[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 4 08:12:02 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a857a967 by security tracker role at 2024-03-04T08:11:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,76 @@
-CVE-2024-26622 [tomoyo: fix UAF write bug in tomoyo_write_control()]
+CVE-2024-2156 (A vulnerability was found in SourceCodester Best POS Management System ...)
+	TODO: check
+CVE-2024-2155 (A vulnerability was found in SourceCodester Best POS Management System ...)
+	TODO: check
+CVE-2024-2154 (A vulnerability has been found in SourceCodester Online Mobile Managem ...)
+	TODO: check
+CVE-2024-2153 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2024-2152 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2024-2151 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2024-28088 (LangChain through 0.1.10 allows ../ directory traversal by an actor wh ...)
+	TODO: check
+CVE-2024-28084 (p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers  ...)
+	TODO: check
+CVE-2024-21826 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-21816 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2024-20038 (In pq, there is a possible out of bounds read due to an incorrect boun ...)
+	TODO: check
+CVE-2024-20037 (In pq, there is a possible write-what-where condition due to an incorr ...)
+	TODO: check
+CVE-2024-20036 (In vdec, there is a possible permission bypass due to a permissions by ...)
+	TODO: check
+CVE-2024-20034 (In battery, there is a possible escalation of privilege due to a missi ...)
+	TODO: check
+CVE-2024-20033 (In nvram, there is a possible information disclosure due to a missing  ...)
+	TODO: check
+CVE-2024-20032 (In aee, there is a possible permission bypass due to a missing permiss ...)
+	TODO: check
+CVE-2024-20031 (In da, there is a possible out of bounds write due to lack of valudati ...)
+	TODO: check
+CVE-2024-20030 (In da, there is a possible information disclosure due to improper inpu ...)
+	TODO: check
+CVE-2024-20029 (In wlan firmware, there is a possible out of bounds write due to impro ...)
+	TODO: check
+CVE-2024-20028 (In da, there is a possible out of bounds write due to lack of valudati ...)
+	TODO: check
+CVE-2024-20027 (In da, there is a possible out of bounds write due to improper input v ...)
+	TODO: check
+CVE-2024-20026 (In da, there is a possible information disclosure due to improper inpu ...)
+	TODO: check
+CVE-2024-20025 (In da, there is a possible out of bounds write due to an integer overf ...)
+	TODO: check
+CVE-2024-20024 (In flashc, there is a possible out of bounds write due to lack of valu ...)
+	TODO: check
+CVE-2024-20023 (In flashc, there is a possible out of bounds write due to lack of valu ...)
+	TODO: check
+CVE-2024-20022 (In lk, there is a possible escalation of privilege due to a missing bo ...)
+	TODO: check
+CVE-2024-20020 (In OPTEE, there is a possible out of bounds write due to an incorrect  ...)
+	TODO: check
+CVE-2024-20019 (In wlan driver, there is a possible memory leak due to improper input  ...)
+	TODO: check
+CVE-2024-20018 (In wlan driver, there is a possible out of bounds write due to imprope ...)
+	TODO: check
+CVE-2024-20017 (In wlan service, there is a possible out of bounds write due to improp ...)
+	TODO: check
+CVE-2024-20005 (In da, there is a possible permission bypass due to a missing permissi ...)
+	TODO: check
+CVE-2023-4479 (Stored XSS Vulnerability in M-Files Web versions before 23.8 allows at ...)
+	TODO: check
+CVE-2023-49602 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2023-46708 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2023-25176 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2019-25210 (An issue was discovered in Cloud Native Computing Foundation (CNCF) He ...)
+	TODO: check
+CVE-2024-26622 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 (6.8-rc7)
 CVE-2024-2150 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -3666,7 +3738,7 @@ CVE-2024-1554 (The `fetch()` API and navigation incorrectly shared the same cach
 	- firefox 123.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-05/#CVE-2024-1554
 CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thun ...)
-	{DSA-5630-1 DSA-5627-1}
+	{DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird 1:115.8.0-1
@@ -3674,7 +3746,7 @@ CVE-2024-1553 (Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1553
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1553
 CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric convers ...)
-	{DSA-5630-1 DSA-5627-1}
+	{DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird 1:115.8.0-1
@@ -3682,7 +3754,7 @@ CVE-2024-1552 (Incorrect code generation could have led to unexpected numeric co
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1552
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1552
 CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in multipar ...)
-	{DSA-5630-1 DSA-5627-1}
+	{DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird 1:115.8.0-1
@@ -3690,7 +3762,7 @@ CVE-2024-1551 (Set-Cookie response headers were being incorrectly honored in mul
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1551
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1551
 CVE-2024-1550 (A malicious website could have used a combination of exiting fullscree ...)
-	{DSA-5630-1 DSA-5627-1}
+	{DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird 1:115.8.0-1
@@ -3698,7 +3770,7 @@ CVE-2024-1550 (A malicious website could have used a combination of exiting full
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1550
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1550
 CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor could h ...)
-	{DSA-5630-1 DSA-5627-1}
+	{DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird 1:115.8.0-1
@@ -3706,7 +3778,7 @@ CVE-2024-1549 (If a website set a large custom cursor, portions of the cursor co
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1549
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1549
 CVE-2024-1548 (A website could have obscured the fullscreen notification by using a d ...)
-	{DSA-5630-1 DSA-5627-1}
+	{DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird 1:115.8.0-1
@@ -3714,7 +3786,7 @@ CVE-2024-1548 (A website could have obscured the fullscreen notification by usin
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1548
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1548
 CVE-2024-1547 (Through a series of API calls and redirects, an attacker-controlled al ...)
-	{DSA-5630-1 DSA-5627-1}
+	{DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird 1:115.8.0-1
@@ -3722,7 +3794,7 @@ CVE-2024-1547 (Through a series of API calls and redirects, an attacker-controll
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1547
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1547
 CVE-2024-1546 (When storing and re-accessing data on a networking channel, the length ...)
-	{DSA-5630-1 DSA-5627-1}
+	{DSA-5630-1 DSA-5627-1 DLA-3748-1 DLA-3747-1}
 	- firefox 123.0-1
 	- firefox-esr 115.8.0esr-1
 	- thunderbird 1:115.8.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a857a96788921b9e24f995063d4414b74b2e4607

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a857a96788921b9e24f995063d4414b74b2e4607
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240304/e3297b8d/attachment.htm>

More information about the debian-security-tracker-commits mailing list