[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 13 21:22:14 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1298d13 by security tracker role at 2024-09-13T20:22:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,164 @@
-CVE-2024-46713 [perf/aux: Fix AUX buffer serialization]
+CVE-2024-8784 (A vulnerability classified as critical was found in QDocs Smart School ...)
+ TODO: check
+CVE-2024-8783 (A vulnerability classified as problematic has been found in OpenTibiaB ...)
+ TODO: check
+CVE-2024-8782 (A vulnerability was found in JFinalCMS up to 1.0. It has been rated as ...)
+ TODO: check
+CVE-2024-8747 (The Email Obfuscate Shortcode plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2024-8737 (The PDF Thumbnail Generator plugin for WordPress is vulnerable to Refl ...)
+ TODO: check
+CVE-2024-8734 (The Lucas String Replace plugin for WordPress is vulnerable to Reflect ...)
+ TODO: check
+CVE-2024-8732 (The Roles & Capabilities plugin for WordPress is vulnerable to Reflect ...)
+ TODO: check
+CVE-2024-8731 (The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Si ...)
+ TODO: check
+CVE-2024-8730 (The Exit Notifier plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2024-8714 (The WordPress Affiliates Plugin \u2014 SliceWP Affiliates plugin for W ...)
+ TODO: check
+CVE-2024-8281 (An input validation weakness was discovered in XCC that could allow a ...)
+ TODO: check
+CVE-2024-8280 (An input validation weakness was discovered in XCC that could allow a ...)
+ TODO: check
+CVE-2024-8279 (A privilege escalation vulnerability was discovered in XCC that could ...)
+ TODO: check
+CVE-2024-8278 (A privilege escalation vulnerability was discovered in XCC that could ...)
+ TODO: check
+CVE-2024-8269 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
+ TODO: check
+CVE-2024-8242 (The MStore API \u2013 Create Native Android & iOS Apps On The Cloud pl ...)
+ TODO: check
+CVE-2024-8059 (IPMI credentials may be captured in XCC audit log entries when the acc ...)
+ TODO: check
+CVE-2024-7756 (A potential vulnerability was reported in the ThinkPad L390 Yoga and 1 ...)
+ TODO: check
+CVE-2024-7423 (The Stream plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2024-6867 (An information disclosure vulnerability exists in the lunary-ai/lunary ...)
+ TODO: check
+CVE-2024-6862 (A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/ ...)
+ TODO: check
+CVE-2024-6656 (Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Co ...)
+ TODO: check
+CVE-2024-6587 (A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/l ...)
+ TODO: check
+CVE-2024-6582 (A broken access control vulnerability exists in the latest version of ...)
+ TODO: check
+CVE-2024-6544 (The Custom Post Limits plugin for WordPress is vulnerable to full path ...)
+ TODO: check
+CVE-2024-6258 (BT: Missing length checks of net_buf in rfcomm_handle_data)
+ TODO: check
+CVE-2024-6137 (BT: Classic: SDP OOB access in get_att_search_list)
+ TODO: check
+CVE-2024-6135 (BT:Classic: Multiple missing buf length checks)
+ TODO: check
+CVE-2024-6087 (An improper access control vulnerability exists in lunary-ai/lunary at ...)
+ TODO: check
+CVE-2024-5931 (BT: Unchecked user input in bap_broadcast_assistant)
+ TODO: check
+CVE-2024-5884 (The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
+ TODO: check
+CVE-2024-5870 (The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2024-5869 (The Neighborly theme for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-5867 (The Delicate theme for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2024-5789 (The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-5754 (BT: Encryption procedure host vulnerability)
+ TODO: check
+CVE-2024-4550 (A potential buffer overflow vulnerability was reported in some Lenovo ...)
+ TODO: check
+CVE-2024-46049 (Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulner ...)
+ TODO: check
+CVE-2024-46048 (Tenda FH451 v1.0.0.9 has a command injection vulnerability in the form ...)
+ TODO: check
+CVE-2024-46047 (Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhc ...)
+ TODO: check
+CVE-2024-46046 (Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the ...)
