE-2024-22106 (Improper privilege management in Jungo WinDriver before 12.5.1 allows ...)
+ TODO: check
+CVE-2024-22105 (Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 ...)
+ TODO: check
+CVE-2024-22104 (Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 all ...)
+ TODO: check
+CVE-2024-22103 (Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 all ...)
+ TODO: check
+CVE-2024-22102 (Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 ...)
+ TODO: check
+CVE-2024-20901 (Improper input validation in copying data to buffer cache in libsaped ...)
+ TODO: check
+CVE-2024-20900 (Improper authentication in MTP application prior to SMR Jul-2024 Relea ...)
+ TODO: check
+CVE-2024-20899 (Use of implicit intent for sensitive communication in RCS function in ...)
+ TODO: check
+CVE-2024-20898 (Use of implicit intent for sensitive communication in SoftphoneClient ...)
+ TODO: check
+CVE-2024-20897 (Use of implicit intent for sensitive communication in FCM function in ...)
+ TODO: check
+CVE-2024-20896 (Use of implicit intent for sensitive communication in Configuration me ...)
+ TODO: check
+CVE-2024-20895 (Improper access control in Dar service prior to SMR Jul-2024 Release 1 ...)
+ TODO: check
+CVE-2024-20894 (Improper handling of exceptional conditions in Secure Folder prior to ...)
+ TODO: check
+CVE-2024-20893 (Improper input validation in libmediaextractorservice.so prior to SMR ...)
+ TODO: check
+CVE-2024-20892 (Improper verification of signature in FilterProvider prior to SMR Jul- ...)
+ TODO: check
+CVE-2024-20891 (Improper access control in launchFullscreenIntent of SystemUI prior to ...)
+ TODO: check
+CVE-2024-20890 (Improper input validation in BLE prior to SMR Jul-2024 Release 1 allow ...)
+ TODO: check
+CVE-2024-20889 (Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows ...)
+ TODO: check
+CVE-2024-20888 (Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 a ...)
+ TODO: check
+CVE-2023-51778 (Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 all ...)
+ TODO: check
+CVE-2023-51777 (Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 ...)
+ TODO: check
+CVE-2023-51776 (Improper privilege management in Jungo WinDriver before 12.1.0 allows ...)
+ TODO: check
+CVE-2023-39324
+ REJECTED
CVE-2024-32498 [OSSA-2024-001: Arbitrary file access through custom QCOW2 external data]
- cinder <unfixed> (bug #1074763)
- glance 2:28.0.1-3+deb12u1 (bug #1074761)
@@ -1267,7 +1447,8 @@ CVE-2024-39371 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5fc16fa5f13b3c06fdb959ef262050bd810416a2 (6.10-rc3)
-CVE-2024-39362 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+CVE-2024-39362
+ REJECTED
- linux 6.9.7-1
NOTE: https://git.kernel.org/linus/3f858bbf04dbac934ac279aaee05d49eb9910051 (6.10-rc1)
CVE-2024-39301 (In the Linux kernel, the following vulnerability has been resolved: n ...)
@@ -1963,7 +2144,8 @@ CVE-2024-38621 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.9.7-1
[bookworm] - linux 6.1.94-1
NOTE: https://git.kernel.org/linus/faa4364bef2ec0060de381ff028d1d836600a381 (6.10-rc1)
-CVE-2024-38391 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+CVE-2024-38391
+ REJECTED
- linux 6.9.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -12333,7 +12515,8 @@ CVE-2021-47284 (In the Linux kernel, the following vulnerability has been resolv
- linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/9f6f852550d0e1b7735651228116ae9d300f69b3 (5.13-rc4)
-CVE-2021-47285 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+CVE-2021-47285
+ REJECTED
- linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/8ab78863e9eff11910e1ac8bcf478060c29b379e (5.13-rc4)
@@ -108989,8 +109172,8 @@ CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve may
NOTE: https://go-review.googlesource.com/c/go/+/471256
NOTE: https://github.com/golang/go/commit/602eeaab387f24a4b28c5eccbb50fa934f3bc3c4 (go1.20.2)
NOTE: https://github.com/golang/go/commit/639b67ed114151c0d786aa26e7faeab942400703 (go1.19.7)
-CVE-2023-24531
- RESERVED
+CVE-2023-24531 (Command go env is documented as outputting a shell script containing t ...)
