[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 11 20:11:57 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a62e084f by security tracker role at 2024-03-11T20:11:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2024-2370 (Unrestricted file upload vulnerability in ManageEngine Desktop Central ...)
+ TODO: check
+CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...)
+ TODO: check
+CVE-2024-28198 (OpenOlat is an open source web-based e-learning platform for teaching, ...)
+ TODO: check
+CVE-2024-28197 (Zitadel is an open source identity management system. Zitadel uses a c ...)
+ TODO: check
+CVE-2024-28187 (SOY CMS is an open source CMS (content management system) that allows ...)
+ TODO: check
+CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size c ...)
+ TODO: check
+CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption ...)
+ TODO: check
+CVE-2024-27235 (In plugin_extern_func of TBD, there is a possible out of bounds read d ...)
+ TODO: check
+CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds read due ...)
+ TODO: check
+CVE-2024-27233 (In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission byp ...)
+ TODO: check
+CVE-2024-27230 (In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cp ...)
+ TODO: check
+CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a ...)
+ TODO: check
+CVE-2024-27228 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...)
+ TODO: check
+CVE-2024-27227 (Android kernel allows Remote code execution.)
+ TODO: check
+CVE-2024-27226 (In tmu_config_gov_params of TBD, there is a possible out of bounds wri ...)
+ TODO: check
+CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out of boun ...)
+ TODO: check
+CVE-2024-27224 (In strncpy of strncpy.c, there is a possible out of bounds write due t ...)
+ TODO: check
+CVE-2024-27223 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...)
+ TODO: check
+CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible w ...)
+ TODO: check
+CVE-2024-27221 (In update_policy_data of TBD, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2024-27220 (In lpm_req_handler of TBD, there is a possible out of bounds memory ac ...)
+ TODO: check
+CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds write due to ...)
+ TODO: check
+CVE-2024-27218 (In update_freq_data of TBD, there is a possible out of bounds read due ...)
+ TODO: check
+CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remot ...)
+ TODO: check
+CVE-2024-27212 (In init_data of TBD, there is a possible out of bounds write due to a ...)
+ TODO: check
+CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write du ...)
+ TODO: check
+CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds write due ...)
+ TODO: check
+CVE-2024-27209 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...)
+ TODO: check
+CVE-2024-27208 (In TBD of TBD, there is a possible out of bounds write due to a missin ...)
+ TODO: check
+CVE-2024-27207 (Android kernel allows Elevation of privilege.)
+ TODO: check
+CVE-2024-27206 (In tbd of tbd, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2024-27205 (In tbd of tbd, there is a possible memory corruption due to a use afte ...)
+ TODO: check
+CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of bounds writ ...)
+ TODO: check
+CVE-2024-25993 (In tmu_reset_tmu_trip_counter of TBD, there is a possible out of bound ...)
+ TODO: check
+CVE-2024-25992 (In tmu_tz_control of tmu.c, there is a possible out of bounds read due ...)
+ TODO: check
+CVE-2024-25991 (In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bo ...)
+ TODO: check
+CVE-2024-25990 (In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, th ...)
+ TODO: check
+CVE-2024-25989 (In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out ...)
+ TODO: check
+CVE-2024-25988 (In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possibl ...)
+ TODO: check
+CVE-2024-25987 (In pt_sysctl_command of pt.c, there is a possible out of bounds write ...)
+ TODO: check
+CVE-2024-25986 (In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of p ...)
+ TODO: check
+CVE-2024-25985 (In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a mis ...)
+ TODO: check
+CVE-2024-25984 (In dumpBatteryDefend of dump_power.cpp, there is a possible out of bou ...)
+ TODO: check
+CVE-2024-23717 (In access_secure_service_from_temp_bond of btm_sec.cc, there is a poss ...)
+ TODO: check
+CVE-2024-23612 (An improper error handling vulnerability in LabVIEW may result in remo ...)
+ TODO: check
+CVE-2024-23611 (An out of bounds write due to a missing bounds check in LabVIEW may re ...)
+ TODO: check
+CVE-2024-23610 (An out of bounds write due to a missing bounds check in LabVIEW may re ...)
+ TODO: check
+CVE-2024-23609 (An improper error handling vulnerability in LabVIEW may result in remo ...)
+ TODO: check
+CVE-2024-23608 (An out of bounds write due to a missing bounds check in LabVIEW may re ...)
+ TODO: check
+CVE-2024-22011 (In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possi ...)
+ TODO: check
+CVE-2024-22010 (In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read ...)
+ TODO: check
+CVE-2024-22009 (In init_data of TBD, there is a possible out of bounds write due to a ...)
+ TODO: check
+CVE-2024-22008 (In config_gov_time_windows of tmu.c, there is a possible out of bounds ...)
+ TODO: check
+CVE-2024-22007 (In constraint_check of fvp.c, there is a possible out of bounds read d ...)
+ TODO: check
+CVE-2024-22006 (Android kernel allows Information disclosure.)
+ TODO: check
+CVE-2024-22005 (In TBD of TBD, there is a possible Authentication Bypass due to improp ...)
