[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 28 08:12:13 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f5f27fe by security tracker role at 2024-11-28T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2024-53860 (sp-php-email-handler is a PHP package for handling contact form submis ...)
+	TODO: check
+CVE-2024-53859 (go-gh is a Go module for interacting with the `gh` utility and the Git ...)
+	TODO: check
+CVE-2024-53858 (The gh cli is GitHub\u2019s official command line tool. A security vul ...)
+	TODO: check
+CVE-2024-53260 (Autolab is a course management service that enables auto-graded progra ...)
+	TODO: check
+CVE-2024-53008 (Inconsistent interpretation of HTTP requests ('HTTP Request/Response S ...)
+	TODO: check
+CVE-2024-46939 (The game extension engine of versions 1.2.7.0 and earlier exposes some ...)
+	TODO: check
+CVE-2024-38658 (There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 an ...)
+	TODO: check
+CVE-2024-38389 (There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and  ...)
+	TODO: check
+CVE-2024-38309 (There are multiple stack-based buffer overflow vulnerabilities in V-SF ...)
+	TODO: check
+CVE-2024-36466 (A bug in the code allows an attacker to sign a forged zbx_session cook ...)
+	TODO: check
+CVE-2024-11933 (Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overfl ...)
+	TODO: check
+CVE-2024-11925 (The JobSearch WP Job Board plugin for WordPress is vulnerable to privi ...)
+	TODO: check
+CVE-2024-11918 (The Image Alt Text plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2024-11803 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds  ...)
+	TODO: check
+CVE-2024-11802 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Bu ...)
+	TODO: check
+CVE-2024-11801 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds  ...)
+	TODO: check
+CVE-2024-11800 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Bu ...)
+	TODO: check
+CVE-2024-11799 (Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Bu ...)
+	TODO: check
+CVE-2024-11798 (Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remo ...)
+	TODO: check
+CVE-2024-11797 (Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remo ...)
+	TODO: check
+CVE-2024-11796 (Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Rem ...)
+	TODO: check
+CVE-2024-11795 (Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overf ...)
+	TODO: check
+CVE-2024-11794 (Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Rem ...)
+	TODO: check
+CVE-2024-11793 (Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Rem ...)
+	TODO: check
+CVE-2024-11792 (Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overf ...)
+	TODO: check
+CVE-2024-11791 (Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Over ...)
+	TODO: check
+CVE-2024-11790 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Over ...)
+	TODO: check
+CVE-2024-11789 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Over ...)
+	TODO: check
+CVE-2024-11787 (Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Over ...)
+	TODO: check
+CVE-2024-10896 (The Logo Slider  WordPress plugin before 4.5.0 does not sanitise and e ...)
+	TODO: check
+CVE-2024-10510 (The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin t ...)
+	TODO: check
+CVE-2024-10493 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+	TODO: check
+CVE-2024-10473 (The Logo Slider  WordPress plugin before 4.5.0 does not sanitise and e ...)
+	TODO: check
 CVE-2024-11738
 	- rust-rustls <not-affected> (Vulnerable code introduced later)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0399.html
@@ -42178,16 +42244,19 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in situ
 CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3 ...)
 	NOT-FOR-US: The Algorithms - C
 CVE-2024-38441 (Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ...)
+	{DLA-3968-1}
 	- netatalk 3.1.18~ds-2 (bug #1074475)
 	NOTE: https://github.com/Netatalk/netatalk/issues/1098
 	NOTE: https://netatalk.io/security/CVE-2024-38441
 	NOTE: https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5 (netatalk-3-2-1)
 CVE-2024-38440 (Netatalk before 3.2.1 has an off-by-one error, and resultant heap-base ...)
+	{DLA-3968-1}
 	- netatalk 3.1.18~ds-2 (bug #1074474)
 	NOTE: https://github.com/Netatalk/netatalk/issues/1097
 	NOTE: https://netatalk.io/security/CVE-2024-38440
 	NOTE: https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5 (netatalk-3-2-1)
 CVE-2024-38439 (Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ...)
