[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 5 09:12:55 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d4f0c9c by security tracker role at 2024-09-05T08:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2024-8178 (The ctl_write_buffer and ctl_read_buffer functions allocated memory to ...)
+	TODO: check
+CVE-2024-7627 (The Bit File Manager plugin for WordPress is vulnerable to Remote Code ...)
+	TODO: check
+CVE-2024-6846 (The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not valida ...)
+	TODO: check
+CVE-2024-6835 (The Ivory Search \u2013 WordPress Search Plugin plugin for WordPress i ...)
+	TODO: check
+CVE-2024-45692 (Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traff ...)
+	TODO: check
+CVE-2024-45429 (Cross-site scripting vulnerability exists in Advanced Custom Fields ve ...)
+	TODO: check
+CVE-2024-45399 (Indico is an event management system that uses Flask-Multipass, a mult ...)
+	TODO: check
+CVE-2024-45395 (sigstore-go, a Go library for Sigstore signing and verification, is su ...)
+	TODO: check
+CVE-2024-45288 (A missing null-termination character in the last element of an nvlist  ...)
+	TODO: check
+CVE-2024-45287 (A malicious value of size in a structure of packed libnv can cause an  ...)
+	TODO: check
+CVE-2024-45063 (The function ctl_write_buffer incorrectly set a flag which resulted in ...)
+	TODO: check
+CVE-2024-43110 (The ctl_request_sense function could expose up to three bytes of the k ...)
+	TODO: check
+CVE-2024-43102 (Concurrent removals of certain anonymous shared memory mappings by usi ...)
+	TODO: check
+CVE-2024-42416 (The ctl_report_supported_opcodes function did not sufficiently validat ...)
+	TODO: check
+CVE-2024-41928 (Malicious software running in a guest VM can exploit the buffer overfl ...)
+	TODO: check
+CVE-2024-32668 (An insufficient boundary validation in the USB code could lead to an o ...)
+	TODO: check
+CVE-2024-2166 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2024-20506 (A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) ...)
+	TODO: check
+CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) v ...)
+	TODO: check
 CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They cont ...)
 	TODO: check
 CVE-2024-8417 (A vulnerability was found in \u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u670 ...)
@@ -480,9 +518,11 @@ CVE-2024-45160
 	NOTE: Unit test: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/236cdfe42c1dc04a15a4a40c5e6a8c2e858d71d7 (v2.19.2)
 	NOTE: Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/696f49a0855faeb271096dccb8381e2129687c3d (v2.19.2)
 CVE-2024-7970 (Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 all ...)
+	{DSA-5766-1}
 	- chromium 128.0.6613.119-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-8362 (Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 al ...)
+	{DSA-5766-1}
 	- chromium 128.0.6613.119-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-8389 (Memory safety bugs present in Firefox 129. Some of these bugs showed e ...)
@@ -12096,6 +12136,7 @@ CVE-2024-6540 (Improper filtering of fields when using the export function in th
 	NOT-FOR-US: OTRS
 	NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
 CVE-2024-6345 (A vulnerability in the package_index module of pypa/setuptools version ...)
+	{DLA-3876-1}
 	- setuptools 70.3.0-2
 	NOTE: https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5
 	NOTE: Fixed by merge: https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 (v70.0.0)
@@ -15375,7 +15416,7 @@ CVE-2023-39324
 CVE-2024-40767 (In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1. ...)
 	- nova <not-affected> (Incomplete fix/regression never introduced in Debian as fix for CVE-2024-32498 complete)
 CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0, Glance bef ...)
-	{DSA-5756-1 DSA-5755-1 DSA-5754-1}
+	{DSA-5756-1 DSA-5755-1 DSA-5754-1 DLA-3873-1 DLA-3872-1 DLA-3871-1}
 	- cinder 2:24.0.0-5 (bug #1074763)
 	- glance 2:28.0.1-3+deb12u1 (bug #1074761)
 	- nova 2:29.0.2-4 (bug #1074762)
@@ -49753,6 +49794,7 @@ CVE-2024-29018 (Moby is an open source container framework that is a key compone
 CVE-2024-28916 (Xbox Gaming Services Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash can be ...)
+	{DLA-3875-1}
 	[experimental] - gnutls28 3.8.4-1
 	- gnutls28 3.8.4-2 (bug #1067463)
 	[bookworm] - gnutls28 3.7.9-2+deb12u3
@@ -49765,6 +49807,7 @@ CVE-2024-28835 (A flaw has been discovered in GnuTLS where an application crash
 	NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/e369e67a62f44561d417cb233acc566cc696d82d (3.8.4)
 	NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/d268f19510a95f92d11d8f8dc7d94fcae4d765cc (3.7.0)
 CVE-2024-28834 (A flaw was found in GnuTLS. The Minerva attack is a cryptographic vuln ...)
+	{DLA-3875-1}
 	[experimental] - gnutls28 3.8.4-1
 	- gnutls28 3.8.4-2 (bug #1067464)
 	[bookworm] - gnutls28 3.7.9-2+deb12u3
@@ -97507,7 +97550,7 @@ CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Googl
 CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...)
 	NOT-FOR-US: TWinSoft Configuration Tool
 CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles acces ...)
-	{DLA-3483-1}
+	{DLA-3874-1 DLA-3483-1}
 	- nsis 3.09-1 (bug #1040880)
 	[bookworm] - nsis 3.08-3+deb12u1
 	NOTE: https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 (v309)
@@ -105448,6 +105491,7 @@ CVE-2023-22372 (In the pre connection stage, an improper enforcement of message
 CVE-2023-2089 (A vulnerability was found in SourceCodester Complaint Management Syste ...)
 	NOT-FOR-US: SourceCodester Complaint Management System
 CVE-2023-2088 (A flaw was found in OpenStack due to an inconsistency between Cinder a ...)
+	{DLA-3871-1}
 	- cinder 2:21.1.0-3 (bug #1035961)
 	[buster] - cinder <no-dsa> (Minor issue)
 	- python-glance-store 4.1.0-4 (bug #1035962; bug #1035978)
@@ -157454,6 +157498,7 @@ CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 0
 	NOTE: https://github.com/pypa/wheel/issues/498
 	NOTE: Negligible security impact
 CVE-2022-40897 (Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remo ...)
+	{DLA-3876-1}
 	- setuptools 65.6.3-1
 	NOTE: https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be (v65.5.1)
 CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d4f0c9cb3c6c98f5d82cd48ea134798c662c9ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d4f0c9cb3c6c98f5d82cd48ea134798c662c9ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240905/996fe417/attachment.htm>

More information about the debian-security-tracker-commits mailing list