[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 14 08:12:18 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1a2d39f by security tracker role at 2024-11-14T08:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,199 @@
+CVE-2024-9186 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, ...)
+	TODO: check
+CVE-2024-5083 (A storedCross-site Scripting vulnerability has been discovered in Sona ...)
+	TODO: check
+CVE-2024-5082 (A Remote Code Execution vulnerability has been discovered in Sonatype  ...)
+	TODO: check
+CVE-2024-51027 (Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command e ...)
+	TODO: check
+CVE-2024-50956 (A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM4 ...)
+	TODO: check
+CVE-2024-50955 (An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protoc ...)
+	TODO: check
+CVE-2024-45879 (The file upload function in the "QWKalkulation" tool of baltic-it TOPq ...)
+	TODO: check
+CVE-2024-45878 (The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed  ...)
+	TODO: check
+CVE-2024-45877 (baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Acces ...)
+	TODO: check
+CVE-2024-45876 (The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in vers ...)
+	TODO: check
+CVE-2024-45875 (The create user function in baltic-it TOPqw Webportal 1.35.287.1 (fixe ...)
+	TODO: check
+CVE-2024-41167 (Improper input validation in UEFI firmware in some Intel(R) Server Boa ...)
+	TODO: check
+CVE-2024-40885 (Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIO ...)
+	TODO: check
+CVE-2024-40410 (Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered  ...)
+	TODO: check
+CVE-2024-40408 (Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered  ...)
+	TODO: check
+CVE-2024-40407 (A full path disclosure in Cybele Software Thinfinity Workspace before  ...)
+	TODO: check
+CVE-2024-40405 (Incorrect access control in Cybele Software Thinfinity Workspace befor ...)
+	TODO: check
+CVE-2024-40404 (Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered  ...)
+	TODO: check
+CVE-2024-39811 (Improper input validation in firmware for some Intel(R) Server M20NTP  ...)
+	TODO: check
+CVE-2024-39766 (Improper neutralization of special elements used in SQL command in som ...)
+	TODO: check
+CVE-2024-39609 (Improper Access Control in UEFI firmware for some Intel(R) Server Boar ...)
+	TODO: check
+CVE-2024-39368 (Improper neutralization of special elements used in an SQL command ('S ...)
+	TODO: check
+CVE-2024-39285 (Improper access control in UEFI firmware in some Intel(R) Server M20NT ...)
+	TODO: check
+CVE-2024-38668 (Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard E ...)
+	TODO: check
+CVE-2024-38665 (Out-of-bounds write in some Intel(R) Graphics Drivers may allow an aut ...)
+	TODO: check
+CVE-2024-38660 (Protection mechanism failure in the SPP for some Intel(R) Xeon(R) proc ...)
+	TODO: check
+CVE-2024-38387 (Uncontrolled search path in the Intel(R) Graphics Driver installers fo ...)
+	TODO: check
+CVE-2024-38383 (Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Editio ...)
+	TODO: check
+CVE-2024-37027 (Improper Input validation in some Intel(R) VTune(TM) Profiler software ...)
+	TODO: check
+CVE-2024-37025 (Incorrect execution-assigned permissions in some Intel(R) Advanced Lin ...)
+	TODO: check
+CVE-2024-37024 (Uncontrolled search path for some ACAT software maintained by Intel(R) ...)
+	TODO: check
+CVE-2024-36488 (Improper Access Control in some Intel(R) DSA before version 24.3.26.8  ...)
+	TODO: check
+CVE-2024-36482 (Improper input validation in some Intel(R) CIP software before version ...)
+	TODO: check
+CVE-2024-36294 (Insecure inherited permissions for some Intel(R) DSA software before v ...)
+	TODO: check
+CVE-2024-36284 (Improper input validation in some Intel(R) Neural Compressor software  ...)
+	TODO: check
+CVE-2024-36282 (Improper input validation in the Intel(R) Server Board S2600ST Family  ...)
+	TODO: check
+CVE-2024-36276 (Insecure inherited permissions for some Intel(R) CIP software before v ...)
+	TODO: check
+CVE-2024-36275 (NULL pointer dereference in some Intel(R) Optane(TM) PMem Management s ...)
+	TODO: check
+CVE-2024-36253 (Uncontrolled search path in the Intel(R) SDP Tool for Windows software ...)
+	TODO: check
+CVE-2024-36245 (Uncontrolled search path element in some Intel(R) VTune(TM) Profiler s ...)
+	TODO: check
+CVE-2024-36242 (Protection mechanism failure in the SPP for some Intel(R) Processors m ...)
