[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Sep 20 15:46:18 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91b38d7c by Moritz Muehlenhoff at 2024-09-20T16:45:47+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,7 +38,7 @@ CVE-2024-8651 (A vulnerability in NetCat CMS allows an attacker to send a specia
 CVE-2024-8375 (There exists a use after free vulnerability in Reverb.Reverb supports  ...)
 	NOT-FOR-US: Google Reverb
 CVE-2024-8354 (A flaw was found in QEMU. An assertion failure was present in the usb_ ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (bug #1082377)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313497
 	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2548
 CVE-2024-7785 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -82,10 +82,10 @@ CVE-2024-45807 (Envoy is a cloud-native high-performance edge/middle/service pro
 CVE-2024-45806 (Envoy is a cloud-native high-performance edge/middle/service proxy. A  ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2024-45752 (logiops through 0.3.4, in its default configuration, allows any unpriv ...)
-	- logiops <unfixed>
+	- logiops <unfixed> (bug #1082378)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1226598
 CVE-2024-45614 (Puma is a Ruby/Rack web server built for parallelism. In affected vers ...)
-	- puma <unfixed>
+	- puma <unfixed> (bug #1082379)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4
 	NOTE: Fixed by: https://github.com/puma/puma/commit/cac3fd18cf29ed43719ff5d52d9cfec215f0a043 (v6.4.3)
 CVE-2024-43496 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
@@ -103,7 +103,7 @@ CVE-2024-38016 (Microsoft Office Visio Remote Code Execution Vulnerability)
 CVE-2024-33109 (Directory Traversal in the web interface of the Tiptel IP 286 with fir ...)
 	NOT-FOR-US: Tiptel
 CVE-2024-31570 (libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffe ...)
-	- freeimage <unfixed>
+	- freeimage <unfixed> (bug #1082380)
 	NOTE: https://sourceforge.net/p/freeimage/bugs/355/
 	NOTE: https://www.openwall.com/lists/oss-security/2024/04/11/10
 CVE-2024-25673 (Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earli ...)
@@ -123,7 +123,7 @@ CVE-2024-8850 (The MC4WP: Mailchimp for WordPress plugin for WordPress is vulner
 CVE-2024-8364 (The WP Custom Fields Search plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7254 (Any project that parses untrusted Protocol Buffers datacontaining an a ...)
-	- protobuf <unfixed>
+	- protobuf <unfixed> (bug #1082381)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa
 CVE-2024-47089 (This vulnerability exists in the Apex Softcell LD Geo due to improper  ...)
 	NOT-FOR-US: Apex Softcell LD Geo
@@ -869,7 +869,7 @@ CVE-2024-8897 (Under certain conditions, an attacker with the ability to redirec
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-45/#CVE-2024-8897
 CVE-2024-8796 (Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & ...)
-	- ruby-devise-two-factor <unfixed>
+	- ruby-devise-two-factor <unfixed> (bug #1082382)
 	NOTE: https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-qjxf-mc72-wjr2
 CVE-2024-8767 (Sensitive data disclosure and manipulation due to unnecessary privileg ...)
 	NOT-FOR-US: Acronis



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91b38d7cdb6c246a8d21472b9654734d70821e87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91b38d7cdb6c246a8d21472b9654734d70821e87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240920/033e0f47/attachment.htm>

More information about the debian-security-tracker-commits mailing list