+ TODO: check
+CVE-2024-46045 (Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in ...)
+ TODO: check
+CVE-2024-46044 (CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the f ...)
+ TODO: check
+CVE-2024-45368 (The H2-DM1E PLC's authentication protocol appears to utilize either a ...)
+ TODO: check
+CVE-2024-45113 (ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2024-45112 (Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.0 ...)
+ TODO: check
+CVE-2024-45111 (Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2024-45109 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-45108 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-45105 (An internal product security audit discovered a UEFI SMM (System Manag ...)
+ TODO: check
+CVE-2024-45104 (A valid, authenticated LXCA user without sufficient privileges may be ...)
+ TODO: check
+CVE-2024-45103 (A valid, authenticated LXCA user may be able to unmanage an LXCA manag ...)
+ TODO: check
+CVE-2024-45101 (A privilege escalation vulnerability was discovered when Single Sign O ...)
+ TODO: check
+CVE-2024-44798 (phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site ...)
+ TODO: check
+CVE-2024-44685 (Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnera ...)
+ TODO: check
+CVE-2024-44430 (SQL Injection vulnerability in Best Free Law Office Management Softwar ...)
+ TODO: check
+CVE-2024-43760 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-43759 (Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL P ...)
+ TODO: check
+CVE-2024-43758 (Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use Af ...)
+ TODO: check
+CVE-2024-43756 (Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-43099 (The session hijacking attack targets the application layer's control m ...)
+ TODO: check
+CVE-2024-42025 (A Command Injection vulnerability found in a Self-Hosted UniFi Network ...)
+ TODO: check
+CVE-2024-41874 (ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Dese ...)
+ TODO: check
+CVE-2024-41869 (Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.0 ...)
+ TODO: check
+CVE-2024-41867 (After Effects versions 23.6.6, 24.5 and earlier are affected by a Stac ...)
+ TODO: check
+CVE-2024-41859 (After Effects versions 23.6.6, 24.5 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-41857 (Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integ ...)
+ TODO: check
+CVE-2024-3100 (A potential buffer overflow vulnerability was reported in some Lenovo ...)
+ TODO: check
+CVE-2024-39926 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. ...)
+ TODO: check
+CVE-2024-39925 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. ...)
+ TODO: check
+CVE-2024-39924 (An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. ...)
+ TODO: check
+CVE-2024-39385 (Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use A ...)
+ TODO: check
+CVE-2024-39384 (Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out- ...)
+ TODO: check
+CVE-2024-39382 (After Effects versions 23.6.6, 24.5 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-39381 (After Effects versions 23.6.6, 24.5 and earlier are affected by an out ...)
+ TODO: check
+CVE-2024-39380 (After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap ...)
+ TODO: check
+CVE-2024-34121 (Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integ ...)
+ TODO: check
+CVE-2024-31416 (The Eaton Foreseer software provides multiple customizable input field ...)
+ TODO: check
+CVE-2024-31415 (The Eaton Foreseer software provides the feasibility for the user to c ...)
+ TODO: check
+CVE-2024-31414 (The Eaton Foreseer software provides users the capability to customize ...)
+ TODO: check
+CVE-2024-46713 (In the Linux kernel, the following vulnerability has been resolved: p ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/2ab9d830262c132ab5db2f571003d80850d56b2a (6.11-rc7)
CVE-2024-22399
@@ -6734,7 +6894,7 @@ CVE-2024-41860 (Substance3D - Sampler versions 4.5 and earlier are affected by a
NOT-FOR-US: Adobe
CVE-2024-41858 (InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Ov ...)
NOT-FOR-US: Adobe
-CVE-2024-41856 (Illustrator versions 28.5, 27.9.4 and earlier are affected by an Impro ...)
+CVE-2024-41856 (Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affect ...)
NOT-FOR-US: Adobe
CVE-2024-41854 (InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by ...)
NOT-FOR-US: Adobe
@@ -6798,7 +6958,7 @@ CVE-2024-39423 (Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964
NOT-FOR-US: Adobe
CVE-2024-39422 (Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.0 ...)
NOT-FOR-US: Adobe
-CVE-2024-39420 (Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.0 ...)
