[Git][security-tracker-team/security-tracker][master] automatic update

Mon Sep 2 21:12:44 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d1f4edf by security tracker role at 2024-09-02T20:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,96 @@
-CVE-2024-44947 [fuse: Initialize beyond-EOF page contents before setting uptodate]
+CVE-2024-8004 (A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Col ...)
+	TODO: check
+CVE-2024-7939 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in  ...)
+	TODO: check
+CVE-2024-7938 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...)
+	TODO: check
+CVE-2024-7932 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...)
+	TODO: check
+CVE-2024-6921 (Cleartext Storage of Sensitive Information vulnerability in NAC Teleco ...)
+	TODO: check
+CVE-2024-6920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-6919 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2024-45622 (ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3 ...)
+	TODO: check
+CVE-2024-45621 (The Electron desktop application of Rocket.Chat through 6.3.4 allows s ...)
+	TODO: check
+CVE-2024-45388 (Hoverfly is a lightweight service virtualization/ API simulation / API ...)
+	TODO: check
+CVE-2024-45313 (Overleaf is a web-based collaborative LaTeX editor. When installing Se ...)
+	TODO: check
+CVE-2024-45312 (Overleaf is a web-based collaborative LaTeX editor. Overleaf Community ...)
+	TODO: check
+CVE-2024-45311 (Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ...)
+	TODO: check
+CVE-2024-45308 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
+	TODO: check
+CVE-2024-45306 (Vim is an open source, command line text editor. Patch v9.1.0038 optim ...)
+	TODO: check
+CVE-2024-45305 (gix-path is a crate of the gitoxide project dealing with git paths and ...)
+	TODO: check
+CVE-2024-43801 (Jellyfin is an open source self hosted media server. The Jellyfin user ...)
+	TODO: check
+CVE-2024-43797 (audiobookshelf is a self-hosted audiobook and podcast server. A non-ad ...)
+	TODO: check
+CVE-2024-43792 (Halo is an open source website building tool. A security vulnerability ...)
+	TODO: check
+CVE-2024-42471 (actions/artifact is the GitHub ToolKit for developing GitHub Actions.  ...)
+	TODO: check
+CVE-2024-38858 (Improper neutralization of input in Checkmk before version 2.3.0p14 al ...)
+	TODO: check
+CVE-2024-38402 (Memory corruption while processing IOCTL call for getting group info.)
+	TODO: check
+CVE-2024-38401 (Memory corruption while processing concurrent IOCTL calls.)
+	TODO: check
+CVE-2024-33060 (Memory corruption when two threads try to map and unmap a single node  ...)
+	TODO: check
+CVE-2024-33057 (Transient DOS while parsing the multi-link element Control field when  ...)
+	TODO: check
+CVE-2024-33054 (Memory corruption during the handshake between the Primary Virtual Mac ...)
+	TODO: check
+CVE-2024-33052 (Memory corruption when user provides data for FM HCI command control o ...)
+	TODO: check
+CVE-2024-33051 (Transient DOS while processing TIM IE from beacon frame as there is no ...)
+	TODO: check
+CVE-2024-33050 (Transient DOS while parsing MBSSID during new IE generation in beacon/ ...)
+	TODO: check
+CVE-2024-33048 (Transient DOS while parsing the received TID-to-link mapping element o ...)
+	TODO: check
+CVE-2024-33047 (Memory corruption when the captureRead QDCM command is invoked from us ...)
+	TODO: check
+CVE-2024-33045 (Memory corruption when BTFM client sends new messages over Slimbus to  ...)
+	TODO: check
+CVE-2024-33043 (Transient DOS while handling PS event when Program Service name length ...)
+	TODO: check
+CVE-2024-33042 (Memory corruption when Alternative Frequency offset value is set to 25 ...)
+	TODO: check
+CVE-2024-33038 (Memory corruption while passing untrusted/corrupted pointers from DSP  ...)
+	TODO: check
+CVE-2024-33035 (Memory corruption while calculating total metadata size when a very hi ...)
+	TODO: check
+CVE-2024-33016 (memory corruption when an invalid firehose patch command is invoked.)
+	TODO: check
+CVE-2024-28100 (eLabFTW is an open source electronic lab notebook for research labs. B ...)
+	TODO: check
+CVE-2024-23365 (Memory corruption while releasing shared resources in MinkSocket liste ...)
+	TODO: check
+CVE-2024-23364 (Transient DOS when processing the non-transmitted BSSID profile sub-el ...)
+	TODO: check
+CVE-2024-23362 (Cryptographic issue while parsing RSA keys in COBR format.)
+	TODO: check
+CVE-2024-23359 (Information disclosure while decoding Tracking Area Update Accept or A ...)
+	TODO: check
+CVE-2024-23358 (Transient DOS when registration accept OTA is received with incorrect  ...)
+	TODO: check
+CVE-2024-1621 (The registration process of uniFLOW Online (NT-ware product) apps, pri ...)
