[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 15 20:12:43 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad06b912 by security tracker role at 2024-03-15T20:12:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2024-2537 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+	TODO: check
+CVE-2024-2497 (A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified ...)
+	TODO: check
+CVE-2024-2495 (Cryptographic key vulnerability encoded in the FriendlyWrt firmware af ...)
+	TODO: check
+CVE-2024-2490 (A vulnerability classified as critical was found in Tenda AC18 15.03.0 ...)
+	TODO: check
+CVE-2024-2489 (A vulnerability classified as critical has been found in Tenda AC18 15 ...)
+	TODO: check
+CVE-2024-2488 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated ...)
+	TODO: check
+CVE-2024-2487 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been decla ...)
+	TODO: check
+CVE-2024-2450 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...)
+	TODO: check
+CVE-2024-2446 (Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x bef ...)
+	TODO: check
+CVE-2024-2445 (Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x ...)
+	TODO: check
+CVE-2024-28854 (tls-listener is a rust lang wrapper around a connection listener to su ...)
+	TODO: check
+CVE-2024-28851 (The Snowflake Hive metastore connector provides an easy way to query H ...)
+	TODO: check
+CVE-2024-28848 (OpenMetadata is a unified platform for discovery, observability, and g ...)
+	TODO: check
+CVE-2024-28847 (OpenMetadata is a unified platform for discovery, observability, and g ...)
+	TODO: check
+CVE-2024-28404 (TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-s ...)
+	TODO: check
+CVE-2024-28403 (TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Si ...)
+	TODO: check
+CVE-2024-28401 (TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-si ...)
+	TODO: check
+CVE-2024-28319 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out ...)
+	TODO: check
+CVE-2024-28318 (gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out  ...)
+	TODO: check
+CVE-2024-28255 (OpenMetadata is a unified platform for discovery, observability, and g ...)
+	TODO: check
+CVE-2024-28254 (OpenMetadata is a unified platform for discovery, observability, and g ...)
+	TODO: check
+CVE-2024-28253 (OpenMetadata is a unified platform for discovery, observability, and g ...)
+	TODO: check
+CVE-2024-28252 (CoreWCF is a port of the service side of Windows Communication Foundat ...)
+	TODO: check
+CVE-2024-28242 (Discourse is an open source platform for community discussion. In affe ...)
+	TODO: check
+CVE-2024-28053 (Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10  ...)
+	TODO: check
+CVE-2024-27987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-27920 (projectdiscovery/nuclei is a fast and customisable vulnerability scann ...)
+	TODO: check
+CVE-2024-27196 (Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash \u20 ...)
+	TODO: check
+CVE-2024-27193 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-27192 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-27189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-27100 (Discourse is an open source platform for community discussion. In affe ...)
+	TODO: check
+CVE-2024-27085 (Discourse is an open source platform for community discussion. In affe ...)
+	TODO: check
+CVE-2024-25936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25919 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25916 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25597 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-25592 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-24975 (Uncontrolled Resource Consumption in Mattermost Mobile versions before ...)
+	TODO: check
+CVE-2024-24827 (Discourse is an open source platform for community discussion. Without ...)
+	TODO: check
+CVE-2024-24748 (Discourse is an open source platform for community discussion. In affe ...)
+	TODO: check
+CVE-2023-7248 (Certain functionality in OpenText Vertica Management console might be  ...)
+	TODO: check
+CVE-2023-7060 (Zephyr OS IP packet handling does not properly drop IP packets arrivin ...)
+	TODO: check
+CVE-2023-7017 (Sciener locks' firmware update mechanism do not authenticate or valida ...)
+	TODO: check
+CVE-2023-7009 (Some Sciener-based locks support plaintext message processing over Blu ...)
+	TODO: check
+CVE-2023-7007 (Sciener server does not validate connection requests from the GatewayG ...)
+	TODO: check
+CVE-2023-7006 (The unlockKey character in a lock using Sciener firmware can be brute  ...)
+	TODO: check
+CVE-2023-7004 (The TTLock App does not employ proper verification procedures to ensur ...)
+	TODO: check
+CVE-2023-7003 (The AES key utilized in the pairing process between a lock using Scien ...)
+	TODO: check
+CVE-2023-6960 (TTLock App virtual keys and settings are only deleted client side, and ...)
+	TODO: check
+CVE-2023-6725 (An access-control flaw was found in the OpenStack Designate component  ...)
