[Git][security-tracker-team/security-tracker][master] automatic update

Tue Sep 3 21:13:06 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52e40443 by security tracker role at 2024-09-03T20:12:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,94 @@
-CVE-2024-6232
+CVE-2024-8389 (Memory safety bugs present in Firefox 129. Some of these bugs showed e ...)
+	TODO: check
+CVE-2024-8388 (Multiple prompts and panels from both Firefox and the Android OS could ...)
+	TODO: check
+CVE-2024-8387 (Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thun ...)
+	TODO: check
+CVE-2024-8386 (If a site had been granted the permission to open popup windows, it co ...)
+	TODO: check
+CVE-2024-8385 (A difference in the handling of StructFields and ArrayTypes in WASM co ...)
+	TODO: check
+CVE-2024-8384 (The JavaScript garbage collector could mis-color cross-compartment obj ...)
+	TODO: check
+CVE-2024-8383 (Firefox normally asks for confirmation before asking the operating sys ...)
+	TODO: check
+CVE-2024-8382 (Internal browser event interfaces were exposed to web content when pri ...)
+	TODO: check
+CVE-2024-8381 (A potentially exploitable type confusion could be triggered when looki ...)
+	TODO: check
+CVE-2024-8374 (UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerab ...)
+	TODO: check
+CVE-2024-8371
+	REJECTED
+CVE-2024-7654 (An ActiveMQ Discovery service was reachable by default from an OpenEdg ...)
+	TODO: check
+CVE-2024-7619
+	REJECTED
+CVE-2024-7346 (Host name validation for TLS certificates is bypassed when the install ...)
+	TODO: check
+CVE-2024-7345 (Local ABL Client bypass of the required PASOE security checks may allo ...)
+	TODO: check
+CVE-2024-6473 (Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulne ...)
+	TODO: check
+CVE-2024-4629 (A vulnerability was found in Keycloak. This flaw allows attackers to b ...)
+	TODO: check
+CVE-2024-4259 (Improper Privilege Management vulnerability in SAMPA\u015e Holding AKO ...)
+	TODO: check
+CVE-2024-45678 (Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM ...)
+	TODO: check
+CVE-2024-45588 (This vulnerability exists in Symphony XTS Web Trading platform version ...)
+	TODO: check
+CVE-2024-45587 (This vulnerability exists in Symphony XTS Web Trading platform version ...)
+	TODO: check
+CVE-2024-45586 (This vulnerability exists due to improper access controls on APIs in t ...)
+	TODO: check
+CVE-2024-45391 (Tina is an open-source content management system (CMS). Sites building ...)
+	TODO: check
+CVE-2024-45390 (@blakeembrey/template is a string template library. Prior to version 1 ...)
+	TODO: check
+CVE-2024-45389 (Pagefind, a fully static search library, initializes its dynamic JavaS ...)
+	TODO: check
+CVE-2024-45307 (SudoBot, a Discord moderation bot, is vulnerable to privilege escalati ...)
+	TODO: check
+CVE-2024-45180 (SquaredUp DS for SCOM 6.2.1.11104 allows XSS.)
+	TODO: check
+CVE-2024-44921 (SeaCMS v12.9 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
+CVE-2024-44920 (A cross-site scripting (XSS) vulnerability in the component admin_coll ...)
+	TODO: check
+CVE-2024-43803 (The Bare Metal Operator (BMO) implements a Kubernetes API for managing ...)
+	TODO: check
+CVE-2024-43413 (Xibo is an open source digital signage platform with a web content man ...)
+	TODO: check
+CVE-2024-43412 (Xibo is an open source digital signage platform with a web content man ...)
+	TODO: check
+CVE-2024-42991 (MCMS v5.4.1 has front-end file upload vulnerability which can lead to  ...)
+	TODO: check
+CVE-2024-42904 (A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows att ...)
+	TODO: check
+CVE-2024-42903 (A Host header injection vulnerability in the password reset function o ...)
+	TODO: check
+CVE-2024-42902 (An issue in the js_localize.php function of LimeSurvey v6.6.2 and befo ...)
+	TODO: check
+CVE-2024-42901 (A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers  ...)
+	TODO: check
+CVE-2024-41718
+	REJECTED
+CVE-2024-41436 (ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via ...)
+	TODO: check
+CVE-2024-41435 (YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via t ...)
+	TODO: check
+CVE-2024-3655 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...)
+	TODO: check
+CVE-2024-38811 (VMware Fusion (13.x before 13.6) contains a code-execution vulnerabili ...)
+	TODO: check
+CVE-2024-38456 (HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Wi ...)
+	TODO: check
+CVE-2024-34463 (BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensit ...)
+	TODO: check
+CVE-2023-49233 (Insufficient access checks in Visual Planning Admin Center 8 before v. ...)
+	TODO: check
+CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.      Regul ...)