+CVE-2024-39420 (Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.0 ...)
NOT-FOR-US: Adobe
CVE-2024-39419 (Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and ear ...)
NOT-FOR-US: Adobe
@@ -23321,7 +23481,8 @@ CVE-2023-6748 (The Custom Field Template plugin for WordPress is vulnerable to S
NOT-FOR-US: WordPress plugin
CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-5203 (A Cross-site request forgery (CSRF) flaw was found in Keycloak and occ ...)
+CVE-2024-5203
+ REJECTED
NOT-FOR-US: Keycloak
CVE-2024-3183 (A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ ...)
- freeipa <unfixed> (bug #1077683)
@@ -33306,7 +33467,7 @@ CVE-2024-32636 (A vulnerability has been identified in JT2Go (All versions < V23
CVE-2024-32635 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...)
NOT-FOR-US: Siemens
CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid ...)
- {DLA-3867-1 DLA-3844-1}
+ {DSA-5769-1 DLA-3867-1 DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4
NOTE: Prerequsite for test: https://github.com/git/git/commit/5c5a4a1c05932378d259b1fdd9526cab971656a2
@@ -33348,24 +33509,25 @@ CVE-2024-32057 (A vulnerability has been identified in Simcenter Femap (All vers
CVE-2024-32055 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
NOT-FOR-US: Siemens
CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
- {DLA-3867-1 DLA-3844-1}
+ {DSA-5769-1 DLA-3867-1 DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7
CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
+ {DSA-5769-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj
NOTE: https://github.com/git/git/commit/1204e1a824c34071019fe106348eaa6d88f9528d
NOTE: https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703
NOTE: Regression: https://lore.kernel.org/git/924426.1716570031@dash.ant.isi.edu/T/#u
CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
- {DLA-3867-1 DLA-3844-1}
+ {DSA-5769-1 DLA-3867-1 DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389
NOTE: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8
NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7
NOTE: Regression: https://lore.kernel.org/git/924426.1716570031@dash.ant.isi.edu/T/#u
CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...)
- {DLA-3867-1 DLA-3844-1}
+ {DSA-5769-1 DLA-3867-1 DLA-3844-1}
- git 1:2.45.1-1 (bug #1071160)
NOTE: https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
NOTE: Additional useful test: https://github.com/git/git/commit/b20c10fd9b035f46e48112d2cd33d7cb740012b6
@@ -112535,7 +112697,7 @@ CVE-2023-29009 (baserCMS is a website development framework with WebAPI that run
CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...)
NOT-FOR-US: SvelteKit
CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
- {DLA-3867-1 DLA-3844-1}
+ {DSA-5769-1 DLA-3867-1 DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
NOTE: https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8 (v2.30.9)
@@ -122425,7 +122587,7 @@ CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementatio
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...)
- {DLA-3867-1 DLA-3844-1}
+ {DSA-5769-1 DLA-3867-1 DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
NOTE: https://github.com/git/git/commit/c4137be0f5a6edf9a9044e6e43ecf4468c7a4046 (v2.30.9)
@@ -123236,7 +123398,7 @@ CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Sign
NOT-FOR-US: Cisco node-jose (different from src:node-jose)
NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
- {DLA-3867-1 DLA-3844-1}
+ {DSA-5769-1 DLA-3867-1 DLA-3844-1}
- git 1:2.40.1-1 (bug #1034835)
NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9)
@@ -172998,8 +173160,8 @@ CVE-2022-35874 (Four format string injection vulnerabilities exist in the XCMD t
NOT-FOR-US: Abode Systems
CVE-2022-35244 (A format string injection vulnerability exists in the XCMD getVarHA fu ...)
NOT-FOR-US: Abode Systems
-CVE-2022-2446
- RESERVED
+CVE-2022-2446 (The WP Editor plugin for WordPress is vulnerable to deserialization of ...)
+ TODO: check
CVE-2022-2445
REJECTED
CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1298d13fcedf9165c66fc85e5c824313e300af7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1298d13fcedf9165c66fc85e5c824313e300af7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240913/afcfa1fc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list