[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 10 09:11:59 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6bbc9a94 by security tracker role at 2024-07-10T08:11:43+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,26 +1,210 @@
-CVE-2024-39493 [crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak]
+CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...)
+	TODO: check
+CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device via Telne ...)
+	TODO: check
+CVE-2024-6421 (An unauthenticated remote attacker can read out sensitive device infor ...)
+	TODO: check
+CVE-2024-6411 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+	TODO: check
+CVE-2024-6410 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+	TODO: check
+CVE-2024-5792 (The Houzez CRM plugin for WordPress is vulnerable to time-based SQL In ...)
+	TODO: check
+CVE-2024-5677 (The Featured Image Generator plugin for WordPress is vulnerable to una ...)
+	TODO: check
+CVE-2024-5664 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...)
+	TODO: check
+CVE-2024-4866 (The UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom ...)
+	TODO: check
+CVE-2024-39927 (Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. I ...)
+	TODO: check
+CVE-2024-39901 (OpenSearch Observability is collection of plugins and applications tha ...)
+	TODO: check
+CVE-2024-39900 (OpenSearch Dashboards Reports allows \u2018Report Owner\u2019 export a ...)
+	TODO: check
+CVE-2024-39886 (TONE store App version 3.4.2 and earlier contains an issue with unprot ...)
+	TODO: check
+CVE-2024-39883 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of  ...)
+	TODO: check
+CVE-2024-39882 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied  ...)
+	TODO: check
+CVE-2024-39881 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied  ...)
+	TODO: check
+CVE-2024-39880 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of  ...)
+	TODO: check
+CVE-2024-39614 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
+	TODO: check
+CVE-2024-39330 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
+	TODO: check
+CVE-2024-39329 (An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...)
+	TODO: check
+CVE-2024-39181 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered ...)
+	TODO: check
+CVE-2024-39072 (AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnera ...)
+	TODO: check
+CVE-2024-39071 (Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_eve ...)
+	TODO: check
+CVE-2024-39069 (An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows ...)
+	TODO: check
+CVE-2024-39031 (In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a ...)
+	TODO: check
+CVE-2024-38963 (Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the ...)
+	TODO: check
+CVE-2024-38959 (Cross Site Scripting vulnerability in Creativeitem Academy LMS Learnin ...)
+	TODO: check
+CVE-2024-38875 (An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0 ...)
+	TODO: check
+CVE-2024-38301 (Dell Alienware Command Center, version 5.7.3.0 and prior, contains an  ...)
+	TODO: check
+CVE-2024-37865 (An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allo ...)
+	TODO: check
+CVE-2024-37829 (An issue in Outline <= v0.76.1 allows attackers to execute a session h ...)
+	TODO: check
+CVE-2024-36676 (Incorrect access control in BookStack before v24.05.1 allows attackers ...)
+	TODO: check
+CVE-2024-36453 (Cross-site scripting vulnerability exists in session_login.cgi of Webm ...)
+	TODO: check
+CVE-2024-36452 (Cross-site request forgery vulnerability exists in ajaxterm module of  ...)
+	TODO: check
+CVE-2024-36451 (Improper handling of insufficient permissions or privileges vulnerabil ...)
+	TODO: check
+CVE-2024-36450 (Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin ver ...)
+	TODO: check
+CVE-2024-35154 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote auth ...)
+	TODO: check
+CVE-2024-34726 (In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code e ...)
+	TODO: check
+CVE-2024-34725 (In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arb ...)
+	TODO: check
+CVE-2024-34724 (In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code  ...)
+	TODO: check
+CVE-2024-34723 (In onTransact of ParcelableListBinder.java , there is a possible way t ...)
+	TODO: check
+CVE-2024-34722 (In smp_proc_rand of smp_act.cc, there is a possible authentication byp ...)
+	TODO: check
+CVE-2024-34721 (In ensureFileColumns of MediaProvider.java, there is a possible disclo ...)
+	TODO: check
+CVE-2024-34720 (In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of ...)
+	TODO: check
+CVE-2024-32670 (Exposure of Sensitive Information to an Unauthorized Actor in Samsung  ...)