+ TODO: check
+CVE-2024-1696 (In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user op ...)
+ TODO: check
+CVE-2024-1487 (The Photos and Files Contest Gallery WordPress plugin before 21.3.1 do ...)
+ TODO: check
+CVE-2024-1441 (An off-by-one error flaw was found in the udevListInterfacesByStatus() ...)
+ TODO: check
+CVE-2024-1373
+ REJECTED
+CVE-2024-1290 (The User Registration WordPress plugin before 2.12 does not prevent us ...)
+ TODO: check
+CVE-2024-1279 (The Paid Memberships Pro WordPress plugin before 2.12.9 does not preve ...)
+ TODO: check
+CVE-2024-1273 (The Starbox WordPress plugin before 3.5.0 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-1068 (The 404 Solution WordPress plugin before 2.35.8 does not properly sani ...)
+ TODO: check
+CVE-2024-0670 (Privilege escalation in windows agent plugin in Checkmk before 2.2.0p2 ...)
+ TODO: check
+CVE-2024-0561 (The Ultimate Posts Widget WordPress plugin before 2.3.1 does not valid ...)
+ TODO: check
+CVE-2024-0559 (The Enhanced Text Widget WordPress plugin before 1.6.6 does not valida ...)
+ TODO: check
+CVE-2024-0053 (In getCustomPrinterIcon of PrintManagerService.java, there is a possib ...)
+ TODO: check
+CVE-2024-0052 (In multiple functions of healthconnect, there is a possible leakage of ...)
+ TODO: check
+CVE-2024-0051 (In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds w ...)
+ TODO: check
+CVE-2024-0050 (In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible ...)
+ TODO: check
+CVE-2024-0049 (In multiple locations, there is a possible out of bounds write due to ...)
+ TODO: check
+CVE-2024-0048 (In Session of AccountManagerService.java, there is a possible method t ...)
+ TODO: check
+CVE-2024-0047 (In writeUserLP of UserManagerService.java, device policies are seriali ...)
+ TODO: check
+CVE-2024-0046 (In installExistingPackageAsUser of InstallPackageHelper.java, there is ...)
+ TODO: check
+CVE-2024-0045 (In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds r ...)
+ TODO: check
+CVE-2024-0044 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
+ TODO: check
+CVE-2024-0039 (In attp_build_value_cmd of att_protocol.cc, there is a possible out of ...)
+ TODO: check
+CVE-2023-7247 (The Login as User or Customer WordPress plugin through 3.8 does not pr ...)
+ TODO: check
+CVE-2023-6444 (The Seriously Simple Podcasting WordPress plugin before 3.0.0 disclose ...)
+ TODO: check
CVE-2024-2365 (A vulnerability classified as problematic was found in Musicshelf 1.0/ ...)
NOT-FOR-US: Musicshelf
CVE-2024-2364 (A vulnerability classified as problematic has been found in Musicshelf ...)
@@ -10262,6 +10422,7 @@ CVE-2023-6267 (A flaw was found in the json payload. If annotation based securit
CVE-2023-5675
NOT-FOR-US: Quarkus
CVE-2023-52356 (A segment fault (SEGV) flaw was found in libtiff that could be trigger ...)
+ {DLA-3758-1}
- tiff 4.5.1+git230720-4 (bug #1061524)
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -25229,6 +25390,7 @@ CVE-2023-5945 (The video carousel slider with lightbox plugin for WordPress is v
CVE-2023-5707 (The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5088 (A bug in QEMU could cause a guest I/O operation otherwise addressed to ...)
+ {DLA-3759-1}
- qemu 1:8.1.1+ds-2
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -30796,7 +30958,7 @@ CVE-2023-3701 (Aqua Drive, in its 2.4 version, is vulnerable to a relative path
CVE-2023-3665 (A code injection vulnerability in Trellix ENS 10.7.0 April 2023 releas ...)
NOT-FOR-US: Trellix
CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility. This issue ...)
- {DSA-5567-1}
+ {DSA-5567-1 DLA-3758-1}
- tiff 4.5.1~rc3-1
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/475
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1d5b1181c980090a6518f11e61a18b0e268bf31a (v4.5.1rc1)
@@ -44691,6 +44853,7 @@ CVE-2023-3355 (A NULL pointer dereference flaw was found in the Linux kernel's d
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d839f0811a31322c087a859c2b181e2383daa7be (6.3-rc1)
CVE-2023-3354 (A flaw was found in the QEMU built-in VNC server. When a client connec ...)
+ {DLA-3759-1}
- qemu 1:8.0.4+dfsg-1
[bookworm] - qemu 1:7.2+dfsg-7+deb12u2
[bullseye] - qemu 1:5.2+dfsg-11+deb11u3
@@ -44752,6 +44915,7 @@ CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scr
CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2861 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...)
+ {DLA-3759-1}
- qemu 1:8.0.3+dfsg-1
[bookworm] - qemu 1:7.2+dfsg-7+deb12u1
[bullseye] - qemu <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a62e084f80bc0616729b00236dff064a21d30893
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a62e084f80bc0616729b00236dff064a21d30893
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240311/cc2f926d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list