Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c92c5df7 by security tracker role at 2024-04-07T08:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2024-3417 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2024-3416 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
+ TODO: check
+CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource
Information ...)
+ TODO: check
+CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource
Information ...)
+ TODO: check
+CVE-2024-30415 (Vulnerability of improper permission control in the window
management ...)
+ TODO: check
+CVE-2024-30414 (Command injection vulnerability in the AccountManager module.
Impact: ...)
+ TODO: check
+CVE-2024-30413 (Vulnerability of improper permission control in the window
management ...)
+ TODO: check
+CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging,
News & ...)
+ TODO: check
CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource
Inform ...)
NOT-FOR-US: SourceCodester Human Resource Information System
CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up
to 10.1 ...)
@@ -373,7 +389,7 @@ CVE-2024-28871 (LibHTP is a security-aware parser for the
HTTP protocol and the
NOTE: https://redmine.openinfosecfoundation.org/issues/6757
CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM
Application G ...)
NOT-FOR-US: IBM
-CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik
GmbH IN ...)
+CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a
remote a ...)
NOT-FOR-US: INOTEC
CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through
24.0.0.3 is ...)
NOT-FOR-US: IBM
@@ -3243,7 +3259,7 @@ CVE-2023-39311 (Cross-Site Request Forgery (CSRF)
vulnerability in ThemeFusion F
CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in U ...)
NOT-FOR-US: WordPress plugin
CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid
tty permi ...)
- {DSA-5650-1}
+ {DSA-5650-1 DLA-3782-1}
- util-linux 2.39.3-11 (bug #1067849)
NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5
NOTE:
https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253
(v2.40)
@@ -11791,6 +11807,7 @@ CVE-2024-23496 (A heap-based buffer overflow
vulnerability exists in the GGUF li
CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to
contain a Ser ...)
NOT-FOR-US: Tencent Blueking CMDB
CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2
SSL con ...)
+ {DLA-3780-1}
- jetty9 9.4.54-1 (bug #1064923)
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
NOTE: https://github.com/jetty/jetty.project/issues/11256
@@ -16484,6 +16501,7 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive
XML Entity Expansion if
NOTE: CVE is for fixing billion laughs attacks for users compiling
*without* XML_DTD defined,
NOTE: which is not the case for Debian.
CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource
consumptio ...)
+ {DLA-3783-1}
- expat 2.6.0-1 (bug #1063238)
NOTE: https://github.com/libexpat/libexpat/pull/789
NOTE: Merge commit:
https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1
@@ -186668,6 +186686,7 @@ CVE-2021-40814 (The Customer Photo Gallery addon
before 2.9.4 for PrestaShop is
CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip
content" featur ...)
NOT-FOR-US: Element-IT HTTP Commander
CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an
out-of-bounds ...)
+ {DLA-3781-1}
- libgd2 2.3.3-1
[bullseye] - libgd2 <no-dsa> (Minor issue)
[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -193584,6 +193603,7 @@ CVE-2021-38117
CVE-2021-38116
RESERVED
CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka
LibGD) thr ...)
+ {DLA-3781-1}
- libgd2 2.3.3-1 (bug #991912)
[bullseye] - libgd2 <no-dsa> (Minor issue)
[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -195059,6 +195079,7 @@ CVE-2021-37599 (The exporter/Login.aspx login form in
the Exporter in Nuance Win
CVE-2021-3668
RESERVED
CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can
potentially cause ...)
+ {DLA-3782-1}
- util-linux 2.36.1-8 (low; bug #991619)
[stretch] - util-linux <no-dsa> (Minor issue)
NOTE: https://github.com/karelzak/util-linux/issues/1395
@@ -392704,7 +392725,7 @@ CVE-2018-14555
CVE-2018-14554
RESERVED
CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a
NULL point ...)
- {DLA-2106-1}
+ {DLA-3781-1 DLA-2106-1}
- libgd2 2.3.0-1 (low; bug #951287)
[stretch] - libgd2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1599032
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c92c5df7d75471660b2750a81000ee7d0f8a8fbc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c92c5df7d75471660b2750a81000ee7d0f8a8fbc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