+	TODO: check
+CVE-2023-51699 (Fluid is an open source Kubernetes-native Distributed Dataset Orchestr ...)
+	TODO: check
+CVE-2023-51525 (Cross-Site Request Forgery (CSRF) vulnerability in Veribo, Roland Murg ...)
+	TODO: check
+CVE-2023-51522 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...)
+	TODO: check
+CVE-2023-51369 (Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize ...)
+	TODO: check
+CVE-2023-50898 (Missing Authorization vulnerability in sirv.Com Sirv.This issue affect ...)
+	TODO: check
+CVE-2023-50886 (Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerabili ...)
+	TODO: check
+CVE-2023-50861 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY \u ...)
+	TODO: check
+CVE-2023-47699 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site  ...)
+	TODO: check
+CVE-2023-47162 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site  ...)
+	TODO: check
+CVE-2023-47147 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to o ...)
+	TODO: check
+CVE-2023-46182 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site  ...)
+	TODO: check
+CVE-2023-46181 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be store ...)
+	TODO: check
+CVE-2023-46179 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attr ...)
+	TODO: check
 CVE-2024-2486 (A vulnerability was found in Tenda AC18 15.03.05.05. It has been class ...)
 	NOT-FOR-US: Tenda
 CVE-2024-2485 (A vulnerability was found in Tenda AC18 15.03.05.05 and classified as  ...)
@@ -84,9 +222,9 @@ CVE-2024-28054
 	NOTE: Patched amavisd-new version can use MIME::Entity->ambiguous_content if available
 	NOTE: to get help on detecting an an ambiguous email or use an own ambiguous_content
 	NOTE: check if the available MIME::Tools are too old.
-CVE-2024-28752
+CVE-2024-28752 (A SSRF vulnerability using the Aegis DataBinding in versions of Apache ...)
 	NOT-FOR-US: Apache CXF
-CVE-2024-23944
+CVE-2024-23944 (Information disclosure in persistent watchers handling in Apache ZooKe ...)
 	- zookeeper <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2024/03/14/2
 CVE-2024-1930
@@ -1061,7 +1199,7 @@ CVE-2023-28746 (Information exposure through microarchitectural state after tran
 	NOTE: https://www.openwall.com/lists/oss-security/2024/03/12/13
 	NOTE: https://xenbits.xen.org/xsa/advisory-452.html
 	NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
-CVE-2024-2193 [GhostRace: Speculative Race Conditions]
+CVE-2024-2193 (A Speculative Race Condition (SRC) vulnerability that impacts modern C ...)
 	- linux <unfixed>
 	- xen <unfixed>
 	[bookworm] - xen <postponed> (Minor issue, fix along in next DSA)
@@ -1149,7 +1287,7 @@ CVE-2024-27237 (In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect
 	NOT-FOR-US: Android
 CVE-2024-27236 (In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption  ...)
 	NOT-FOR-US: Android
-CVE-2024-27235 (In plugin_extern_func of TBD, there is a possible out of bounds read d ...)
+CVE-2024-27235 (In plugin_extern_func of , there is a possible out of bounds read due  ...)
 	NOT-FOR-US: Android
 CVE-2024-27234 (In fvp_set_target of fvp.c, there is a possible out of bounds read due ...)
 	NOT-FOR-US: Android
@@ -1159,11 +1297,11 @@ CVE-2024-27230 (In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadap
 	NOT-FOR-US: Android
 CVE-2024-27229 (In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a ...)
 	NOT-FOR-US: Android
-CVE-2024-27228 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...)
+CVE-2024-27228 (there is a possible out of bounds write due to a heap buffer overflow. ...)
 	NOT-FOR-US: Android
-CVE-2024-27227 (Android kernel allows Remote code execution.)
+CVE-2024-27227 (A malicious DNS response can trigger a number of OOB reads, writes, an ...)
 	NOT-FOR-US: Android
-CVE-2024-27226 (In tmu_config_gov_params of TBD, there is a possible out of bounds wri ...)
+CVE-2024-27226 (In tmu_config_gov_params of , there is a possible out of bounds write  ...)
 	NOT-FOR-US: Android
 CVE-2024-27225 (In sendHciCommand of bluetooth_hci.cc, there is a possible out of boun ...)
