[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 11 21:12:53 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5232bca3 by security tracker role at 2024-09-11T20:12:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,95 +1,203 @@
-CVE-2024-46672 [wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion]
+CVE-2024-8693 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2024-8692 (A vulnerability classified as critical was found in TDuckCloud TDuckPr ...)
+	TODO: check
+CVE-2024-8691 (A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN- ...)
+	TODO: check
+CVE-2024-8690 (A problem with a detection mechanism in the Palo Alto Networks Cortex  ...)
+	TODO: check
+CVE-2024-8689 (A problem with the ActiveMQ integration for both Cortex XSOAR and Cort ...)
+	TODO: check
+CVE-2024-8688 (An improper neutralization of matching symbols vulnerability in the Pa ...)
+	TODO: check
+CVE-2024-8687 (An information exposure vulnerability exists in Palo Alto Networks PAN ...)
+	TODO: check
+CVE-2024-8686 (A command injection vulnerability in Palo Alto Networks PAN-OS softwar ...)
+	TODO: check
+CVE-2024-8646 (In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulne ...)
+	TODO: check
+CVE-2024-8642 (In Eclipse Dataspace Components, from version 0.5.0 and before version ...)
+	TODO: check
+CVE-2024-8306 (CWE-269: Improper Privilege Management vulnerability exists that could ...)
+	TODO: check
+CVE-2024-8277 (The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-8097 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2024-7805
+	REJECTED
+CVE-2024-7609 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2024-7312 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
+	TODO: check
+CVE-2024-6091 (A vulnerability in significant-gravitas/autogpt version 0.5.1 allows a ...)
+	TODO: check
+CVE-2024-5760 (The Samsung Universal Print Driver for Windows is potentially vulnerab ...)
+	TODO: check
+CVE-2024-5416 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...)
+	TODO: check
+CVE-2024-4465 (An access control vulnerability was discovered in the Reports section  ...)
+	TODO: check
+CVE-2024-45790 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due to miss ...)
+	TODO: check
+CVE-2024-45789 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due to impr ...)
+	TODO: check
+CVE-2024-45788 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due to miss ...)
+	TODO: check
+CVE-2024-45787 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due to tran ...)
+	TODO: check
+CVE-2024-45786 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due to impr ...)
+	TODO: check
+CVE-2024-45327 (An improper authorization vulnerability [CWE-285] in FortiSOAR version ...)
+	TODO: check
+CVE-2024-44851 (A stored cross-site scripting (XSS) vulnerability in the Discussion se ...)
+	TODO: check
+CVE-2024-44577 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injec ...)
+	TODO: check
+CVE-2024-44575 (RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sen ...)
+	TODO: check
+CVE-2024-44574 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injec ...)
+	TODO: check
+CVE-2024-44573 (A stored cross-site scripting (XSS) vulnerability in the VLAN configur ...)
+	TODO: check
+CVE-2024-44572 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injec ...)
+	TODO: check
+CVE-2024-44571 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect acces ...)
+	TODO: check
+CVE-2024-44570 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injectio ...)
+	TODO: check
+CVE-2024-44541 (evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL I ...)
+	TODO: check
+CVE-2024-44466 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in functi ...)
+	TODO: check
+CVE-2024-43793 (Halo is an open source website building tool. A security vulnerability ...)
+	TODO: check
+CVE-2024-42760 (SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote at ...)
+	TODO: check
+CVE-2024-41868 (Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of ...)
+	TODO: check
+CVE-2024-39378 (Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of ...)
+	TODO: check
+CVE-2024-27115 (A unauthenticated Remote Code Execution (RCE) vulnerability is found i ...)
+	TODO: check
+CVE-2024-27114 (A unauthenticated Remote Code Execution (RCE) vulnerability is found i ...)
+	TODO: check
+CVE-2024-27113 (An unauthenticated Insecure Direct Object Reference (IDOR) to the data ...)
+	TODO: check
+CVE-2024-27112 (A unauthenticated SQL Injection has been found in the SO Planning tool ...)
