[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 10 21:12:45 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c241ff1f by security tracker role at 2024-10-10T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,67 +1,197 @@
-CVE-2024-47673 [wifi: iwlwifi: mvm: pause TCM when the firmware is stopped]
+CVE-2024-9810 (A vulnerability was found in SourceCodester Record Management System 1 ...)
+ TODO: check
+CVE-2024-9809 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...)
+ TODO: check
+CVE-2024-9808 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...)
+ TODO: check
+CVE-2024-9807 (A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and ...)
+ TODO: check
+CVE-2024-9806 (A vulnerability has been found in Craig Rodway Classroombookings up to ...)
+ TODO: check
+CVE-2024-9805 (A vulnerability was found in code-projects Blood Bank System 1.0. It h ...)
+ TODO: check
+CVE-2024-9804 (A vulnerability was found in code-projects Blood Bank System 1.0. It h ...)
+ TODO: check
+CVE-2024-9803 (A vulnerability was found in code-projects Blood Bank Management Syste ...)
+ TODO: check
+CVE-2024-9799 (A vulnerability has been found in SourceCodester Profile Registration ...)
+ TODO: check
+CVE-2024-9797 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2024-9794 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-9793 (A vulnerability classified as critical was found in Tenda AC1206 up to ...)
+ TODO: check
+CVE-2024-9792 (A vulnerability classified as problematic has been found in D-Link DSL ...)
+ TODO: check
+CVE-2024-9790 (A vulnerability was found in LyLme_spage 1.9.5. It has been classified ...)
+ TODO: check
+CVE-2024-9789 (A vulnerability was found in LyLme_spage 1.9.5 and classified as criti ...)
+ TODO: check
+CVE-2024-9788 (A vulnerability has been found in LyLme_spage 1.9.5 and classified as ...)
+ TODO: check
+CVE-2024-9787 (A vulnerability, which was classified as problematic, was found in Con ...)
+ TODO: check
+CVE-2024-9786 (A vulnerability, which was classified as critical, has been found in D ...)
+ TODO: check
+CVE-2024-9785 (A vulnerability classified as critical was found in D-Link DIR-619L B1 ...)
+ TODO: check
+CVE-2024-9784 (A vulnerability classified as critical has been found in D-Link DIR-61 ...)
+ TODO: check
+CVE-2024-9783 (A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rate ...)
+ TODO: check
+CVE-2024-9782 (A vulnerability was found in D-Link DIR-619L B1 2.06. It has been decl ...)
+ TODO: check
+CVE-2024-9623 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
+CVE-2024-9596 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2024-9312 (Authd, through version 0.3.6, did not sufficiently randomize user IDs ...)
+ TODO: check
+CVE-2024-9201 (The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to tim ...)
+ TODO: check
+CVE-2024-8977 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2024-6530 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
+ TODO: check
+CVE-2024-6157 (An attacker who successfully exploited these vulnerabilities could cau ...)
+ TODO: check
+CVE-2024-4658 (SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allo ...)
+ TODO: check
+CVE-2024-48902 (In JetBrains YouTrack before 2024.3.46677 improper access control allo ...)
+ TODO: check
+CVE-2024-47966 (Delta Electronics CNCSoft-G2 lacks proper initialization of memory pri ...)
+ TODO: check
+CVE-2024-47965 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied ...)
+ TODO: check
+CVE-2024-47964 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...)
+ TODO: check
+CVE-2024-47963 (Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied ...)
+ TODO: check
+CVE-2024-47962 (Delta Electronics CNCSoft-G2 lacks proper validation of the length of ...)
+ TODO: check
+CVE-2024-47648 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in E ...)
+ TODO: check
+CVE-2024-47636 (Deserialization of Untrusted Data vulnerability in Eyecix JobSearch al ...)
+ TODO: check
+CVE-2024-47354 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in s ...)
+ TODO: check
+CVE-2024-45149 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45148 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45135 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45134 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45133 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45132 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45131 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45130 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45129 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45128 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45127 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45125 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45124 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45123 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45122 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45121 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45120 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45119 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45118 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45117 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45116 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-45115 (Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and ea ...)
+ TODO: check
+CVE-2024-44711
+ REJECTED
+CVE-2024-36051 (In btcd before 0.24.2, removeOpcodeByData mishandles the consensus rul ...)
+ TODO: check
+CVE-2024-35202 (Bitcoin Core before 25.0 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2024-22068 (Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S serie ...)
+ TODO: check
+CVE-2024-47673 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.12-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/0668ebc8c2282ca1e7eb96092a347baefffb5fe7 (6.11-rc6)
-CVE-2024-47672 [wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead]
+CVE-2024-47672 (In the Linux kernel, the following vulnerability has been resolved: w ...)
- linux 6.10.12-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1 (6.11-rc6)
-CVE-2024-47671 [USB: usbtmc: prevent kernel-usb-infoleak]
+CVE-2024-47671 (In the Linux kernel, the following vulnerability has been resolved: U ...)
- linux 6.10.12-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/625fa77151f00c1bd00d34d60d6f2e710b3f9aad (6.12-rc1)
-CVE-2024-47670 [ocfs2: add bounds checking to ocfs2_xattr_find_entry()]
+CVE-2024-47670 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.10.12-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/9e3041fecdc8f78a5900c3aa51d3d756e73264d6 (6.11-rc1)
-CVE-2024-47669 [nilfs2: fix state management in error path of log writing function]
+CVE-2024-47669 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.10.11-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/6576dd6695f2afca3f4954029ac4a64f82ba60ab (6.11-rc7)
-CVE-2024-47668 [lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()]
+CVE-2024-47668 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.10.11-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/b2f11c6f3e1fc60742673b8675c95b78447f3dae (6.11-rc4)
-CVE-2024-47667 [PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)]
+CVE-2024-47667 (In the Linux kernel, the following vulnerability has been resolved: P ...)