+	TODO: check
+CVE-2024-31339 (In multiple functions of StatsService.cpp, there is a possible memory  ...)
+	TODO: check
+CVE-2024-31335 (In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible a ...)
+	TODO: check
+CVE-2024-31334 (In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possi ...)
+	TODO: check
+CVE-2024-31332 (In multiple locations, there is a possible way to bypass a restriction ...)
+	TODO: check
+CVE-2024-31331 (In setMimeGroup of PackageManagerService.java, there is a possible way ...)
+	TODO: check
+CVE-2024-31327 (In multiple functions of MessageQueueBase.h, there is a possible out o ...)
+	TODO: check
+CVE-2024-31326 (In multiple locations, there is a possible way in which policy migrati ...)
+	TODO: check
+CVE-2024-31325 (In multiple locations, there is a possible way to reveal images across ...)
+	TODO: check
+CVE-2024-31324 (In hide of WindowState.java, there is a possible way to bypass tapjack ...)
+	TODO: check
+CVE-2024-31323 (In onCreate of multiple files, there is a possible way to trick the us ...)
+	TODO: check
+CVE-2024-31322 (In updateServicesLocked of AccessibilityManagerService.java, there is  ...)
+	TODO: check
+CVE-2024-31320 (In setSkipPrompt of AssociationRequest.java , there is a possible way  ...)
+	TODO: check
+CVE-2024-31319 (In updateNotificationChannelFromPrivilegedListener of NotificationMana ...)
+	TODO: check
+CVE-2024-31318 (In CompanionDeviceManagerService.java, there is a possible way to pair ...)
+	TODO: check
+CVE-2024-31317 (In multiple functions of ZygoteProcess.java, there is a possible way t ...)
+	TODO: check
+CVE-2024-31316 (In onResult of AccountManagerService.java, there is a possible way to  ...)
+	TODO: check
+CVE-2024-31315 (In multiple functions of ManagedServices.java, there is a possible way ...)
+	TODO: check
+CVE-2024-31314 (In multiple functions of ShortcutService.java, there is a possible per ...)
+	TODO: check
+CVE-2024-31313 (In availableToWriteBytes of MessageQueueBase.h, there is a possible ou ...)
+	TODO: check
+CVE-2024-31312 (In multiple locations, there is a possible information leak due to a m ...)
+	TODO: check
+CVE-2024-31311 (In increment_annotation_count of stats_event.c, there is a possible ou ...)
+	TODO: check
+CVE-2024-31310 (In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a ...)
+	TODO: check
+CVE-2024-27386 (A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind ...)
+	TODO: check
+CVE-2024-27385 (A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind ...)
+	TODO: check
+CVE-2024-25023 (IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar S ...)
+	TODO: check
+CVE-2024-23711 (In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible ...)
+	TODO: check
+CVE-2024-23698 (In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitr ...)
+	TODO: check
+CVE-2024-23697 (In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary c ...)
+	TODO: check
+CVE-2024-23696 (In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary cod ...)
+	TODO: check
+CVE-2024-23695 (In CacheOpPMRExec of cache_km.c, there is a possible out of bounds wri ...)
+	TODO: check
+CVE-2024-22477 (A cross-site scripting vulnerability exists in the admin console OIDC  ...)
+	TODO: check
+CVE-2024-22377 (The deploy directory in PingFederate runtime nodes is reachable to una ...)
+	TODO: check
+CVE-2024-21993 (SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability  ...)
+	TODO: check
+CVE-2024-21832 (A potential JSON injection attack vector exists in PingFederate REST A ...)
+	TODO: check
+CVE-2024-21526 (All versions of the package speaker are vulnerable to Denial of Servic ...)
+	TODO: check
+CVE-2024-21525 (All versions of the package node-twain are vulnerable to Improper Chec ...)
+	TODO: check
+CVE-2024-21524 (All versions of the package node-stringbuilder are vulnerable to Out-o ...)
+	TODO: check
+CVE-2024-21523 (All versions of the package images are vulnerable to Denial of Service ...)
+	TODO: check
+CVE-2024-21522 (All versions of the package audify are vulnerable to Improper Validati ...)
