[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 27 14:03:55 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
656a6dbc by Moritz Muehlenhoff at 2024-09-27T15:03:38+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2024-9130 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin
CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9029 (A flaw was found in freeimage library. Processing a crafted image can ...)
- - freeimage <unfixed>
+ - freeimage <unfixed> (bug #1082848)
[bookworm] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/bugs/351/
CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...)
@@ -103,7 +103,7 @@ CVE-2024-47180 (Shields.io is a service for concise, consistent, and legible bad
CVE-2024-47179 (RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-te ...)
NOT-FOR-US: RSSHub
CVE-2024-47174 (Nix is a package manager for Linux and other Unix systems. Starting in ...)
- - nix <unfixed>
+ - nix <unfixed> (bug #1082847)
NOTE: https://github.com/NixOS/nix/commit/062b4a489e30da9c85fa4ff15cfdd2e51cac7b90
NOTE: https://github.com/NixOS/nix/pull/11585
NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-6fjr-mq49-mm2c
@@ -142,7 +142,7 @@ CVE-2024-47044 (Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TE
CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to valida ...)
- mattermost-server <itp> (bug #823556)
CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::Lo ...)
- - assimp <unfixed>
+ - assimp <unfixed> (bug #1082857)
NOTE: https://github.com/assimp/assimp/issues/5771
CVE-2024-46627 (Incorrect access control in BECN DATAGERRY v2.2 allows attackers to ex ...)
NOT-FOR-US: BECN DATAGERRY
@@ -290,7 +290,7 @@ CVE-2022-49038 (Inclusion of functionality from untrusted control sphere vulnera
CVE-2022-49037 (Insertion of sensitive information into log file vulnerability in prox ...)
NOT-FOR-US: Synology
CVE-2024-8805 [BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability]
- - bluez <unfixed>
+ - bluez <unfixed> (bug #1082849)
[bookworm] - bluez <no-dsa> (Minor issue)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1229/
NOTE: https://patchwork.kernel.org/project/bluetooth/patch/20240912204458.3037144-1-luiz.dentz@gmail.com/
@@ -2331,7 +2331,7 @@ CVE-2024-8768 (A flaw was found in the vLLM library. A completions API request w
CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8775 (A flaw was found in Ansible, where sensitive information stored in Ans ...)
- - ansible-core <unfixed>
+ - ansible-core <unfixed> (bug #1082851)
[bookworm] - ansible-core <no-dsa> (Minor issue)
- ansible 5.4.0-1
NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid
@@ -4031,7 +4031,7 @@ CVE-2024-44839 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulner
CVE-2024-44838 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...)
NOT-FOR-US: RapidCMS
CVE-2024-8443 (A heap-based buffer overflow vulnerability was found in the libopensc ...)
- - opensc <unfixed>
+ - opensc <unfixed> (bug #1082853)
[bookworm] - opensc <no-dsa> (Minor issue)
[bullseye] - opensc <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310494
@@ -4264,10 +4264,9 @@ CVE-2024-8461 (A vulnerability, which was classified as problematic, was found i
CVE-2024-8460 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: D-Link
CVE-2024-8445 (The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1082852)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310110
NOTE: CVE exists because of an insufficent/incomplete fix for CVE-2024-2199
- TODO: check details
CVE-2024-8395 (FlyCASS CASS and KCM systems did not correctly filter SQL queries, whi ...)
NOT-FOR-US: FlyCASS CASS and KCM systems
CVE-2024-8363 (The Share This Image plugin for WordPress is vulnerable to Stored Cros ...)
@@ -8849,7 +8848,7 @@ CVE-2023-4025 (The Radio Player plugin for WordPress is vulnerable to unauthoriz
CVE-2023-4024 (The Radio Player plugin for WordPress is vulnerable to unauthorized mo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7885 (A vulnerability was found in Undertow where the ProxyProtocolReadListe ...)
- - undertow <unfixed>
+ - undertow <unfixed> (bug #1082854)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2305290
CVE-2024-7646 (A security issue was discovered in ingress-nginx where an actor with p ...)
NOT-FOR-US: Kubernetes ingress-nginx
@@ -11182,7 +11181,7 @@ CVE-2024-7502 (A crafted DPA file could force Delta Electronics DIAScreen to ove
CVE-2024-7317 (The Folders \u2013 Unlimited Folders to Organize Media Library Folder, ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7246 (It's possible for a gRPC client communicating with a HTTP/2 proxy to p ...)
- - grpc <unfixed>
+ - grpc <unfixed> (bug #1082856)
[bookworm] - grpc <no-dsa> (Minor issue)
[bullseye] - grpc <postponed> (Minor issue, light cache poisoning and infoleak)
NOTE: https://github.com/grpc/grpc/issues/36245
@@ -11932,7 +11931,7 @@ CVE-2024-38321 (IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.
CVE-2024-37286 (APM server logs contain document body from a partially failed bulk ind ...)
NOT-FOR-US: APM server
CVE-2024-7319 (An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensi ...)
- - heat <unfixed>
+ - heat <unfixed> (bug #1082855)
[bookworm] - heat <no-dsa> (Minor issue)
[bullseye] - heat <not-affected> (Incomplete fix for CVE-2023-1625 not applied)
NOTE: https://storyboard.openstack.org/#!/story/2011007
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/656a6dbc8c9e899c67f73616d2dcdf7e451ca51d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/656a6dbc8c9e899c67f73616d2dcdf7e451ca51d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/597f564f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list