+	TODO: check
+CVE-2024-20489 (A vulnerability in the storage method of the PON Controller configurat ...)
+	TODO: check
+CVE-2024-20483 (Multiple vulnerabilities in Cisco Routed PON Controller Software, whic ...)
+	TODO: check
+CVE-2024-20406 (A vulnerability in the segment routing feature for the Intermediate Sy ...)
+	TODO: check
+CVE-2024-20398 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
+	TODO: check
+CVE-2024-20390 (A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Sof ...)
+	TODO: check
+CVE-2024-20381 (A vulnerability in the JSON-RPC API feature in ConfD that is used by t ...)
+	TODO: check
+CVE-2024-20343 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
+	TODO: check
+CVE-2024-20317 (A vulnerability in the handling of specific Ethernet frames by Cisco I ...)
+	TODO: check
+CVE-2024-20304 (A vulnerability in the multicast traceroute version 2 (Mtrace2) featur ...)
+	TODO: check
+CVE-2019-25212 (The video carousel slider with lightbox plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2024-46672 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4)
-CVE-2024-45030 [igb: cope with large MAX_SKB_FRAGS]
+CVE-2024-45030 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5)
-CVE-2024-45029 [i2c: tegra: Do not mark ACPI devices as irq safe]
+CVE-2024-45029 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.10.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4)
-CVE-2024-45028 [mmc: mmc_test: Fix NULL dereference on allocation failure]
+CVE-2024-45028 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5)
-CVE-2024-45027 [usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()]
+CVE-2024-45027 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4)
-CVE-2024-45026 [s390/dasd: fix error recovery leading to data corruption on ESE devices]
+CVE-2024-45026 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4)
-CVE-2024-45025 [fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE]
+CVE-2024-45025 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4)
-CVE-2024-45024 [mm/hugetlb: fix hugetlb vs. core-mm PT locking]
+CVE-2024-45024 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/5f75cfbd6bb02295ddaed48adf667b6c828ce07b (6.11-rc4)
-CVE-2024-45023 [md/raid1: Fix data corruption for degraded array with slow disk]
+CVE-2024-45023 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c916ca35308d3187c9928664f9be249b22a3a701 (6.11-rc4)
-CVE-2024-45022 [mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0]
+CVE-2024-45022 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.10.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4)
-CVE-2024-45021 [memcg_write_event_control(): fix a user-triggerable oops]
+CVE-2024-45021 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4)
-CVE-2024-45020 [bpf: Fix a kernel verifier crash in stacksafe()]
+CVE-2024-45020 (In the Linux kernel, the following vulnerability has been resolved:  b ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4)
-CVE-2024-45019 [net/mlx5e: Take state lock during tx timeout reporter]
+CVE-2024-45019 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.10.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4)
-CVE-2024-45018 [netfilter: flowtable: initialise extack before use]
+CVE-2024-45018 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4)
-CVE-2024-45017 [net/mlx5: Fix IPsec RoCE MPV trace call]
+CVE-2024-45017 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5)
-CVE-2024-45016 [netem: fix return value if duplicate enqueue fails]
+CVE-2024-45016 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5)
-CVE-2024-45015 [drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()]
+CVE-2024-45015 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)
-CVE-2024-45014 [s390/boot: Avoid possible physmem_info segment corruption]
+CVE-2024-45014 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/d7fd2941ae9a67423d1c7bee985f240e4686634f (6.11-rc5)
-CVE-2024-45013 [nvme: move stopping keep-alive into nvme_uninit_ctrl()]
+CVE-2024-45013 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a54a93d0e3599b05856971734e15418ac551a14c (6.11-rc5)
-CVE-2024-45012 [nouveau/firmware: use dma non-coherent allocator]
+CVE-2024-45012 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.10.7-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9b340aeb26d50e9a9ec99599e2a39b035fac978e (6.11-rc5)
-CVE-2024-45011 [char: xillybus: Check USB endpoints when probing device]
+CVE-2024-45011 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux 6.10.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2374bf7558de915edc6ec8cb10ec3291dfab9594 (6.11-rc4)
-CVE-2024-45010 [mptcp: pm: only mark 'subflow' endp as available]
+CVE-2024-45010 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.10.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)
-CVE-2024-45009 [mptcp: pm: only decrement add_addr_accepted for MPJ req]
+CVE-2024-45009 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.10.7-1
 	NOTE: https://git.kernel.org/linus/1c1f721375989579e46741f59523e39ec9b2a9bd (6.11-rc5)
 CVE-2024-8441 (An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6 ...)