+	TODO: check
+CVE-2023-7279 (A vulnerability has been found in Secure Systems Engineering Connaisse ...)
+	TODO: check
+CVE-2020-36830 (A vulnerability was found in nescalante urlregex up to 0.5.0 and class ...)
+	TODO: check
+CVE-2024-44947 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/3c0da3d163eb32f1f91891efaade027fa9b245b9 (6.11-rc4)
 CVE-2024-8370 (A vulnerability classified as problematic was found in Grocy up to 4.2 ...)
@@ -3742,13 +3834,13 @@ CVE-2024-43374 (The UNIX editor Vim prior to version 9.1.0678 has a use-after-fr
 	NOTE: https://github.com/vim/vim/security/GHSA-2w8m-443v-cgvw
 	NOTE: https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 (v9.1.0678)
 CVE-2024-23185
-	{DSA-5752-1}
+	{DSA-5752-1 DLA-3860-1}
 	- dovecot 1:2.3.21.1+dfsg1-1 (bug #1078877)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/08/15/4
 	NOTE: Fixed by: https://github.com/dovecot/core/commit/f020e139c519121d9630a966310ea8e100ee33b7 (2.3.21.1)
 	NOTE: Fixed by: https://github.com/dovecot/core/commit/ce88c33abc37e408592eff70aeefa28f803effb9 (2.3.21.1)
 CVE-2024-23184
-	{DSA-5752-1}
+	{DSA-5752-1 DLA-3860-1}
 	- dovecot 1:2.3.21.1+dfsg1-1 (bug #1078876)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/08/15/3
 	NOTE: Fixed by: https://github.com/dovecot/core/commit/8e4c42dbb3c770fcdbc396f2abcf1bc228ec548d (2.3.21.1)
@@ -25531,7 +25623,7 @@ CVE-2021-47433 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 5.14.16-1
 	[bullseye] - linux 5.10.84-1
 	NOTE: https://git.kernel.org/linus/4afb912f439c4bc4e6a4f3e7547f2e69e354108f (5.15-rc6)
-CVE-2024-5148
+CVE-2024-5148 (A flaw was found in the gnome-remote-desktop package. The gnome-remote ...)
 	[experimental] - gnome-remote-desktop 46.2-1
 	- gnome-remote-desktop <not-affected> (Vulnerable code only in 46 series)
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196
@@ -37683,7 +37775,7 @@ CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition a
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381
 	NOTE: https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f (v2.2.0)
 CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplie ...)
-	{DSA-5677-1}
+	{DSA-5677-1 DLA-3858-1}
 	- ruby3.2 <unfixed> (bug #1069968)
 	- ruby3.1 <unfixed> (bug #1069969)
 	- ruby2.7 <removed>
@@ -48373,7 +48465,7 @@ CVE-2020-36826 (A vulnerability was found in AwesomestCode LiveBot. It has been
 CVE-2020-36825 (** UNSUPPORTED WHEN ASSIGNED ** ** DISPUTED ** A vulnerability has bee ...)
 	NOT-FOR-US: cyberaz0r WebRAT
 CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ...)
-	{DSA-5677-1}
+	{DSA-5677-1 DLA-3858-1}
 	- ruby3.2 <unfixed> (bug #1067802)
 	- ruby3.1 <unfixed> (bug #1067803)
 	- ruby2.7 <removed>
@@ -48382,7 +48474,7 @@ CVE-2024-27281 (An issue was discovered in RDoc 6.3.3 through 6.6.2, as distribu
 	NOTE: https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d (v6.6.3)
 	NOTE: Follow-up: https://github.com/ruby/rdoc/commit/e4a0e71e6f1032f8b4e5e58b4ef60d702c22ce17 (v6.6.3.1)
 CVE-2024-27280 (A buffer-overread issue was discovered in StringIO 3.0.1, as distribut ...)
-	{DSA-5677-1}
+	{DSA-5677-1 DLA-3858-1}
 	- ruby3.2 <not-affected> (Fixed before initial upload to Debian)
 	- ruby3.1 <unfixed> (bug #1069966)
 	- ruby2.7 <removed>
@@ -58991,7 +59083,7 @@ CVE-2023-6516 (To keep its cache database efficient, `named` running as a recurs
 	NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series
 	NOTE: which entered unstable as the fixed version as workaround.
 CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...)
-	{DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3816-1 DLA-3736-1}
+	{DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3859-1 DLA-3816-1 DLA-3736-1}
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
 	- knot-resolver 5.7.1-1
@@ -59039,7 +59131,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4
 	NOTE: https://github.com/dnsjava/dnsjava/commit/07ac36a11578cc1bce0cd8ddf2fe568f062aee78 (v3.6.0)
 	NOTE: https://github.com/dnsjava/dnsjava/commit/3ddc45ce8cdb5c2274e10b7401416f497694e1cf (v3.6.0)
 CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe ...)
