[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 8 09:12:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5880276e by security tracker role at 2024-05-08T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2024-4456 (In affected versions of Octopus Server with certain access levels it w ...)
+ TODO: check
+CVE-2024-4393 (The Social Connect plugin for WordPress is vulnerable to authenticatio ...)
+ TODO: check
+CVE-2024-4162 (A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may ...)
+ TODO: check
+CVE-2024-4030 (On Windows a directory returned by tempfile.mkdtemp() would not always ...)
+ TODO: check
+CVE-2024-3494 (The Mesmerize Companion plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-34346 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...)
+ TODO: check
+CVE-2024-32674 (Heateor Social Login WordPress prior to 1.1.32 contains a cross-site s ...)
+ TODO: check
+CVE-2024-2860 (The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a ...)
+ TODO: check
+CVE-2024-27273 (IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram ...)
+ TODO: check
+CVE-2024-23713 (In migrateNotificationFilter of NotificationManagerService.java, there ...)
+ TODO: check
+CVE-2024-23712 (In multiple functions of AppOpsService.java, there is a possible way t ...)
+ TODO: check
+CVE-2024-23710 (In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.j ...)
+ TODO: check
+CVE-2024-23709 (In multiple locations, there is a possible out of bounds write due to ...)
+ TODO: check
+CVE-2024-23708 (In multiple functions of NotificationManagerService.java, there is a p ...)
+ TODO: check
+CVE-2024-23707 (In multiple locations, there is a possible permissions bypass due to i ...)
+ TODO: check
+CVE-2024-23706 (In multiple locations, there is a possible bypass of health data permi ...)
+ TODO: check
+CVE-2024-23705 (In multiple locations, there is a possible failure to persist or enfor ...)
+ TODO: check
+CVE-2024-23704 (In onCreate of WifiDialogActivity.java, there is a possible way to byp ...)
+ TODO: check
+CVE-2024-23551 (Database scanning using username and password stores the credentials i ...)
+ TODO: check
+CVE-2024-22266 (VMware Avi Load Balancer contains an information disclosure vulnerabil ...)
+ TODO: check
+CVE-2024-22264 (VMware Avi Load Balancer contains a privilege escalation vulnerability ...)
+ TODO: check
+CVE-2024-1076 (The SSL Zen WordPress plugin before 4.6.0 only relies on the use of . ...)
+ TODO: check
+CVE-2024-0043 (In multiple locations, there is a possible notification listener grant ...)
+ TODO: check
+CVE-2024-0042 (In TBD of TBD, there is a possible confusion of OEM and DRM certificat ...)
+ TODO: check
+CVE-2024-0027 (In multiple functions of SnoozeHelper.java, there is a possible way to ...)
+ TODO: check
+CVE-2024-0026 (In multiple functions of SnoozeHelper.java, there is a possible persis ...)
+ TODO: check
+CVE-2024-0025 (In sendIntentSender of ActivityManagerService.java, there is a possibl ...)
+ TODO: check
+CVE-2024-0024 (In multiple methods of UserManagerService.java, there is a possible fa ...)
+ TODO: check
+CVE-2024-0022 (In multiple functions of CompanionDeviceManagerService.java, there is ...)
+ TODO: check
+CVE-2023-40694 (IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sen ...)
+ TODO: check
+CVE-2023-40490 (Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution ...)
+ TODO: check
+CVE-2023-37325 (D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability ...)
+ TODO: check
+CVE-2023-35757 (D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overfl ...)
+ TODO: check
+CVE-2023-35749 (D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overf ...)
+ TODO: check
+CVE-2023-35748 (D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based B ...)
+ TODO: check
CVE-2024-4438
NOT-FOR-US: Incomplete backport in Red Hat OpenStack platform
CVE-2024-4437
@@ -1478,7 +1548,7 @@ CVE-2023-50230 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remot
- bluez 5.70-1.1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1812/
NOTE: https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443
-CVE-2023-50229 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...) (5.70)
+CVE-2023-50229 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...)
- bluez 5.70-1.1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1811/
NOTE: https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443 (5.70)
@@ -2764,7 +2834,7 @@ CVE-2022-48671 (In the Linux kernel, the following vulnerability has been resolv
CVE-2022-48670 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux 5.19.11-1
NOTE: https://git.kernel.org/linus/1c11289b34ab67ed080bbe0f1855c4938362d9cf (6.0-rc4)
-CVE-2024-4418 [stack use-after-free in virNetClientIOEventLoop()]
+CVE-2024-4418 (A race condition leading to a stack use-after-free flaw was found in l ...)
- libvirt 10.3.0-1 (bug #1070330)
[bookworm] - libvirt <not-affected> (Vulnerable code not present)
[bullseye] - libvirt <not-affected> (Vulnerable code not present)
@@ -8783,7 +8853,7 @@ CVE-2024-1874 (In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* b
NOTE: Only affects improper handling of command line arguments on Windows
NOTE: https://github.com/php/php-src/commit/e3c784f2bfb6029b49d27783b2efc87ee6923f79
CVE-2024-2756 (Due to an incomplete fix to CVE-2022-31629 https://github.com/advisor ...)
