Source: iperf3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for iperf3.
CVE-2024-26306[0]:
| iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server
| with RSA authentication, allows a timing side channel in
Source: dnsdist
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for dnsdist.
CVE-2024-25581[0]:
| When incoming DNS over HTTPS support is enabled using the nghttp2
| provider, and queries are routed to a tcp-only or DNS
Source: bpftrace
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bpftrace.
CVE-2024-2313[0]:
| If kernel headers need to be extracted, bpftrace will attempt to
| load them from a temporary directory. An unprivileged
Source: bpfcc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for bpfcc.
CVE-2024-2314[0]:
| If kernel headers need to be extracted, bcc will attempt to load
| them from a temporary directory. An unprivileged attacker could
Source: clojure
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for clojure.
CVE-2024-22871[0]:
| An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an
| attacker to cause a denial of service (DoS) via the
|
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-24557[0]:
| Moby is an open-source project created by Docker to enable software
| containerization. The classic builder cache system
Source: lief
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for lief.
CVE-2024-31636[0]:
| An issue in LIEF v.0.14.1 allows a local attacker to obtain
| sensitive information via the name parameter of the machd_reader.c
|
Source: cjson
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for cjson.
CVE-2024-31755[0]:
| cJSON v1.7.17 was discovered to contain a segmentation violation,
| which can trigger through the second parameter of function
|
Am Wed, Mar 06, 2024 at 06:39:01AM -0300 schrieb Leandro Cunha:
> Hi Christoph Berg,
>
> On Wed, Mar 6, 2024 at 5:42 AM Christoph Berg wrote:
> >
> > Re: Leandro Cunha
> > > The
> > > next job would be to make it available through backports and I would
> > > choose to remove this package from
Source: libmodbus
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libmodbus.
CVE-2024-34244[0]:
| libmodbus v3.1.10 is vulnerable to Buffer Overflow via the
| modbus_write_bits function. This issue can be triggered when
Source: node-braces
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-braces.
CVE-2024-4068[0]:
| The NPM package `braces`, versions prior to 3.0.3, fails to limit
| the number of characters it can handle, which
Source: node-micromatch
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-micromatch.
CVE-2024-4067[0]:
| The NPM package `micromatch` is vulnerable to Regular Expression
| Denial of Service (ReDoS). The
Source: maxima
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for maxima.
CVE-2024-34490[0]:
| In Maxima through 5.47.0 before 51704c, the plotting facilities make
| use of predictable names under /tmp. Thus, the contents
Source: python-pymysql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for python-pymysql.
We should also fix this in a DSA, could you prepare debdiffs for
bookworm-security and bullseye-security?
CVE-2024-36039[0]:
| PyMySQL
Source: ruby3.1
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby3.1.
CVE-2024-35176[0]:
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
| denial of service vulnerability when it parses an XML
Source: ruby3.2
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ruby3.2.
CVE-2024-35176[0]:
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
| denial of service vulnerability when it parses an XML
Am Fri, May 10, 2024 at 06:39:20PM + schrieb Thorsten Glaser:
> This is a bit like the limited security support for binutils,
> I suppose. Could/should we document that in the same places?
Sure thing, this sounds similar to what was done for Lilypond,
best to simply ship a similar
Source: hdf5
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for hdf5:
https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
CVE-2024-33877[0]:
| HDF5 Library through 1.14.3 has a heap-based buffer
Source: musescore3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for musescore3.
CVE-2023-44428[0]:
| MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows
Source: npgsql
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for npgsql.
CVE-2024-32655[0]:
| Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()`
| method in
Source: golang-github-opencontainers-go-digest
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for
golang-github-opencontainers-go-digest.
CVE-2024-3727[0]:
| A flaw was found in the github.com/containers/image library.
Source: tinyproxy
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for tinyproxy.
CVE-2023-40533[0]:
| An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1
| while parsing HTTP requests. In certain
Source: libstb
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libstb.
CVE-2023-47212[0]:
| A heap-based buffer overflow vulnerability exists in the comment
| functionality of stb _vorbis.c v1.22. A specially crafted
Source: exiv2
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for exiv2.