+	TODO: check
+CVE-2024-21521 (All versions of the package @discordjs/opus are vulnerable to Denial o ...)
+	TODO: check
+CVE-2024-21417 (Windows Text Services Framework Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-7062 (The Advanced File Manager Shortcodes plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2023-7061 (The Advanced File Manager Shortcodes plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2023-6813 (The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cro ...)
+	TODO: check
+CVE-2023-32472 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...)
+	TODO: check
+CVE-2023-32467 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...)
+	TODO: check
+CVE-2024-39493 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.9.7-1
 	[bookworm] - linux 6.1.94-1
 	NOTE: https://git.kernel.org/linus/d3b17c6d9dddc2db3670bc9be628b122416a3d26 (6.10-rc1)
-CVE-2024-39492 [mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown]
+CVE-2024-39492 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.9.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/747a69a119c469121385543f21c2d08562968ccc (6.10-rc1)
-CVE-2024-39491 [ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance]
+CVE-2024-39491 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
 	- linux 6.9.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d344873c4cbde249b7152d36a273bcc45864001e (6.10-rc1)
-CVE-2024-39490 [ipv6: sr: fix missing sk_buff release in seg6_input_core]
+CVE-2024-39490 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.9.7-1
 	[bookworm] - linux 6.1.94-1
 	NOTE: https://git.kernel.org/linus/5447f9708d9e4c17a647b16a9cb29e9e02820bd9 (6.10-rc1)
-CVE-2024-39489 [ipv6: sr: fix memleak in seg6_hmac_init_algo]
+CVE-2024-39489 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.9.7-1
 	[bookworm] - linux 6.1.94-1
 	NOTE: https://git.kernel.org/linus/efb9f4f19f8e37fde43dfecebc80292d179f56c6 (6.10-rc1)
-CVE-2024-39488 [arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY]
+CVE-2024-39488 (In the Linux kernel, the following vulnerability has been resolved:  a ...)
 	- linux 6.9.7-1
 	[bookworm] - linux 6.1.94-1
 	NOTE: https://git.kernel.org/linus/ffbf4fb9b5c12ff878a10ea17997147ea4ebea6f (6.10-rc1)
@@ -893,7 +1077,7 @@ CVE-2024-22062 (There is a permissions and access control vulnerability in ZXCLO
 CVE-2024-37372
 	- nodejs <not-affected> (Only affect Node.js on Windows)
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
-CVE-2024-22018
+CVE-2024-22018 (A vulnerability has been identified in Node.js, affecting users of the ...)
 	- nodejs 20.15.1+dfsg-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#fslstat-bypasses-permission-model-cve-2024-22018---low
 CVE-2024-36137
@@ -130375,7 +130559,7 @@ CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change
 	NOT-FOR-US: Android
 CVE-2023-21267 (In multiple functions of KeyguardViewMediator.java, there is a possibl ...)
 	NOT-FOR-US: Android
-CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java, there is a  ...)
+CVE-2023-21266 (In multiple functions of ActivityManagerService.java, there is a possi ...)
 	NOT-FOR-US: Android
 CVE-2023-21265 (In multiple locations, there are root CA certificates which need to be ...)
 	NOT-FOR-US: Android
@@ -130686,10 +130870,10 @@ CVE-2023-21116 (In verifyReplacingVersionCode of InstallPackageHelper.java, ther
 	NOT-FOR-US: Android
 CVE-2023-21115 (In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to do ...)
 	NOT-FOR-US: Android
-CVE-2023-21114
-	RESERVED
-CVE-2023-21113
-	RESERVED
+CVE-2023-21114 (In multiple locations, there is a possible permission bypass due to a  ...)
+	TODO: check
+CVE-2023-21113 (In multiple locations, there is a possible permission bypass due to a  ...)
+	TODO: check
 CVE-2023-21112 (In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bound ...)
 	NOT-FOR-US: Android
 CVE-2023-21111 (In several functions of PhoneAccountRegistrar.java, there is a possibl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bbc9a946d47a719e34ac0a871cd5e7168f03b70

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bbc9a946d47a719e34ac0a871cd5e7168f03b70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240710/055feeb2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list