[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5598bb2e by security tracker role at 2024-09-14T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2024-8862 (A vulnerability, which was classified as critical, has been found in h ...)
+	TODO: check
+CVE-2024-6482 (The Login with phone number plugin for WordPress is vulnerable to priv ...)
+	TODO: check
+CVE-2023-3410 (The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scri ...)
+	TODO: check
 CVE-2024-8768
 	NOT-FOR-US: vLLM
 CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for WordPress is  ...)
@@ -48264,10 +48270,12 @@ CVE-2024-31080 (A heap-based buffer over-read vulnerability was found in the X.o
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b
 	NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html
 CVE-2024-27983 (An attacker can make the Node.js HTTP/2 server completely unavailable  ...)
+	{DLA-3886-1}
 	- nodejs 18.20.1+dfsg-1 (bug #1068347)
 	NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
 	NOTE: Fixed by: https://github.com/nodejs/node/commit/0fb816dbccde955cd24acc1b16497a91fab507c8 (v18.20.1)
 CVE-2024-27982 (The team has identified a critical vulnerability in the http server of ...)
+	{DLA-3886-1}
 	- nodejs 18.20.1+dfsg-1 (bug #1068347)
 	NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
 	NOTE: Fixed by: https://github.com/nodejs/node/commit/5d4d5848cf557fba6dc0bfdd020471ea607950ca (v18.20.1)
@@ -59425,7 +59433,7 @@ CVE-2024-26594 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/92e470163d96df8db6c4fa0f484e4a229edb903d (6.8-rc1)
 CVE-2024-22025 (A vulnerability in Node.js has been identified, allowing for a Denial  ...)
-	{DLA-3776-1}
+	{DLA-3886-1 DLA-3776-1}
 	- nodejs 18.19.1+dfsg-1
 	NOTE: https://nodejs.org/en/blog/release/v18.19.1
 	NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda (v18.x)
@@ -61095,7 +61103,7 @@ CVE-2024-21891 (Node.js depends on multiple built-in utility functions to normal
 	- nodejs <not-affected> (Only affects 20.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium
 CVE-2023-46809 (Node.js versions which bundle an unpatched version of OpenSSL or run a ...)
-	{DLA-3776-1}
+	{DLA-3886-1 DLA-3776-1}
 	- nodejs 18.19.1+dfsg-1 (bug #1064055)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
 	NOTE: https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635 (v18.x)
@@ -61109,6 +61117,7 @@ CVE-2024-21896 (The permission model protects itself against path traversal atta
 	- nodejs <not-affected> (Only affects 20.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#path-traversal-by-monkey-patching-buffer-internals-cve-2024-21896---high
 CVE-2024-22019 (A vulnerability in Node.js HTTP servers allows an attacker to send a s ...)
+	{DLA-3886-1}
 	- nodejs 18.19.1+dfsg-1 (bug #1064055)
 	[buster] - nodejs <not-affected> (Vulnerable code not present)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high
@@ -94275,7 +94284,7 @@ CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might all
 CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol might allow  ...)
 	NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol
 CVE-2023-32559 (A privilege escalation vulnerability exists in the experimental policy ...)
-	{DSA-5589-1}
+	{DSA-5589-1 DLA-3886-1}
 	- nodejs 18.13.0+dfsg1-1.1 (bug #1050739)
 	[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
 	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559
@@ -108000,12 +108009,12 @@ CVE-2023-30592
 CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attacker ...)
 	NOT-FOR-US: NodeBB
 CVE-2023-30590 (The generateKeys() API function returned from crypto.createDiffieHellm ...)
-	{DSA-5589-1 DLA-3776-1}
+	{DSA-5589-1 DLA-3886-1 DLA-3776-1}
 	- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#diffiehellman-do-not-generate-keys-after-setting-a-private-key-medium-cve-2023-30590
 	NOTE: Fixed by: https://github.com/nodejs/node/commit/1a5c9284ebce5cd71cf7a3c29759a748c373ac85 (v16.x)
 CVE-2023-30589 (The llhttp parser in the http module in Node v20.2.0 does not strictly ...)
-	{DSA-5589-1}
+	{DSA-5589-1 DLA-3886-1}
 	- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
 	[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
 	- llhttp <itp> (bug #977716)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5598bb2e8a5ea8a26b4c2b2d53407a2bf9ad64f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5598bb2e8a5ea8a26b4c2b2d53407a2bf9ad64f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240914/931caae5/attachment.htm>