-	{DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3816-1 DLA-3736-1}
+	{DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3859-1 DLA-3816-1 DLA-3736-1}
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
 	- knot-resolver 5.7.1-1
@@ -69149,6 +69241,7 @@ CVE-2023-41166 (An issue was discovered in Stormshield Network Security (SNS) 3.
 CVE-2023-7018 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...)
 	NOT-FOR-US: Transformers
 CVE-2023-7008 (A vulnerability was found in systemd-resolved. This issue may allow sy ...)
+	{DLA-3859-1}
 	- systemd 255.1-3 (bug #1059278)
 	[bookworm] - systemd 252.21-1~deb12u1
 	[buster] - systemd <no-dsa> (Minor issue)
@@ -78695,6 +78788,7 @@ CVE-2023-46858 (Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= re
 CVE-2023-46854 (Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxm ...)
 	NOT-FOR-US: Proxmox proxmox-widget-toolkit
 CVE-2023-45897 (exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in ...)
+	{DLA-3861-1}
 	- exfatprogs 1.2.2-1
 	[bookworm] - exfatprogs 1.2.0-1+deb12u1
 	NOTE: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf (1.2.2)
@@ -79998,6 +80092,7 @@ CVE-2023-43624 (CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[]
 CVE-2023-46306 (The web administration interface in NetModule Router Software (NRSW) 4 ...)
 	NOT-FOR-US: NetModule Router Software
 CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py in calib ...)
+	{DLA-3862-1}
 	- calibre 6.19.1-1
 	[bookworm] - calibre 6.13.0+repack-2+deb12u3
 	[buster] - calibre <no-dsa> (Minor issue)
@@ -97046,6 +97141,7 @@ CVE-2023-37254 (An issue was discovered in the Cargo extension for MediaWiki thr
 CVE-2023-37251 (An issue was discovered in the GoogleAnalyticsMetrics extension for Me ...)
 	NOT-FOR-US: MediaWiki extension GoogleAnalyticsMetrics
 CVE-2023-36617 (A ReDoS issue was discovered in the URI component before 0.12.2 for Ru ...)
+	{DLA-3858-1}
 	- rubygems <not-affected> (Incomplete fix never applied)
 	- ruby3.1 <not-affected> (Incomplete fix never applied)
 	- ruby2.7 <not-affected> (Incomplete fix never applied)
@@ -110749,7 +110845,7 @@ CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPC
 CVE-2023-28757
 	RESERVED
 CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...)
-	{DLA-3447-1 DLA-3408-1}
+	{DLA-3858-1 DLA-3447-1 DLA-3408-1}
 	- ruby3.1 <unfixed> (bug #1038408)
 	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
@@ -110763,7 +110859,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1
 	NOTE: https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
 	NOTE: https://github.com/jruby/jruby/commit/36637a1b4e434cbb75c8f87be128b7763cedf99d (9.4.3.0)
 CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...)
-	{DLA-3447-1 DLA-3408-1}
+	{DLA-3858-1 DLA-3447-1 DLA-3408-1}
 	- rubygems 3.4.20-1
 	[bookworm] - rubygems <no-dsa> (Minor issue)
 	[bullseye] - rubygems <no-dsa> (Minor issue)
@@ -190697,7 +190793,7 @@ CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management Key Performance Indicator
 CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ e ...)
 	NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System
 CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...)
-	{DLA-3450-1}
+	{DLA-3858-1 DLA-3450-1}
 	- ruby3.0 3.0.4-1 (bug #1009956)
 	- ruby2.7 <removed> (bug #1009957)
 	- ruby2.5 <removed>
@@ -217088,6 +217184,7 @@ CVE-2021-44688
 CVE-2021-44687
 	RESERVED
 CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...)
+	{DLA-3862-1}
 	- calibre 5.33.0+dfsg-1
 	[buster] - calibre <no-dsa> (Minor issue)
 	[stretch] - calibre <no-dsa> (Minor issue)
@@ -249329,7 +249426,7 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.
 	- singularity-container 3.9.5+ds1-2 (bug #990201)
 	NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
 CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...)
-	{DLA-3450-1}
+	{DLA-3858-1 DLA-3450-1}
 	- ruby3.1 3.1.2-4 (bug #1024799)
 	- ruby3.0 <removed> (bug #1024800)
 	- ruby2.7 <removed>
@@ -251297,7 +251394,7 @@ CVE-2021-32864
 CVE-2021-32863
 	REJECTED
 CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...)
-	{DLA-3442-1}
+	{DLA-3863-1 DLA-3442-1}
 	- nbconvert 6.5.1-1
 	NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
 	NOTE: https://github.com/jupyter/nbconvert/commit/d09000bbf076410ce4bd4d9a406f9bbe849cd5c6 (6.5.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1f4edfeb21c4f8a032e2ce6dca1d32a1f1d781

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1f4edfeb21c4f8a032e2ce6dca1d32a1f1d781
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240902/7ace762d/attachment.htm>