- {DSA-5661-1 DSA-5660-1}
+ {DSA-5661-1 DSA-5660-1 DLA-3810-1}
- php8.2 8.2.18-1
- php7.4 <removed>
- php7.3 <removed>
@@ -8791,7 +8861,7 @@ CVE-2024-2756 (Due to an incomplete fix to CVE-2022-31629 https://github.com/ad
NOTE: https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
NOTE: https://github.com/php/php-src/commit/093c08af25fb323efa0c8e6154aa9fdeae3d3b53
CVE-2024-3096 (In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...)
- {DSA-5661-1 DSA-5660-1}
+ {DSA-5661-1 DSA-5660-1 DLA-3810-1}
- php8.2 8.2.18-1
- php7.4 <removed>
- php7.3 <removed>
@@ -11722,7 +11792,7 @@ CVE-2024-31393 (Dragging Javascript URLs to the address bar could cause them to
- firefox <not-affected> (Only affects Firefox for iOS)
CVE-2024-31392 (If an insecure element was added to a page after a delay, Firefox woul ...)
- firefox <not-affected> (Only affects Firefox for iOS)
-CVE-2024-31390 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+CVE-2024-31390 (: Improper Control of Generation of Code ('Code Injection') vulnerabil ...)
NOT-FOR-US: WordPress plugin
CVE-2024-31380 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: WordPress plugin
@@ -17863,11 +17933,11 @@ CVE-2024-23944 (Information disclosure in persistent watchers handling in Apache
NOTE: See https://issues.apache.org/jira/browse/ZOOKEEPER-1416
NOTE: However, classical watches are used (<< 3.6), it seems that to trigger for nodes whose names are not
NOTE: known in advance is not possible. Nevertheless classical watch leaks some information.
-CVE-2024-2746
+CVE-2024-2746 (Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was t ...)
NOT-FOR-US: dnf5daemon-server
-CVE-2024-1930
+CVE-2024-1930 (No Limit on Number of Open Sessions / Bad Session Close Behaviour in ...)
NOT-FOR-US: dnf5daemon-server
-CVE-2024-1929
+CVE-2024-1929 (Local Root Exploit via Configuration Dictionary in dnf5daemon-serverb ...)
NOT-FOR-US: dnf5daemon-server
CVE-2024-2438
REJECTED
@@ -82535,8 +82605,8 @@ CVE-2023-27323 (Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privil
NOT-FOR-US: Parallels Desktop
CVE-2023-27322 (Parallels Desktop Service Improper Initialization Local Privilege Esca ...)
NOT-FOR-US: Parallels Desktop
-CVE-2023-27321
- RESERVED
+CVE-2023-27321 (OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion D ...)
+ TODO: check
CVE-2023-27320 (Sudo before 1.9.13p2 has a double free in the per-command chroot featu ...)
- sudo 1.9.13p3-1 (bug #1032163)
[bullseye] - sudo <not-affected> (Vulnerable code not present)
@@ -110385,7 +110455,7 @@ CVE-2023-21269 (In startActivityInner of ActivityStarter.java, there is a possib
NOT-FOR-US: Android
CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change direc ...)
NOT-FOR-US: Android
-CVE-2023-21267 (In doKeyguardLocked of KeyguardViewMediator.java, there is a possible ...)
+CVE-2023-21267 (In multiple functions of KeyguardViewMediator.java, there is a possibl ...)
NOT-FOR-US: Android
CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java, there is a ...)
NOT-FOR-US: Android
@@ -115741,18 +115811,18 @@ CVE-2021-46847
RESERVED
CVE-2022-43657
RESERVED
-CVE-2022-43656
- RESERVED
-CVE-2022-43655
- RESERVED
-CVE-2022-43654
- RESERVED
-CVE-2022-43653
- RESERVED
-CVE-2022-43652
- RESERVED
-CVE-2022-43651
- RESERVED
+CVE-2022-43656 (Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosur ...)
+ TODO: check
+CVE-2022-43655 (Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code E ...)
+ TODO: check
+CVE-2022-43654 (NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2022-43653 (Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Executio ...)
+ TODO: check
+CVE-2022-43652 (Bentley View SKP File Parsing Use-After-Free Information Disclosure Vu ...)
+ TODO: check
+CVE-2022-43651 (Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vul ...)
+ TODO: check
CVE-2022-43650 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: RARLAB WinRAR
CVE-2022-43649 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -172355,8 +172425,8 @@ CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versio
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476
CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0369
- RESERVED
+CVE-2022-0369 (Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Tra ...)
+ TODO: check
CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
NOT-FOR-US: Moxa
CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...)
@@ -212782,14 +212852,14 @@ CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: TP-Link
CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: TP-Link
-CVE-2021-35002
- RESERVED
-CVE-2021-35001
- RESERVED
-CVE-2021-35000
- RESERVED
-CVE-2021-34999
- RESERVED
+CVE-2021-35002 (BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerabi ...)
