[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4692c63d by security tracker role at 2024-06-24T20:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,69 +1,149 @@
-CVE-2024-39292 [um: Add winch to winch_handlers before registering winch IRQ]
+CVE-2024-6287 (Incorrect Calculation vulnerability in Renesas arm-trusted-firmware al ...)
+	TODO: check
+CVE-2024-6285 (Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-tr ...)
+	TODO: check
+CVE-2024-6160 (SQL Injection vulnerability in MegaBIP software allows attacker to dis ...)
+	TODO: check
+CVE-2024-6104 (go-retryablehttp prior to 0.7.7 did not sanitize urls when writing the ...)
+	TODO: check
+CVE-2024-5862 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+	TODO: check
+CVE-2024-5683 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2024-4839 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Serve ...)
+	TODO: check
+CVE-2024-4754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-4748 (The CRUDDIY project is vulnerable to shell command injection via sendi ...)
+	TODO: check
+CVE-2024-3264 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia  ...)
+	TODO: check
+CVE-2024-38373 (FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS ...)
+	TODO: check
+CVE-2024-38369 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2024-37825 (An issue in EnvisionWare Computer Access & Reservation Control SelfChe ...)
+	TODO: check
+CVE-2024-37732 (Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a rem ...)
+	TODO: check
+CVE-2024-37681 (An issue the background management system of Shanxi Internet Chuangxia ...)
+	TODO: check
+CVE-2024-37680 (Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is af ...)
+	TODO: check
+CVE-2024-37679 (Cross Site Scripting vulnerability in Hangzhou Meisoft Information Tec ...)
+	TODO: check
+CVE-2024-37678 (Cross Site Scripting vulnerability in Hangzhou Meisoft Information Tec ...)
+	TODO: check
+CVE-2024-37677 (An issue in Shenzhen Weitillage Industrial Co., Ltd the access managem ...)
+	TODO: check
+CVE-2024-37233 (Improper Authentication vulnerability in Play.Ht allows Accessing Func ...)
+	TODO: check
+CVE-2024-37231 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-37228 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2024-37111 (Missing Authorization vulnerability in Membership Software WishList Me ...)
+	TODO: check
+CVE-2024-37109 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2024-37107 (Improper Privilege Management vulnerability in Membership Software Wis ...)
+	TODO: check
+CVE-2024-37092 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-37091 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+	TODO: check
+CVE-2024-37089 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-36497 (The decrypted configuration file contains the password in cleartext  w ...)
+	TODO: check
+CVE-2024-36496 (The configuration file is encrypted with a static key derived from a   ...)
+	TODO: check
+CVE-2024-36495 (The application Faronics WINSelect (Standard + Enterprise)saves its co ...)
+	TODO: check
+CVE-2024-36038 (Zoho ManageEngine ITOM products versions from128234 to 128248 are affe ...)
+	TODO: check
+CVE-2024-34313 (An issue in VPL Jail System up to v4.0.2 allows attackers to execute a ...)
+	TODO: check
+CVE-2024-34312 (Virtual Programming Lab for Moodle up to v4.2.3 was discovered to cont ...)
+	TODO: check
+CVE-2024-33881 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...)
+	TODO: check
+CVE-2024-33880 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...)
+	TODO: check
+CVE-2024-33879 (An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5. ...)
+	TODO: check
+CVE-2024-33687 (Insufficient verification of data authenticity issue exists in NJ Seri ...)
+	TODO: check
+CVE-2024-33278 (Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware ve ...)