The advisories are a little misleading, they mention it as
new in v0.28.0, but that only applies to the "main" branch,
where it was removed and later
Source: gobgp
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gobgp.
CVE-2023-46565[0]:
| Buffer Overflow vulnerability in osrg gobgp commit
| 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to
| cause
Source: opendmarc
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for opendmarc. It's unclear
whether this is actually a security issue, it doesn't appear to have
been reported upstream...
CVE-2024-25768[0]:
| OpenDMARC 1.4.2
Source: jupyterhub
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for jupyterhub.
CVE-2024-28233[0]:
| JupyterHub is an open source multi-user server for Jupyter
| notebooks. By tricking a user into visiting a malicious
Source: gdcm
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gdcm.
These are fixed in 3.0.24:
CVE-2024-25569[0]:
| An out-of-bounds read vulnerability exists in the
| RAWCodec::DecodeBytes functionality of Mathieu
Source: llvm-toolchain-14
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-14.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: llvm-toolchain-15
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-15.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: llvm-toolchain-16
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-16.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: llvm-toolchain-17
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-17.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: llvm-toolchain-18
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for llvm-toolchain-18.
CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved
Source: pytorch
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for pytorch.
CVE-2024-31580[0]:
| PyTorch before v2.2.0 was discovered to contain a heap buffer
| overflow vulnerability in the component
|
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-32473[0]:
| Moby is an open source container framework that is a key component
| of Docker Engine, Docker Desktop, and other
Source: frr
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for frr.
CVE-2024-34088[0]:
| In FRRouting (FRR) through 9.1, it is possible for the get_edge()
| function in ospf_te.c in the OSPF daemon to return a NULL
Source: uriparser
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for uriparser.
CVE-2024-34402[0]:
| An issue was discovered in uriparser through 0.9.7.
| ComposeQueryEngine in UriQuery.c has an integer overflow via
Source: python-jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for python-jose.
CVE-2024-33663[0]:
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA
| keys and other key formats. This is similar
Source: quickjs
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for quickjs.
CVE-2024-33263[0]:
| QuickJS commit 3b45d15 was discovered to contain an Assertion
| Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.
Source: social-auth-app-django
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for social-auth-app-django.
CVE-2024-32879[0]:
| Python Social Auth is a social authentication/registration
| mechanism. Prior to version 5.4.1,
Source: tqdm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for tqdm.
CVE-2024-34062[0]:
| tqdm is an open source progress bar for Python and CLI. Any optional
| non-boolean CLI arguments (e.g. `--delim`, `--buf-size`,
|
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for ofono.
It's not clear whether they were actually reported upstream or only
submitted to Red Hat Bugzilla:
CVE-2023-4232[0]:
| A flaw was found in ofono,
Source: dmitry
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for dmitry.
CVE-2017-7938[0]:
| Stack-based buffer overflow in DMitry (Deepmagic Information
| Gathering Tool) version 1.3a (Unix) allows attackers to cause
Source: python-flask-cors
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-flask-cors.
CVE-2024-1681[0]:
| corydolphin/flask-cors is vulnerable to log injection when the log
| level is set to debug. An attacker
Source: matrix-synapse
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for matrix-synapse.
CVE-2024-31208[0]:
| Synapse is an open-source Matrix homeserver. A remote Matrix user
| with malicious intent, sharing a room with
Source: pdns-recursor
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pdns-recursor.
CVE-2024-25583[0]:
PowerDNS Security Advisory 2024-02: if recursive forwarding is
configured, crafted responses can lead to a denial of
Source: ofono
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for ofono.
CVE-2023-2794[0]:
| A flaw was found in ofono, an Open Source Telephony on Linux. A
| stack overflow bug is triggered within the decode_deliver() function
Source: openjdk-8
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for openjdk-8.
CVE-2024-21011[0]:
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle
| GraalVM Enterprise Edition product of Oracle Java SE
Source: rust-rustls
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for rust-rustls.
CVE-2024-32650[0]:
| Rustls is a modern TLS library written in Rust.
| `rustls::ConnectionCommon::complete_io` could fall into an infinite
|
Source: mysql-8.0
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for mysql-8.0.