@@ -168,7 +276,7 @@ CVE-2024-21529 (Versions of the package dset before 3.1.4 are vulnerable to Prot
 	TODO: check
 CVE-2024-1656 (Affected versions of Octopus Server had a weak content security policy ...)
 	NOT-FOR-US: Octopus Server
-CVE-2024-8096 [OCSP stapling bypass with GnuTLS]
+CVE-2024-8096 (When curl is told to use the Certificate Status Request TLS extension, ...)
 	- curl <unfixed>
 	[bookworm] - curl <no-dsa> (Minor issue)
 	NOTE: https://curl.se/docs/CVE-2024-8096.html
@@ -184,16 +292,16 @@ CVE-2024-23984
 	[bookworm] - intel-microcode <no-dsa> (Minor issue)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910
-CVE-2024-8639
+CVE-2024-8639 (Use after free in Autofill in Google Chrome on Android prior to 128.0. ...)
 	- chromium 128.0.6613.137-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8638
+CVE-2024-8638 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed  ...)
 	- chromium 128.0.6613.137-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8637
+CVE-2024-8637 (Use after free in Media Router in Google Chrome on Android prior to 12 ...)
 	- chromium 128.0.6613.137-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2024-8636
+CVE-2024-8636 (Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137  ...)
 	- chromium 128.0.6613.137-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...)
@@ -81403,7 +81511,7 @@ CVE-2023-46535 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was di
 	NOT-FOR-US: TP-LINK
 CVE-2023-46534 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
 	NOT-FOR-US: TP-LINK
-CVE-2023-46527 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+CVE-2023-46527 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR76 ...)
 	NOT-FOR-US: TP-LINK
 CVE-2023-46526 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
 	NOT-FOR-US: TP-LINK
@@ -81807,7 +81915,7 @@ CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to St
 	NOT-FOR-US: WordPress plugin
 CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the f ...)
 	NOT-FOR-US: TP-Link
-CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability vi ...)
+CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack over ...)
 	NOT-FOR-US: TP-Link
 CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via  ...)
 	NOT-FOR-US: Tenda
@@ -88603,9 +88711,9 @@ CVE-2023-39928 (A use-after-free vulnerability exists in the MediaRecorder API o
 	NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
 CVE-2023-39916 (NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1 contains  ...)
 	- routinator <itp> (bug #929024)
-CVE-2023-39915 (NLnet Labs\u2019 Routinator up to and including version 0.12.1 may cra ...)
+CVE-2023-39915 (NLnet Labs' Routinator up to and including version 0.12.1 may crash wh ...)
 	- routinator <itp> (bug #929024)
-CVE-2023-39914 (NLnet Labs\u2019 bcder library up to and including version 0.7.2 panic ...)
+CVE-2023-39914 (NLnet Labs' bcder library up to and including version 0.7.2 panics whi ...)
 	- rust-bcder 0.7.3-1 (bug #1052176)
 	[bookworm] - rust-bcder <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0062.html
@@ -293972,9 +294080,9 @@ CVE-2021-1248 (Multiple vulnerabilities in certain REST API endpoints of Cisco D
 	NOT-FOR-US: Cisco
 CVE-2021-1247 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...)
 	NOT-FOR-US: Cisco
-CVE-2021-1246 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+CVE-2021-1246 (Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP  ...)
 	NOT-FOR-US: Cisco
-CVE-2021-1245 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+CVE-2021-1245 (Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Sit ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1244 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...)
 	NOT-FOR-US: Cisco



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5232bca36622adaca83c227979520d28d673c37f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5232bca36622adaca83c227979520d28d673c37f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240911/9d705d52/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list