 	NOT-FOR-US: Android
@@ -1173,35 +1311,35 @@ CVE-2024-27223 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagem
 	NOT-FOR-US: Android
 CVE-2024-27222 (In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible w ...)
 	NOT-FOR-US: Android
-CVE-2024-27221 (In update_policy_data of TBD, there is a possible out of bounds write  ...)
+CVE-2024-27221 (In update_policy_data of , there is a possible out of bounds write due ...)
 	NOT-FOR-US: Android
-CVE-2024-27220 (In lpm_req_handler of TBD, there is a possible out of bounds memory ac ...)
+CVE-2024-27220 (In lpm_req_handler of , there is a possible out of bounds memory acces ...)
 	NOT-FOR-US: Android
 CVE-2024-27219 (In tmu_set_pi of tmu.c, there is a possible out of bounds write due to ...)
 	NOT-FOR-US: Android
-CVE-2024-27218 (In update_freq_data of TBD, there is a possible out of bounds read due ...)
+CVE-2024-27218 (In update_freq_data of , there is a possible out of bounds read due to ...)
 	NOT-FOR-US: Android
 CVE-2024-27213 (In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remot ...)
 	NOT-FOR-US: Android
-CVE-2024-27212 (In init_data of TBD, there is a possible out of bounds write due to a  ...)
+CVE-2024-27212 (In init_data of , there is a possible out of bounds write due to a mis ...)
 	NOT-FOR-US: Android
 CVE-2024-27211 (In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write du ...)
 	NOT-FOR-US: Android
 CVE-2024-27210 (In policy_check of fvp.c, there is a possible out of bounds write due  ...)
 	NOT-FOR-US: Android
-CVE-2024-27209 (In TBD of TBD, there is a possible out of bounds write due to a heap b ...)
+CVE-2024-27209 (there is a possible out of bounds write due to a heap buffer overflow. ...)
 	NOT-FOR-US: Android
-CVE-2024-27208 (In TBD of TBD, there is a possible out of bounds write due to a missin ...)
+CVE-2024-27208 (there is a possible out of bounds write due to a missing bounds check. ...)
 	NOT-FOR-US: Android
-CVE-2024-27207 (Android kernel allows Elevation of privilege.)
+CVE-2024-27207 (Exported broadcast receivers allowing malicious apps to bypass broadca ...)
 	NOT-FOR-US: Android
-CVE-2024-27206 (In tbd of tbd, there is a possible out of bounds read due to a missing ...)
+CVE-2024-27206 (there is a possible out of bounds read due to a missing bounds check.  ...)
 	NOT-FOR-US: Android
-CVE-2024-27205 (In tbd of tbd, there is a possible memory corruption due to a use afte ...)
+CVE-2024-27205 (there is a possible memory corruption due to a use after free. This co ...)
 	NOT-FOR-US: Android
 CVE-2024-27204 (In tmu_set_gov_active of tmu.c, there is a possible out of bounds writ ...)
 	NOT-FOR-US: Android
-CVE-2024-25993 (In tmu_reset_tmu_trip_counter of TBD, there is a possible out of bound ...)
+CVE-2024-25993 (In tmu_reset_tmu_trip_counter of , there is a possible out of bounds w ...)
 	NOT-FOR-US: Android
 CVE-2024-25992 (In tmu_tz_control of tmu.c, there is a possible out of bounds read due ...)
 	NOT-FOR-US: Android
@@ -1237,15 +1375,15 @@ CVE-2024-22011 (In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a
 	NOT-FOR-US: Android
 CVE-2024-22010 (In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read ...)
 	NOT-FOR-US: Android
-CVE-2024-22009 (In init_data of TBD, there is a possible out of bounds write due to a  ...)
+CVE-2024-22009 (In init_data of , there is a possible out of bounds write due to a mis ...)
 	NOT-FOR-US: Android
 CVE-2024-22008 (In config_gov_time_windows of tmu.c, there is a possible out of bounds ...)
 	NOT-FOR-US: Android
 CVE-2024-22007 (In constraint_check of fvp.c, there is a possible out of bounds read d ...)
 	NOT-FOR-US: Android
-CVE-2024-22006 (Android kernel allows Information disclosure.)
+CVE-2024-22006 (OOB read in the TMU plugin that allows for memory disclosure in the po ...)
 	NOT-FOR-US: Android
-CVE-2024-22005 (In TBD of TBD, there is a possible Authentication Bypass due to improp ...)
