[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 5 09:12:09 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f7b62f3 by security tracker role at 2024-05-05T08:11:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2024-4497 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been dec ...)
+	TODO: check
+CVE-2024-4496 (A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been cla ...)
+	TODO: check
+CVE-2024-4495 (A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified a ...)
+	TODO: check
+CVE-2024-4494 (A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classif ...)
+	TODO: check
+CVE-2024-4493 (A vulnerability, which was classified as critical, was found in Tenda  ...)
+	TODO: check
+CVE-2024-4492 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2024-4491 (A vulnerability classified as critical was found in Tenda i21 1.0.0.14 ...)
+	TODO: check
+CVE-2024-34490 (In Maxima through 5.47.0 before 51704c, the plotting facilities make u ...)
+	TODO: check
+CVE-2024-34489 (OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause ...)
+	TODO: check
+CVE-2024-34488 (OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers ...)
+	TODO: check
+CVE-2024-34487 (OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to c ...)
+	TODO: check
+CVE-2024-34486 (OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to ...)
+	TODO: check
+CVE-2024-34484 (OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to caus ...)
+	TODO: check
+CVE-2024-34483 (OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers ...)
+	TODO: check
+CVE-2024-34478 (btcd before 0.24.0 does not correctly implement the consensus rules ou ...)
+	TODO: check
+CVE-2024-34476 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...)
+	TODO: check
+CVE-2024-34475 (Open5GS before 2.7.1 is vulnerable to a reachable assertion that can c ...)
+	TODO: check
+CVE-2024-34473 (An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An a ...)
+	TODO: check
+CVE-2024-34469 (Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module ...)
+	TODO: check
+CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
+	TODO: check
+CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cook ...)
+	TODO: check
+CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.)
+	TODO: check
+CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...)
+	TODO: check
 CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injec ...)
@@ -17897,30 +17943,35 @@ CVE-2024-2182 (A flaw was found in the Open Virtual Network (OVN). In OVN cluste
 	NOTE: https://bugs.launchpad.net/bugs/2053113
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
 CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some Intel(R)  ...)
+	{DLA-3808-1}
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some Intel(R) P ...)
+	{DLA-3808-1}
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-38575 (Non-transparent sharing of return predictor targets between contexts i ...)
+	{DLA-3808-1}
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation Intel(R) X ...)
+	{DLA-3808-1}
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-28746 (Information exposure through microarchitectural state after transient  ...)
+	{DLA-3808-1}
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
@@ -81685,8 +81736,8 @@ CVE-2023-27285 (IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerabl
 	NOT-FOR-US: IBM
 CVE-2023-27284 (IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to  ...)
 	NOT-FOR-US: IBM
-CVE-2023-27283
-	RESERVED
+CVE-2023-27283 (IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumera ...)
+	TODO: check
 CVE-2023-27282
 	RESERVED
 CVE-2023-27281



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f7b62f3ce95bd13071ed60506a1f9d94585cac9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f7b62f3ce95bd13071ed60506a1f9d94585cac9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240505/2bbcf63e/attachment.htm>

More information about the debian-security-tracker-commits mailing list