CVE-2024-21102[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: Server: Thread Pooling). Supported versions that
Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: Bastien Roucariès
> Control: affects -1 + src:json-smart
> Control: block 1039985 with
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3567[0]:
| A flaw was found in QEMU. An assertion failure was present in the
| update_sctp_checksum() function in hw/net/net_tx_pkt.c when
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3447[0]:
https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/
https://patchew.org/QEMU/20240409145524.27913-1-phi...@linaro.org/
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-3446[0]:
| A double free vulnerability was found in QEMU virtio devices
| (virtio-gpu, virtio-serial-bus, virtio-crypto), where the
|
Source: qemu
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for qemu.
CVE-2024-26327[0]:
| An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in
| hw/pci/pcie_sriov.c mishandles the situation where a
Source: sngrep
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for sngrep.
CVE-2024-3119[0]:
| A buffer overflow vulnerability exists in all versions of sngrep
| since v0.4.2, due to improper handling of 'Call-ID' and
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1635[0]:
| A vulnerability was found in Undertow. This vulnerability impacts a
| server that supports the wildfly-http-client protocol.
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2023-1973[0]:
The only reference is at Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=2185662
If you fix the vulnerability please
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1459[0]:
| A path traversal vulnerability was found in Undertow. This issue may
| allow a remote attacker to append a specially-crafted
Am Tue, Apr 09, 2024 at 02:02:13PM +1200 schrieb Vladimir Petko:
> Hi,
>
> I have realized that I have not submitted the bug report for this
> issue, so the decision to try vendoring dependencies for JTREG is not
> visible anywhere.
>
> Starting from the April OpenJDK release, JTREG 7.3 will be
Source: gpac
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for gpac.
CVE-2024-28318[0]:
| gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a
| out of boundary write vulnerability via swf_get_string at
|
Source: freeimage
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for freeimage. They are all
only published at
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
and don't appear to be forwarded
Source: docker.io
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for docker.io.
CVE-2024-29018[0]:
| Moby is an open source container framework that is a key component
| of Docker Engine, Docker Desktop, and other
Source: murano
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for murano.
CVE-2024-29156[0]:
| In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used,
| the Murano service's MuranoPL extension to the YAQL
Source: varnish
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for varnish.
CVE-2024-30156[0]:
| Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13
| LTS), and Varnish Enterprise 6 before 6.0.12r6, allows
Source: azure-uamqp-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-29195[0]:
| The azure-c-shared-utility is a C library for AMQP/MQTT
| communication to Azure Cloud Services. This
Source: qt6-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qt6-base.
CVE-2024-30161[0]:
| In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may
| access QNetworkReply header data via a dangling
Source: request-tracker5
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker5.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an
Source: request-tracker4
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for request-tracker4.
CVE-2024-3262[0]:
| Information exposure vulnerability in RT software affecting version
| 4.4.1. This vulnerability allows an
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4
CVE-2024-24795[1]:
Source: node-express
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-express.
CVE-2024-29041[0]:
| Express.js minimalist web framework for node. Versions of Express.js
| prior to 4.19.0 and all pre-release alpha
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2024-27983[0]:
https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/
CVE-2024-27982[1]:
Source: slang2
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for slang2. From my perspective
they have no real security impact, but we can still treat/fix them as regular
bugs:
CVE-2023-45927[0]:
| S-Lang 2.3.2 was
Hi Adrian,
> attached are proposed debdiffs for updating gtkwave to 3.3.118 in
> {bookworm,bullseye,buster}-security for review for a DSA
> (and as preview for buster).
Thanks!
> General notes:
>
> I checked a handful CVEs, and they were also present in buster.
> If anyone insists that I check
Source: erlang-jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for erlang-jose.
CVE-2023-50966[0]:
| erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow
| attackers to cause a denial of service (CPU
Source: jose
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for jose.
CVE-2023-50967[0]:
| latchset jose through version 11 allows attackers to cause a denial
| of service (CPU consumption) via a large p2c (aka PBES2
Source: fastdds
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for fastdds.