+CVE-2024-22005 (there is a possible Authentication Bypass due to improperly used crypt ...)
 	NOT-FOR-US: Android
 CVE-2024-1696 (In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user op ...)
 	NOT-FOR-US: Santesoft Sante FFT Imaging
@@ -2452,7 +2590,7 @@ CVE-2024-2002
 	[buster] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW202402-002
 	NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/404e6b1b14f60c81388d50b4239f81d461b3c3ad
-CVE-2024-27351 [Potential regular expression denial-of-service in django.utils.text.Truncator.words()]
+CVE-2024-27351 (In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3,  ...)
 	- python-django 3:4.2.11-1
 	[bookworm] - python-django <postponed> (Minor issue, fix along in future update)
 	[bullseye] - python-django <postponed> (Minor issue, fix along in future update)
@@ -7273,7 +7411,7 @@ CVE-2024-20740 (Substance3D - Painter versions 9.1.1 and earlier are affected by
 	NOT-FOR-US: Adobe
 CVE-2024-20739 (Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-ba ...)
 	NOT-FOR-US: Adobe
-CVE-2024-20738 (Adobe Framemaker versions 2022.1 and earlier are affected by an Improp ...)
+CVE-2024-20738 (Adobe FrameMaker Publishing Server versions 2022.1 and earlier are aff ...)
 	NOT-FOR-US: Adobe
 CVE-2024-20736 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
 	NOT-FOR-US: Adobe
@@ -17616,6 +17754,7 @@ CVE-2023-42017 (IBM Planning Analytics Local 2.0 could allow a remote attacker t
 CVE-2023-39251 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...)
 	NOT-FOR-US: Dell
 CVE-2023-52322 (ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2 ...)
+	{DLA-3761-1}
 	- spip 4.1.13+dfsg-1 (bug #1059331)
 	[bookworm] - spip 4.1.9+dfsg-1+deb12u4
 	[bullseye] - spip 3.2.11-3+deb11u10
@@ -24128,7 +24267,7 @@ CVE-2023-44326 (Adobe Dimension versions 3.4.9 (and earlier) is affected by an o
 	NOT-FOR-US: Adobe
 CVE-2023-44325 (Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-b ...)
 	NOT-FOR-US: Adobe
-CVE-2023-44324 (Adobe FrameMaker versions 2022 and earlier are affected by an Improper ...)
+CVE-2023-44324 (Adobe FrameMaker Publishing Server versions 2022 and earlier are affec ...)
 	NOT-FOR-US: Adobe
 CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any file on t ...)
 	NOT-FOR-US: Ray
@@ -184642,8 +184781,8 @@ CVE-2021-38940
 	RESERVED
 CVE-2021-38939 (IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive informa ...)
 	NOT-FOR-US: IBM
-CVE-2021-38938
-	RESERVED
+CVE-2021-38938 (IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and ...)
+	TODO: check
 CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...)
 	NOT-FOR-US: IBM
 CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive info ...)
@@ -505647,14 +505786,14 @@ CVE-2016-1245 (It was discovered that the zebra daemon in Quagga before 1.0.2016
 	NOTE: Fixed by: https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
 	NOTE: https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html
 CVE-2016-1244 (The extractTree function in unADF allows remote attackers to execute a ...)
-	{DSA-3676-1 DLA-631-1}
+	{DSA-3676-1 DLA-3762-1 DLA-631-1}
 	- unadf 0.7.11a-6 (bug #838248)
 	[bookworm] - unadf 0.7.11a-5+deb12u1
 	[bullseye] - unadf 0.7.11a-4+deb11u1
 	NOTE: Fixed by: https://github.com/lclevy/ADFlib/commit/8e973d7b894552c3a3de0ccd2d1e9cb0b8e618dd
 	NOTE: The changes between 0.7.11a-3 and 0.7.11a-4 did not include the upstream fix.
 CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF allow ...)
-	{DSA-3676-1 DLA-631-1}
+	{DSA-3676-1 DLA-3762-1 DLA-631-1}
 	- unadf 0.7.11a-6 (bug #838248)
 	[bookworm] - unadf 0.7.11a-5+deb12u1
 	[bullseye] - unadf 0.7.11a-4+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad06b91257c2197f6d619f12d85276443990f303

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad06b91257c2197f6d619f12d85276443990f303
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240315/8e144abf/attachment.htm>

More information about the debian-security-tracker-commits mailing list