[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 28 08:12:01 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5353f1b2 by security tracker role at 2024-10-28T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,52 @@
-CVE-2024-50067 [uprobe: avoid out-of-bounds memory access of fetching args]
+CVE-2024-9162 (The All-in-One WP Migration and Backup plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-50624 (ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle at ...)
+ TODO: check
+CVE-2024-50623 (In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom ...)
+ TODO: check
+CVE-2024-50616 (Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated ...)
+ TODO: check
+CVE-2024-50615 (TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, ...)
+ TODO: check
+CVE-2024-50614 (TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, tha ...)
+ TODO: check
+CVE-2024-50613 (libsndfile through 1.2.2 has a reachable assertion, that may lead to a ...)
+ TODO: check
+CVE-2024-50612 (libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out ...)
+ TODO: check
+CVE-2024-50611 (CycloneDX cdxgen through 10.10.7, when run against an untrusted codeba ...)
+ TODO: check
+CVE-2024-50610 (GSL (GNU Scientific Library) through 2.8 has an integer signedness err ...)
+ TODO: check
+CVE-2024-50307 (Use of potentially dangerous function issue exists in Chatwork Desktop ...)
+ TODO: check
+CVE-2024-38821 (Spring WebFlux applications that have Spring Security authorization ru ...)
+ TODO: check
+CVE-2024-23843 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-10440 (The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing ...)
+ TODO: check
+CVE-2024-10439 (The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDO ...)
+ TODO: check
+CVE-2024-10438 (The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, ...)
+ TODO: check
+CVE-2024-10435 (A vulnerability was found in didi Super-Jacoco 1.0. It has been declar ...)
+ TODO: check
+CVE-2024-10434 (A vulnerability was found in Tenda AC1206 up to 20241027. It has been ...)
+ TODO: check
+CVE-2024-10433 (A vulnerability was found in Project Worlds Simple Web-Based Chat Appl ...)
+ TODO: check
+CVE-2024-10432 (A vulnerability has been found in Project Worlds Simple Web-Based Chat ...)
+ TODO: check
+CVE-2024-10431 (A vulnerability, which was classified as critical, was found in Codezi ...)
+ TODO: check
+CVE-2024-10430 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-10429 (A vulnerability classified as critical has been found in WAVLINK WN530 ...)
+ TODO: check
+CVE-2024-10428 (A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up ...)
+ TODO: check
+CVE-2024-50067 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/373b9338c9722a368925d83bc622c596896b328e (6.12-rc5)
CVE-2024-10427 (A vulnerability was found in Codezips Pet Shop Management System 1.0. ...)
@@ -641,7 +689,7 @@ CVE-2024-0126 (NVIDIA GPU Display Driver for Windows and Linux contains a vulner
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1085976)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5586
-CVE-2024-48936
+CVE-2024-48936 (SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in ...)
- slurm-wlm <unfixed> (bug #1086003)
[bookworm] - slurm-wlm <not-affected> (Vulnerable code introduced later)
[bullseye] - slurm-wlm <not-affected> (Vulnerable code introduced later)
@@ -935,12 +983,15 @@ CVE-2024-31029 (An issue in the server_handle_regular function of the test_coap_
CVE-2024-26519 (An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a ...)
NOT-FOR-US: Casa Systems NTC-221
CVE-2024-10231 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a ...)
+ {DSA-5799-1}
- chromium 130.0.6723.69-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-10230 (Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a ...)
+ {DSA-5799-1}
- chromium 130.0.6723.69-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-10229 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-5799-1}
- chromium 130.0.6723.69-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-10045 (The Transients Manager plugin for WordPress is vulnerable to Cross-Sit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5353f1b281ca71122fd9ccca8174d2eb9a19044e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5353f1b281ca71122fd9ccca8174d2eb9a19044e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241028/f5c7a6dc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list