+ TODO: check
+CVE-2021-35001 (BMC Track-It! GetData Missing Authorization Information Disclosure Vul ...)
+ TODO: check
+CVE-2021-35000 (OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disc ...)
+ TODO: check
+CVE-2021-34999 (OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disc ...)
+ TODO: check
CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Panda Security Free Antivirus
CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -212820,12 +212890,11 @@ CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive
NOT-FOR-US: Bentley ContextCapture
CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Bentley ContextCapture
-CVE-2021-34983
- RESERVED
-CVE-2021-34982
- RESERVED
-CVE-2021-34981 [Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability]
- RESERVED
+CVE-2021-34983 (NETGEAR Multiple Routers httpd Missing Authentication for Critical Fun ...)
+ TODO: check
+CVE-2021-34982 (NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code ...)
+ TODO: check
+CVE-2021-34981 (Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vu ...)
- linux 5.10.46-1
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
@@ -212839,66 +212908,66 @@ CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute
NOT-FOR-US: Netgear
CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...)
NOT-FOR-US: Netgear
-CVE-2021-34976
- RESERVED
-CVE-2021-34975
- RESERVED
-CVE-2021-34974
- RESERVED
-CVE-2021-34973
- RESERVED
-CVE-2021-34972
- RESERVED
-CVE-2021-34971
- RESERVED
-CVE-2021-34970
- RESERVED
-CVE-2021-34969
- RESERVED
-CVE-2021-34968
- RESERVED
-CVE-2021-34967
- RESERVED
-CVE-2021-34966
- RESERVED
-CVE-2021-34965
- RESERVED
-CVE-2021-34964
- RESERVED
-CVE-2021-34963
- RESERVED
-CVE-2021-34962
- RESERVED
-CVE-2021-34961
- RESERVED
-CVE-2021-34960
- RESERVED
-CVE-2021-34959
- RESERVED
-CVE-2021-34958
- RESERVED
-CVE-2021-34957
- RESERVED
-CVE-2021-34956
- RESERVED
-CVE-2021-34955
- RESERVED
-CVE-2021-34954
- RESERVED
-CVE-2021-34953
- RESERVED
-CVE-2021-34952
- RESERVED
-CVE-2021-34951
- RESERVED
-CVE-2021-34950
- RESERVED
-CVE-2021-34949
- RESERVED
-CVE-2021-34948
- RESERVED
-CVE-2021-34947
- RESERVED
+CVE-2021-34976 (Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosur ...)
+ TODO: check
+CVE-2021-34975 (Foxit PDF Reader transitionToState Use-After-Free Remote Code Executio ...)
+ TODO: check
+CVE-2021-34974 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...)
+ TODO: check
+CVE-2021-34973 (Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosur ...)
+ TODO: check
+CVE-2021-34972 (Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulner ...)
+ TODO: check
+CVE-2021-34971 (Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remot ...)
+ TODO: check
+CVE-2021-34970 (Foxit PDF Reader print Method Use of Externally-Controlled Format Stri ...)
+ TODO: check
+CVE-2021-34969 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...)
+ TODO: check
+CVE-2021-34968 (Foxit PDF Editor transitionToState Use-After-Free Remote Code Executio ...)
+ TODO: check
+CVE-2021-34967 (Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution ...)
+ TODO: check
+CVE-2021-34966 (Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code ...)
+ TODO: check
+CVE-2021-34965 (Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execut ...)
+ TODO: check
+CVE-2021-34964 (Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Executi ...)
+ TODO: check
+CVE-2021-34963 (Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execut ...)
+ TODO: check
+CVE-2021-34962 (Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution ...)
+ TODO: check
+CVE-2021-34961 (Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution V ...)
+ TODO: check
+CVE-2021-34960 (Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Executio ...)
+ TODO: check
+CVE-2021-34959 (Foxit PDF Editor Square Annotation Use-After-Free Remote Code Executio ...)
+ TODO: check
+CVE-2021-34958 (Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution ...)
+ TODO: check
+CVE-2021-34957 (Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execu ...)
+ TODO: check
+CVE-2021-34956 (Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execu ...)
+ TODO: check
+CVE-2021-34955 (Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution ...)
+ TODO: check
+CVE-2021-34954 (Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execu ...)
+ TODO: check
+CVE-2021-34953 (Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code ...)
+ TODO: check
+CVE-2021-34952 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...)
+ TODO: check
+CVE-2021-34951 (Foxit PDF Reader Annotation Use of Uninitialized Variable Information ...)
+ TODO: check
+CVE-2021-34950 (Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution V ...)
+ TODO: check
+CVE-2021-34949 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure ...)
+ TODO: check
+CVE-2021-34948 (Foxit PDF Reader Square Annotation Use-After-Free Remote Code Executio ...)
+ TODO: check
+CVE-2021-34947 (NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulner ...)
+ TODO: check
CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Bentley View
CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5880276ef9650405a6370b7721b10e7a231ef335
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5880276ef9650405a6370b7721b10e7a231ef335
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240508/c3eb0548/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list