- linux 6.10.11-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/86f271f22bbb6391410a07e08d6ca3757fda01fa (6.11-rc1)
-CVE-2024-47666 [scsi: pm80xx: Set phy->enable_completion only when we wait for it]
+CVE-2024-47666 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea (6.11-rc1)
-CVE-2024-47665 [i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup]
+CVE-2024-47665 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.10.11-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/8a2be2f1db268ec735419e53ef04ca039fc027dc (6.11-rc1)
-CVE-2024-47664 [spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware]
+CVE-2024-47664 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.11-1
NOTE: https://git.kernel.org/linus/5127c42c77de18651aa9e8e0a3ced190103b449c (6.11-rc3)
-CVE-2024-47663 [staging: iio: frequency: ad9834: Validate frequency parameter value]
+CVE-2024-47663 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.11-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/b48aa991758999d4e8f9296c5bbe388f293ef465 (6.11-rc7)
-CVE-2024-47662 [drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection]
+CVE-2024-47662 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/466423c6dd8af23ebb3a69d43434d01aed0db356 (6.11-rc1)
-CVE-2024-47661 [drm/amd/display: Avoid overflow from uint32_t to uint8_t]
+CVE-2024-47661 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/d6b54900c564e35989cf6813e4071504fa0a90e0 (6.11-rc1)
-CVE-2024-47660 [fsnotify: clear PARENT_WATCHED flags lazily]
+CVE-2024-47660 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.10.9-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/172e422ffea20a89bfdc672741c1aad6fbb5044e (6.11-rc1)
-CVE-2024-47659 [smack: tcp: ipv4, fix incorrect labeling]
+CVE-2024-47659 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.10.9-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550 (6.11-rc1)
-CVE-2024-47658 [crypto: stm32/cryp - call finalize with bh disabled]
+CVE-2024-47658 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce (6.11-rc1)
-CVE-2024-46871 [drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX]
+CVE-2024-46871 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
[bookworm] - linux 6.1.112-1
NOTE: https://git.kernel.org/linus/ad28d7c3d989fc5689581664653879d664da76f0 (6.11-rc1)
-CVE-2024-46870 [drm/amd/display: Disable DMCUB timeout for DCN35]
+CVE-2024-46870 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.10.9-1
NOTE: https://git.kernel.org/linus/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f (6.11-rc1)
CVE-2024-9683
@@ -157,6 +287,7 @@ CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG befo
- lemonldap-ng <unfixed>
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232
CVE-2024-9680 (An attacker was able to achieve code execution in the content process ...)
+ {DSA-5788-1}
- firefox 131.0.2-1
- firefox-esr 128.3.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
@@ -241,7 +372,7 @@ CVE-2024-8014 (In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.
NOT-FOR-US: Progress Telerik
CVE-2024-7963 (The CMSMasters Content Composer plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-7840 (In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), ...)
+CVE-2024-7840 (In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), ...)
NOT-FOR-US: Progress Telerik
CVE-2024-7612 (Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local auth ...)
NOT-FOR-US: Ivanti
@@ -365,7 +496,7 @@ CVE-2024-46316 (DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command i
NOT-FOR-US: DrayTek
CVE-2024-46307 (A loop hole in the payment logic of Sparkshop v1.16 allows attackers t ...)
NOT-FOR-US: Sparkshop
-CVE-2024-46304 (A Buffer Overflow vulnerability in libcoap v4.3.5-rc2 and below allows ...)
+CVE-2024-46304 (A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a re ...)
- libcoap3 <unfixed>
- libcoap2 <removed>
- libcoap <removed>
@@ -2204,7 +2335,8 @@ CVE-2024-47396 (Improper Neutralization of Input During Web Page Generation (XSS
NOT-FOR-US: WordPress plugin
CVE-2024-47295 (Insecure initial password configuration issue in SEIKO EPSON Web Confi ...)
NOT-FOR-US: EIKO
-CVE-2024-46503 (An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 a ...)
+CVE-2024-46503
+ REJECTED
NOT-FOR-US: Simple-Spellchecker
CVE-2024-45073 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored c ...)
NOT-FOR-US: IBM
@@ -11634,6 +11766,7 @@ CVE-2024-42309 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/2df7aac81070987b0f052985856aa325a38debf6 (6.11-rc1)
CVE-2024-42308
REJECTED
+ {DLA-3912-1}
CVE-2024-42307 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux 6.10.3-1
[bookworm] - linux 6.1.106-1
@@ -129372,8 +129505,8 @@ CVE-2023-25583 (Two OS command injection vulnerabilities exist in the zebra vlan
NOT-FOR-US: Milesight UR32L
CVE-2023-25582 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...)
NOT-FOR-US: Milesight UR32L
-CVE-2023-25581
- RESERVED
+CVE-2023-25581 (pac4j is a security framework for Java. `pac4j-core` prior to version ...)
+ TODO: check
CVE-2023-25580
RESERVED
CVE-2023-25579 (Nextcloud server is a self hosted home cloud product. In affected vers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c241ff1f8c810ec5ccbd93759f78c29717f57179
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c241ff1f8c810ec5ccbd93759f78c29717f57179
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241010/c35de377/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list