+	TODO: check
+CVE-2024-35245 (Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi ...)
+	TODO: check
+CVE-2024-35201 (Incorrect default permissions in the Intel(R) SDP Tool for Windows sof ...)
+	TODO: check
+CVE-2024-34776 (Out-of-bounds write in some Intel(R) SGX SDK software may allow an aut ...)
+	TODO: check
+CVE-2024-34170 (Improper buffer restrictions in some Intel(R) Graphics Drivers may all ...)
+	TODO: check
+CVE-2024-34167 (Uncontrolled search path for the Intel(R) Server Board S2600ST Family  ...)
+	TODO: check
+CVE-2024-34165 (Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler be ...)
+	TODO: check
+CVE-2024-34164 (Uncontrolled search path element in some Intel(R) MAS software before  ...)
+	TODO: check
+CVE-2024-34028 (Uncontrolled search path in some Intel(R) Graphics Offline Compiler fo ...)
+	TODO: check
+CVE-2024-34023 (Untrusted pointer dereference in some Intel(R) Graphics Drivers may al ...)
+	TODO: check
+CVE-2024-34022 (Improper Access Control in some Thunderbolt(TM) Share software before  ...)
+	TODO: check
+CVE-2024-33624 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...)
+	TODO: check
+CVE-2024-33617 (Insufficient control flow management in some Intel(R) QAT Engine for O ...)
+	TODO: check
+CVE-2024-33611 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...)
+	TODO: check
+CVE-2024-32667 (Out-of-bounds read for some OpenCL(TM) software may allow an authentic ...)
+	TODO: check
+CVE-2024-32485 (Improper Input Validation in some Intel(R) VROC software before versio ...)
+	TODO: check
+CVE-2024-32483 (Improper access control for some Intel(R) EMA software before version  ...)
+	TODO: check
+CVE-2024-32048 (Improper input validation in the Intel(R) Distribution of OpenVINO(TM) ...)
+	TODO: check
+CVE-2024-32044 (Improper access control for some Intel(R) Arc(TM) Pro Graphics for Win ...)
+	TODO: check
+CVE-2024-31407 (Uncontrolled search path in some Intel(R) High Level Synthesis Compile ...)
+	TODO: check
+CVE-2024-31158 (Improper input validation in UEFI firmware in some Intel(R) Server Boa ...)
+	TODO: check
+CVE-2024-31154 (Improper input validation in UEFI firmware for some Intel(R) Server S2 ...)
+	TODO: check
+CVE-2024-31074 (Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL  ...)
+	TODO: check
+CVE-2024-29085 (Improper access control for some BigDL software maintained by Intel(R) ...)
+	TODO: check
+CVE-2024-29083 (Incorrect default permissions in some Intel(R) Distribution for Python ...)
+	TODO: check
+CVE-2024-29079 (Insufficient control flow management in some Intel(R) VROC software be ...)
+	TODO: check
+CVE-2024-29077 (Improper access control in some JAM STAPL Player software before versi ...)
+	TODO: check
+CVE-2024-29076 (Uncaught exception for some Intel(R) CST software before version 8.7.1 ...)
+	TODO: check
+CVE-2024-28952 (Uncontrolled search path for some Intel(R) IPP software for Windows be ...)
+	TODO: check
+CVE-2024-28950 (Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library  ...)
+	TODO: check
+CVE-2024-28885 (Observable discrepancy in some Intel(R) QAT Engine for OpenSSL softwar ...)
+	TODO: check
+CVE-2024-28881 (Uncontrolled search path for some Intel(R) Fortran Compiler Classic so ...)
+	TODO: check
+CVE-2024-28169 (Cleartext transmission of sensitive information for some BigDL softwar ...)
+	TODO: check
+CVE-2024-28051 (Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 ...)
+	TODO: check
+CVE-2024-28049 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+	TODO: check
+CVE-2024-28030 (NULL pointer dereference in some Intel(R) VPL software before version  ...)
+	TODO: check
+CVE-2024-28028 (Improper input validation in some Intel(R) Neural Compressor software  ...)
+	TODO: check
+CVE-2024-27200 (Improper access control in some Intel(R) Granulate(TM) software before ...)
+	TODO: check
+CVE-2024-26017 (Uncontrolled search path in some Intel(R) Rendering Toolkit software b ...)
+	TODO: check
+CVE-2024-25647 (Incorrect default permissions for some Intel(R) Binary Configuration T ...)