+ TODO: check
CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput::read_t ...)
[experimental] - openimageio 2.4.9.0+dfsg-1
- openimageio 2.4.13.0+dfsg-1 (bug #1034150)
@@ -137424,7 +137607,7 @@ CVE-2022-38091
CVE-2022-3429 (A denial-of-service vulnerability was found in the firmware used in Le ...)
NOT-FOR-US: Lenovo
CVE-2022-3428
- RESERVED
+ REJECTED
CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request ...)
NOT-FOR-US: Corner Ad plugin for WordPress
CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not saniti ...)
@@ -139508,17 +139691,17 @@ CVE-2022-41732 (IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain c
CVE-2022-41731 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2022-41730
- RESERVED
+ REJECTED
CVE-2022-41729
- RESERVED
+ REJECTED
CVE-2022-41728
- RESERVED
+ REJECTED
CVE-2022-41727 (An attacker can craft a malformed TIFF image which will consume a sign ...)
- golang-golang-x-image 0.5.0-1
[bullseye] - golang-golang-x-image <no-dsa> (Minor issue)
[buster] - golang-golang-x-image <postponed> (Limited support, minor issue, DoS)
CVE-2022-41726
- RESERVED
+ REJECTED
CVE-2022-41725 (A denial of service is possible from excessive resource consumption in ...)
- golang-1.20 1.20.1-1
[experimental] - golang-1.19 1.19.6-1
@@ -139581,7 +139764,7 @@ CVE-2022-41720 (On Windows, restricted files can be accessed via os.DirFS and ht
CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial of se ...)
NOT-FOR-US: shamaton/msgpack
CVE-2022-41718
- RESERVED
+ REJECTED
CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server accepting ...)
- golang-1.19 1.19.4-1
- golang-1.18 1.18.9-1
@@ -165527,7 +165710,7 @@ CVE-2022-32193 (Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitiv
CVE-2022-32192 (Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Inform ...)
NOT-FOR-US: Couchbase Server
CVE-2022-32191
- RESERVED
+ REJECTED
CVE-2022-32190 (JoinPath and URL.JoinPath do not remove ../ path elements appended to ...)
- golang-1.19 1.19.1-1
- golang-1.18 <not-affected> (Vulnerable code introduced in 1.19)
@@ -165655,7 +165838,7 @@ CVE-2022-32148 (Improper exposure of client IP addresses in net/http before Go 1
NOTE: https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (go1.18.4)
NOTE: https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e (go1.17.12)
CVE-2022-32147
- RESERVED
+ REJECTED
CVE-2022-32146
RESERVED
CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active Workspace V5. ...)
@@ -170061,8 +170244,8 @@ CVE-2022-30638 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and
NOT-FOR-US: Adobe
CVE-2022-30637 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
NOT-FOR-US: Adobe
-CVE-2022-30636
- RESERVED
+CVE-2022-30636 (httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token ...)
+ TODO: check
CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.1 ...)
- golang-1.19 1.19~rc2-1
- golang-1.18 1.18.4-1
@@ -185323,14 +185506,14 @@ CVE-2022-25482
RESERVED
CVE-2022-25481 (ThinkPHP Framework v5.0.24 was discovered to be configured without the ...)
NOT-FOR-US: ThinkPHP Framework
-CVE-2022-25480
- RESERVED
-CVE-2022-25479
- RESERVED
-CVE-2022-25478
- RESERVED
-CVE-2022-25477
- RESERVED
+CVE-2022-25480 (Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sy ...)
+ TODO: check
+CVE-2022-25479 (Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sy ...)
+ TODO: check
+CVE-2022-25478 (Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sy ...)
+ TODO: check
+CVE-2022-25477 (Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sy ...)
+ TODO: check
CVE-2022-25476
RESERVED
CVE-2022-25475
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fb3389b1a083792594e44970dab5f2da94e51b2
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fb3389b1a083792594e44970dab5f2da94e51b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240702/8cd71364/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list