[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 27 08:12:20 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
431abe7c by security tracker role at 2024-11-27T08:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto Networ ...)
+	TODO: check
+CVE-2024-53849 (editorconfig-core-c  is  theEditorConfig core library written in C (fo ...)
+	TODO: check
+CVE-2024-53676 (A directory traversal vulnerability in Hewlett Packard Enterprise Insi ...)
+	TODO: check
+CVE-2024-53675 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...)
+	TODO: check
+CVE-2024-53674 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...)
+	TODO: check
+CVE-2024-53673 (A java deserialization vulnerability in HPE Remote Insight Support all ...)
+	TODO: check
+CVE-2024-52959 (A Improper Control of Generation of Code ('Code Injection') vulnerabil ...)
+	TODO: check
+CVE-2024-52958 (A improper verification of cryptographic signature vulnerability in pl ...)
+	TODO: check
+CVE-2024-50942 (qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2024-43784 (lakeFS is an open-source tool that transforms object storage into a Gi ...)
+	TODO: check
+CVE-2024-36467 (An authenticated user with API access (e.g.: user with default User ro ...)
+	TODO: check
+CVE-2024-11820 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-11819 (A vulnerability classified as critical was found in 1000 Projects Port ...)
+	TODO: check
+CVE-2024-11818 (A vulnerability classified as critical has been found in PHPGurukul Us ...)
+	TODO: check
+CVE-2024-11817 (A vulnerability was found in PHPGurukul User Registration & Login and  ...)
+	TODO: check
+CVE-2024-11745 (A vulnerability was found in Tenda AC8 16.03.34.09 and classified as c ...)
+	TODO: check
+CVE-2024-11744 (A vulnerability has been found in 1000 Projects Portfolio Management S ...)
+	TODO: check
+CVE-2024-11622 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...)
+	TODO: check
+CVE-2024-11219 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...)
+	TODO: check
+CVE-2024-11083 (The ProfilePress plugin for WordPress is vulnerable to Sensitive Infor ...)
+	TODO: check
+CVE-2024-10895 (The Counter Up \u2013 Animated Number Counter & Milestone Showcase plu ...)
+	TODO: check
+CVE-2024-10580 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plu ...)
+	TODO: check
+CVE-2024-10175 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
+	TODO: check
 CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated user to ...)
 	NOT-FOR-US: Hitachi Energy
 CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not restrict ex ...)
@@ -8632,7 +8678,7 @@ CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a ma
 CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to 1.0.12 ar ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling crafted  ...)
-	{DSA-5811-1}
+	{DSA-5811-1 DLA-3967-1}
 	- mpg123 1.32.8-1 (bug #1086443)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
 	NOTE: https://sourceforge.net/p/mpg123/bugs/322/
@@ -13258,7 +13304,7 @@ CVE-2024-9444 (The ElementsReady Addons for Elementor plugin for WordPress is vu
 CVE-2024-9348 (Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source ...)
 	NOT-FOR-US: Docker Desktop
 CVE-2024-9143 (Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with u ...)
-	{DLA-3942-1}
+	{DLA-3942-2 DLA-3942-1}
 	[experimental] - openssl 3.4.0-1
 	- openssl 3.3.2-2 (bug #1085378)
 	[bookworm] - openssl 3.0.15-1~deb12u1
@@ -38888,7 +38934,7 @@ CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modi
 	- krb5 1.21.3-1
 	NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final)
 CVE-2024-5535 (Issue summary: Calling the OpenSSL API function SSL_select_next_proto  ...)
-	{DLA-3942-1}
+	{DLA-3942-2 DLA-3942-1}
 	- openssl 3.3.2-1 (bug #1074487)
 	[bookworm] - openssl 3.0.15-1~deb12u1
 	NOTE: https://www.openssl.org/news/secadv/20240627.txt
@@ -47440,7 +47486,7 @@ CVE-2023-35949 (Multiple stack-based buffer overflow vulnerabilities exist in th
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
 	NOTE: https://github.com/libigl/libigl/issues/2387
 CVE-2024-4741 (Issue summary: Calling the OpenSSL API function SSL_free_buffers may c ...)
-	{DLA-3942-1}
+	{DLA-3942-2 DLA-3942-1}
 	- openssl 3.2.2-1 (bug #1072113)
 	[bookworm] - openssl 3.0.14-1~deb12u1
 	[buster] - openssl <postponed> (Minor issue, fix along with next update round)
@@ -67133,7 +67179,7 @@ CVE-2024-26811 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.8.9-1
 	NOTE: https://git.kernel.org/linus/a677ebd8ca2f2632ccdecbad7b87641274e15aac (6.9-rc3)
 CVE-2024-2511 (Issue summary: Some non-default TLS server configurations can cause un ...)
-	{DLA-3942-1}
+	{DLA-3942-2 DLA-3942-1}
 	[experimental] - openssl 3.3.0-1
 	- openssl 3.2.2-1 (bug #1068658)
 	[bookworm] - openssl 3.0.14-1~deb12u1
@@ -86155,7 +86201,7 @@ CVE-2023-33757 (A lack of SSL certificate validation in Splicecom iPCS (iOS App)
 CVE-2024-0822 (An authentication bypass vulnerability was found in overt-engine. This ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2024-0727 (Issue summary: Processing a maliciously formatted PKCS12 file may lead ...)
-	{DLA-3942-1}
+	{DLA-3942-2 DLA-3942-1}
 	- openssl 3.1.5-1 (bug #1061582)
 	[bookworm] - openssl 3.0.13-1~deb12u1
 	[buster] - openssl <postponed> (Minor issue, DoS, Low severity)
@@ -102783,7 +102829,7 @@ CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's Li
 	[bookworm] - linux 6.1.64-1
 	NOTE: https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7)
 CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or checking e ...)
-	{DLA-3942-1}
+	{DLA-3942-2 DLA-3942-1}
 	- openssl 3.0.12-2 (bug #1055473)
 	[bookworm] - openssl 3.0.13-1~deb12u1
 	[buster] - openssl <postponed> (Minor issue; can be fixed along with future update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431abe7c2cce16d9dc878bd211d813fe619aa6df

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/431abe7c2cce16d9dc878bd211d813fe619aa6df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241127/67dd817a/attachment.htm>

More information about the debian-security-tracker-commits mailing list