+	{DLA-3968-1}
 	- netatalk 3.1.18~ds-2 (bug #1074473)
 	NOTE: https://github.com/Netatalk/netatalk/issues/1096
 	NOTE: https://netatalk.io/security/CVE-2024-38439
@@ -152712,7 +152781,7 @@ CVE-2023-0144 (The Event Manager and Tickets Selling Plugin for WooCommerce Word
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0143 (The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does n ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0142 (Uncontrolled search path element vulnerability in Backup Management Fu ...)
+CVE-2023-0142 (Uncontrolled search path element vulnerability in Backup Management fu ...)
 	NOT-FOR-US: Synology
 CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior to 109. ...)
 	{DSA-5317-1}
@@ -233050,7 +233119,7 @@ CVE-2022-22997 (Addressed a remote code execution vulnerability by resolving a c
 CVE-2022-22996 (The G-RAID 4/8 Software Utility setups for Windows were affected by a  ...)
 	NOT-FOR-US: Western Digital Windows setup
 CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their default  ...)
-	{DLA-3706-1}
+	{DLA-3968-1 DLA-3706-1}
 	- netatalk 3.1.18~ds-1 (bug #1053545)
 	NOTE: https://netatalk.sourceforge.io/CVE-2022-22995.php
 	NOTE: https://github.com/Netatalk/netatalk/pull/509
@@ -475004,15 +475073,15 @@ CVE-2018-9379
 	RESERVED
 CVE-2018-9378
 	RESERVED
-CVE-2018-9377
-	RESERVED
+CVE-2018-9377 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there  ...)
+	TODO: check
 CVE-2018-9376
 	RESERVED
 	NOT-FOR-US: Android
 CVE-2018-9375
 	RESERVED
-CVE-2018-9374
-	RESERVED
+CVE-2018-9374 (In installPackageLI of PackageManagerService.java, there is a possible ...)
+	TODO: check
 CVE-2018-9373
 	RESERVED
 CVE-2018-9372 (In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out  ...)
@@ -475052,18 +475121,18 @@ CVE-2018-9356 (In bnep_data_ind of bnep_main.c, there is a possible remote code
 	NOT-FOR-US: Android
 CVE-2018-9355 (In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of boun ...)
 	NOT-FOR-US: Android
-CVE-2018-9354
-	RESERVED
-CVE-2018-9353
-	RESERVED
-CVE-2018-9352
-	RESERVED
-CVE-2018-9351
-	RESERVED
-CVE-2018-9350
-	RESERVED
-CVE-2018-9349
-	RESERVED
+CVE-2018-9354 (In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is  ...)
+	TODO: check
+CVE-2018-9353 (In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible ...)
+	TODO: check
+CVE-2018-9352 (In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible re ...)
+	TODO: check
+CVE-2018-9351 (In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possi ...)
+	TODO: check
+CVE-2018-9350 (In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of  ...)
+	TODO: check
+CVE-2018-9349 (In mv_err_cost of mcomp.c there is a possible out of bounds read due t ...)
+	TODO: check
 CVE-2018-9348 (In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overfl ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2018-9347 (In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect in ...)
@@ -513870,17 +513939,14 @@ CVE-2017-13325
 	RESERVED
 CVE-2017-13324
 	RESERVED
-CVE-2017-13323
-	RESERVED
+CVE-2017-13323 (In String16 of String16.cpp, there is a possible out of bounds write d ...)
 	NOT-FOR-US: Android
 CVE-2017-13322
 	RESERVED
 	NOT-FOR-US: Android
-CVE-2017-13321
-	RESERVED
+CVE-2017-13321 (In SensorService::isDataInjectionEnabled offrameworks/native/services/ ...)
 	NOT-FOR-US: Android
-CVE-2017-13320
-	RESERVED
+CVE-2017-13320 (In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB r ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2017-13319 (In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is  ...)
 	NOT-FOR-US: Android Media Framework



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f5f27fec415a546c9244bf1fe23aa6800e1293f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f5f27fec415a546c9244bf1fe23aa6800e1293f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241128/c83283e3/attachment.htm>

More information about the debian-security-tracker-commits mailing list