+	TODO: check
+CVE-2024-25565 (Insufficient control flow management in UEFI firmware for some Intel(R ...)
+	TODO: check
+CVE-2024-25563 (Improper initialization in firmware for some Intel(R) PROSet/Wireless  ...)
+	TODO: check
+CVE-2024-24985 (Exposure of resource to wrong sphere in some Intel(R) processors with  ...)
+	TODO: check
+CVE-2024-24984 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
+	TODO: check
+CVE-2024-23919 (Improper buffer restrictions in some Intel(R) Graphics software may al ...)
+	TODO: check
+CVE-2024-23918 (Improper conditions check in some Intel(R) Xeon(R) processor memory co ...)
+	TODO: check
+CVE-2024-23312 (Uncontrolled search path for some Intel(R) Binary Configuration Tool s ...)
+	TODO: check
+CVE-2024-23198 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+	TODO: check
+CVE-2024-22185 (Time-of-check Time-of-use Race Condition in some Intel(R) processors w ...)
+	TODO: check
+CVE-2024-21853 (Improper finite state machines (FSMs) in the hardware logic in some 4t ...)
+	TODO: check
+CVE-2024-21850 (Sensitive information in resource not removed before reuse in some Int ...)
+	TODO: check
+CVE-2024-21820 (Incorrect default permissions in some Intel(R) Xeon(R) processor memor ...)
+	TODO: check
+CVE-2024-21808 (Improper buffer restrictions in some Intel(R) VPL software before vers ...)
+	TODO: check
+CVE-2024-21799 (Path traversal for some Intel(R) Extension for Transformers software b ...)
+	TODO: check
+CVE-2024-21783 (Integer overflow for some Intel(R) VPL software before version 24.1.4  ...)
+	TODO: check
+CVE-2024-11206 (Unauthorized access vulnerability in the mobile application (com.trans ...)
+	TODO: check
+CVE-2024-11193 (An information disclosure vulnerability exists in Yugabyte Anywhere, w ...)
+	TODO: check
+CVE-2024-10146 (The Simple File List WordPress plugin before 6.1.13 does not sanitise  ...)
+	TODO: check
 CVE-2024-50306 [ATS: Server process can fail to drop privileges]
 	- trafficserver <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
@@ -15,17 +211,17 @@ CVE-2024-50305 [ATS: Valid Host field value can cause crashes]
 	NOTE: https://github.com/apache/trafficserver/issues/8461
 	NOTE: https://github.com/apache/trafficserver/commit/5e39658f7c0bc91613468c9513ba22ede1739d7e (9.2.6-rc0)
 	NOTE: https://github.com/apache/trafficserver/commit/055ca11c2842a64bf7df8d547515670e1a04afc1 (master)
-CVE-2024-52554
+CVE-2024-52554 (Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and ea ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2024-52553
+CVE-2024-52553 (Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2024-52552
+CVE-2024-52552 (Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2024-52551
+CVE-2024-52551 (Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2024-52550
+CVE-2024-52550 (Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, excep ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2024-52549
+CVE-2024-52549 (Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2024-9682 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
@@ -190,7 +386,7 @@ CVE-2024-52268 (Cross-site scripting vulnerability exists in VK All in One Expan
 	NOT-FOR-US: VK All in One Expansion Unit
 CVE-2024-51179 (An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denia ...)
 	NOT-FOR-US: Open5GS
-CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to  ...)
+CVE-2024-51094 (An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged atta ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2024-51093 (Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remot ...)
 	- snipe-it <itp> (bug #1005172)
@@ -712,7 +908,7 @@ CVE-2024-43641 (Windows Registry Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-43640 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2024-43639 (Windows Kerberos Remote Code Execution Vulnerability)
+CVE-2024-43639 (Windows KDC Proxy Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-43638 (Windows USB Video Class System Driver Elevation of Privilege Vulnerabi ...)
 	NOT-FOR-US: Microsoft
@@ -97788,7 +97984,7 @@ CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks
 	NOTE: https://github.com/cure53/DOMPurify/pull/337
 CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack again ...)
 	NOT-FOR-US: JHipster generator-jhipster
-CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script]
+CVE-2023-34049 (The Salt-SSH pre-flight option copies the script to the target at a pr ...)
 	- salt <removed> (bug #1055179)
 	[buster] - salt <end-of-life> (EOL in buster LTS)
 	NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1a2d39f865972da40ca59b3658133668a883973

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1a2d39f865972da40ca59b3658133668a883973
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241114/51372450/attachment.htm>

More information about the debian-security-tracker-commits mailing list