+	TODO: check
+CVE-2023-49793 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)
+	TODO: check
+CVE-2024-39292 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.94-1
 	NOTE: https://git.kernel.org/linus/a0fbbd36c156b9f7b2276871d499c9943dfe5101 (6.10-rc1)
-CVE-2024-39291 [drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()]
+CVE-2024-39291 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/acce6479e30f73ab0872e93a75aed1fb791d04ec (6.10-rc1)
-CVE-2024-38667 [riscv: prevent pt_regs corruption for secondary idle threads]
+CVE-2024-38667 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.94-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a638b0461b58aa3205cd9d5f14d6f703d795b4af (6.10-rc2)
-CVE-2024-38664 [drm: zynqmp_dpsub: Always register bridge]
+CVE-2024-38664 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/be3f3042391d061cfca2bd22630e0d101acea5fc (6.10-rc1)
-CVE-2024-38663 [blk-cgroup: fix list corruption from resetting io stat]
+CVE-2024-38663 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/6da6680632792709cecf2b006f2fe3ca7857e791 (6.10-rc1)
-CVE-2024-38384 [blk-cgroup: fix list corruption from reorder of WRITE ->lqueued]
+CVE-2024-38384 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d0aac2363549e12cc79b8e285f13d5a9f42fd08e (6.10-rc1)
-CVE-2024-37026 [drm/xe: Only use reserved BCS instances for usm migrate exec queue]
+CVE-2024-37026 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c8ea2c31f5ea437199b239d76ad5db27343edb0c (6.10-rc2)
-CVE-2024-37021 [fpga: manager: add owner module and take its refcount]
+CVE-2024-37021 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9 (6.10-rc1)
-CVE-2024-36479 [fpga: bridge: add owner module and take its refcount]
+CVE-2024-36479 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/1da11f822042eb6ef4b6064dc048f157a7852529 (6.10-rc1)
-CVE-2024-35247 [fpga: region: add owner module and take its refcount]
+CVE-2024-35247 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.94-1
 	NOTE: https://git.kernel.org/linus/b7c0e1ecee403a43abc89eb3e75672b01ff2ece9 (6.10-rc1)
-CVE-2024-34030 [PCI: of_property: Return error for int_map allocation failure]
+CVE-2024-34030 (In the Linux kernel, the following vulnerability has been resolved:  P ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e6f7d27df5d208b50cae817a91d128fb434bb12c (6.10-rc1)
-CVE-2024-34027 [f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock]
+CVE-2024-34027 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.94-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0a4ed2d97cb6d044196cc3e726b6699222b41019 (6.10-rc1)
-CVE-2024-33847 [f2fs: compress: don't allow unaligned truncation on released compress inode]
+CVE-2024-33847 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux <unfixed>
 	[bookworm] - linux 6.1.94-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/29ed2b5dd521ce7c5d8466cd70bf0cc9d07afeee (6.10-rc1)
-CVE-2024-32936 [media: ti: j721e-csi2rx: Fix races while restarting DMA]
+CVE-2024-32936 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -109,7 +189,7 @@ CVE-2024-24551 (A security vulnerability has been identified in Bludit, allowing
 	NOT-FOR-US: Bludit CMS
 CVE-2024-24550 (A security vulnerability has been identified in Bludit, allowing attac ...)
 	NOT-FOR-US: Bludit CMS
-CVE-2024-29868
+CVE-2024-29868 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vu ...)
 	NOT-FOR-US: Apache StreamPipes
 CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the atta ...)
 	- jspwiki <removed>
@@ -675,7 +755,7 @@ CVE-2024-37222 (Cross Site Scripting (XSS) vulnerability in Averta Master Slider
 	NOT-FOR-US: WordPress plugin
 CVE-2024-34693 (Improper Input Validation vulnerability in Apache Superset, allows for ...)
 	NOT-FOR-US: Apache Superset
-CVE-2024-33335 (SQL Injection vulnerability in H3C SeaSQL DWS v.2.0 allows a remote at ...)
+CVE-2024-33335 (SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0  ...)
 	NOT-FOR-US: H3C SeaSQL DWS
 CVE-2024-29013 (Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows ...)
 	NOT-FOR-US: SonicOS SSL-VPN
@@ -196216,8 +196296,8 @@ CVE-2021-45787 (There is a stored Cross Site Scripting (XSS) vulnerability in ma
 	NOT-FOR-US: maccms
 CVE-2021-45786 (In maccms v10, an attacker can log in through /index.php/user/login in ...)
 	NOT-FOR-US: maccms
-CVE-2021-45785
-	RESERVED
+CVE-2021-45785 (TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross- ...)
+	TODO: check
 CVE-2021-45784
 	RESERVED
 CVE-2021-45783 (Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4692c63dd1a95aafaeba3472b12180009aa6d186

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4692c63dd1a95aafaeba3472b12180009aa6d186
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240624/fa344f10/attachment-0001.htm>