CVE-2024-26369[0]:
| An issue in the HistoryQosPolicy component of FastDDS v2.12.x,
| v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal
Source: ldap-account-manager
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for ldap-account-manager.
CVE-2024-2[0]:
| LDAP Account Manager (LAM) is a webfrontend for managing entries
| stored in an LDAP directory.
Source: clickhouse
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for clickhouse.
CVE-2024-22412[0]:
| ClickHouse is an open-source column-oriented database management
| system. A bug exists in the cloud ClickHouse
Source: black
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for black.
CVE-2024-21503[0]:
| Versions of the package black before 24.3.0 are vulnerable to
| Regular Expression Denial of Service (ReDoS) via the
|
Source: net-snmp
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for net-snmp. This appeared
in the CVE feed, but I doubt that it was actually forwarded upstream.
CVE-2024-26464[0]:
| net-snmp 5.9.4 contains a memory leak
Source: fontforge
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for fontforge.
CVE-2024-25081[0]:
| Splinefont in FontForge through 20230101 allows command injection
| via crafted filenames.
CVE-2024-25082[1]:
|
Source: apache-mime4j
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for apache-mime4j.
CVE-2024-21742[0]:
| Improper input validation allows for header injection in MIME4J
| library when using MIME4J DOM for composing
Source: krb5
X-Debbugs-CC: t...@security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerabilities were published for krb5. They appeared
in the CVE feed, but I doubt they have actually been forwarded to
Kerberos upstream...
CVE-2024-26458[0]:
| Kerberos 5 (aka krb5) 1.21.2
Source: texlive-bin
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for texlive-bin.
CVE-2024-25262[0]:
| texlive-bin commit c515e was discovered to contain heap buffer
| overflow via the function ttfLoadHDMX:ttfdump. This
Source: ruby-rack
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for ruby-rack.
CVE-2024-26141[0]:
Reject Range headers which are too large
https://github.com/rack/rack/releases/tag/v2.2.8.1
Source: fastdds
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for fastdds.
CVE-2023-50257[0]:
| eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of
| the Data Distribution Service standard of the Object
Source: pymatgen
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for pymatgen.
CVE-2024-23346[0]:
| Pymatgen (Python Materials Genomics) is an open-source Python
| library for materials analysis. A critical security
Source: plasma-workspace
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for plasma-workspace.
CVE-2024-1433[0]:
| A vulnerability, which was classified as problematic, was found in
| KDE Plasma Workspace up to 5.93.0. This
Source: iwd
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for iwd.
CVE-2023-52161[0]:
https://www.top10vpn.com/research/wifi-vulnerabilities/
While this mentions a patch for wpasupplication, it's not obvious
if this was
Source: wpa
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for wpa.
CVE-2023-52160[0]:
https://www.top10vpn.com/research/wifi-vulnerabilities/
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baff
If you fix the
Source: nodejs
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for nodejs.
CVE-2023-46809[0]:
Source: qtbase-opensource-src-gles
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtbase-opensource-src-gles.
CVE-2024-25580[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2264423
Source: qtbase-opensource-src
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qtbase-opensource-src.
CVE-2024-25580[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2264423
Source: qt6-base
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for qt6-base.
CVE-2024-25580[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2264423
Source: azure-uamqp-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for azure-uamqp-python.
CVE-2024-25110[0]:
| The UAMQP is a general purpose C library for AMQP 1.0. During a call
| to open_get_offered_capabilities, a
Source: python-glance-store
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-glance-store.
CVE-2024-1141[0]:
| A vulnerability was found in python-glance-store. The issue occurs
| when the package logs the
Source: libhibernate-validator-java
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libhibernate-validator-java.
CVE-2023-1932[0]:
rendering of invalid html with SafeHTML leads to HTML injection and XSS
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2023-4639[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2166022
If you fix the vulnerability please also make sure to include the
CVE
Source: python-multipart
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for python-multipart.
CVE-2024-24762[0]:
| FastAPI is a web framework for building APIs with Python 3.8+ based
| on standard Python type hints. When
1 - 100 of 2447 matches
Mail list logo