 	- python3.13 <unfixed>
 	- python3.12 <unfixed>
 	- python3.11 <removed>
@@ -24,7 +114,8 @@ CVE-2024-45506
 	[bullseye] - haproxy <not-affected> (Only exploitable with zero-copy-forward)
 	NOTE: http://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=c6bc43e9ac18f122f9dee22df47ab1b7ef57b429 (v2.9.10)
 	NOTE: http://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=c725db17e8416ffb3c1537aea756356228ce5e3c (v3.0.4)
-CVE-2024-6119
+CVE-2024-6119 (Issue summary: Applications performing certificate name checks (e.g.,  ...)
+	{DSA-5764-1}
 	- openssl <unfixed>
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	NOTE: https://openssl-library.org/news/secadv/20240903.txt
@@ -77,7 +168,7 @@ CVE-2024-45615
 	- opensc <unfixed>
 	[bookworm] - opensc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2309285
-CVE-2024-45310
+CVE-2024-45310 (runc is a CLI tool for spawning and running containers according to th ...)
 	- runc <unfixed>
 	[bookworm] - runc <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/09/03/1
@@ -30774,7 +30865,7 @@ CVE-2024-32636 (A vulnerability has been identified in JT2Go (All versions < V23
 CVE-2024-32635 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
 	NOT-FOR-US: Siemens
 CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid  ...)
-	{DLA-3844-1}
+	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.45.1-1 (bug #1071160)
 	NOTE: https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4
 	NOTE: Prerequsite for test: https://github.com/git/git/commit/5c5a4a1c05932378d259b1fdd9526cab971656a2
@@ -30816,7 +30907,7 @@ CVE-2024-32057 (A vulnerability has been identified in Simcenter Femap (All vers
 CVE-2024-32055 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
 	NOT-FOR-US: Siemens
 CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
-	{DLA-3844-1}
+	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.45.1-1 (bug #1071160)
 	NOTE: https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7
 CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
@@ -30826,14 +30917,14 @@ CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44
 	NOTE: https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703
 	NOTE: Regression: https://lore.kernel.org/git/924426.1716570031@dash.ant.isi.edu/T/#u
 CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
-	{DLA-3844-1}
+	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.45.1-1 (bug #1071160)
 	NOTE: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
 	NOTE: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
 	NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7
 	NOTE: Regression: https://lore.kernel.org/git/924426.1716570031@dash.ant.isi.edu/T/#u
 CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
-	{DLA-3844-1}
+	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.45.1-1 (bug #1071160)
 	NOTE: https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
 	NOTE: Additional useful test: https://github.com/git/git/commit/b20c10fd9b035f46e48112d2cd33d7cb740012b6
@@ -109994,7 +110085,7 @@ CVE-2023-29009 (baserCMS is a website development framework with WebAPI that run
 CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...)
 	NOT-FOR-US: SvelteKit
 CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
-	{DLA-3844-1}
+	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
 	[bookworm] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
@@ -119883,7 +119974,7 @@ CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementatio
 CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...)
-	{DLA-3844-1}
+	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
 	[bookworm] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
@@ -120695,7 +120786,7 @@ CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Sign
 	NOT-FOR-US: Cisco node-jose (different from src:node-jose)
 	NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
 CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
-	{DLA-3844-1}
+	{DLA-3867-1 DLA-3844-1}
 	- git 1:2.40.1-1 (bug #1034835)
 	[bookworm] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
@@ -202496,7 +202587,7 @@ CVE-2022-24838 (Nextcloud Calendar is a calendar application for the nextcloud f
 CVE-2022-24837 (HedgeDoc is an open-source, web-based, self-hosted, collaborative mark ...)
 	NOT-FOR-US: HedgeDoc
 CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `<  ...)
-	{DLA-3149-1 DLA-3003-1}
+	{DLA-3868-1 DLA-3149-1 DLA-3003-1}
 	- ruby-nokogiri 1.13.5+dfsg-1 (bug #1009787)
 	NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
 	NOTE: https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
@@ -421318,7 +421409,7 @@ CVE-2019-1389 (A remote code execution vulnerability exists when Windows Hyper-V
 CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows Certific ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1387 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...)
-	{DSA-4581-1 DLA-3844-1 DLA-2059-1}
+	{DSA-4581-1 DLA-3867-1 DLA-3844-1 DLA-2059-1}
 	- git 1:2.24.0-2
 	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a8dee3ca610f5a1d403634492136c887f83b59d2
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
@@ -614467,7 +614558,7 @@ CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in filemanager/login.php
 	NOT-FOR-US: Softaculous Webuzo
 CVE-2013-6041 (index.php in Softaculous Webuzo before 2.1.4 allows remote attackers t ...)
 	NOT-FOR-US: Softaculous Webuzo
-CVE-2013-6040 (Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and ...)
+CVE-2013-6040 (MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4. ...)
 	NOT-FOR-US: MW6 Technologies
 CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP ...)
 	NOT-FOR-US: NagiosQL



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52e40443cd12034548f07470f547f2a4b9f9c4e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52e40443cd12034548f07470f547f2a4b9f9c4e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240903/f6e05414/attachment-0001.htm>
