Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
518daeec by Moritz Muehlenhoff at 2024-04-11T17:49:05+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -120,7 +120,7 @@ CVE-2024-3569 (A Denial of Service (DoS) vulnerability
exists in the mintplex-la
CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary
code e ...)
NOT-FOR-US: huggingface/transformers
CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in
the upda ...)
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1068822)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273
CVE-2024-3566 (A command inject vulnerability allows an attacker to perform
command i ...)
@@ -535,7 +535,7 @@ CVE-2024-26815 (In the Linux kernel, the following
vulnerability has been resolv
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1)
CVE-2024-3447
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1068821)
NOTE: https://patchew.org/QEMU/[email protected]/
NOTE: https://patchew.org/QEMU/[email protected]/
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
@@ -594,10 +594,10 @@ CVE-2024-3235 (The Essential Grid Gallery WordPress
Plugin plugin for WordPress
CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form,
Login F ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of
sngrep ...)
- - sngrep <unfixed>
+ - sngrep <unfixed> (bug #1068818)
NOTE:
https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809
(v1.8.1)
CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of
sngrep since ...)
- - sngrep <unfixed>
+ - sngrep <unfixed> (bug #1068818)
NOTE:
https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc
(v1.8.1)
CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up
to and ...)
NOT-FOR-US: WordPress plugin
@@ -696,7 +696,7 @@ CVE-2024-3514 (The Responsive Tabs plugin for WordPress is
vulnerable to Stored
CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3446 (A double free vulnerability was found in QEMU virtio devices
(virtio-g ...)
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1068820)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274211
NOTE: https://patchew.org/QEMU/[email protected]/
CVE-2024-3281 (A vulnerability was discovered in the firmware builds after
8.0.2.3267 ...)
@@ -15356,7 +15356,7 @@ CVE-2023-44308 (Open redirect vulnerability in adaptive
media administration pag
CVE-2022-48625 (Yealink Config Encrypt Tool add RSA before 1.2 has a built-in
RSA key ...)
NOT-FOR-US: Yealink
CVE-2024-1635 (A vulnerability was found in Undertow. This vulnerability
impacts a se ...)
- - undertow <unfixed>
+ - undertow <unfixed> (bug #1068817)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264928
CVE-2024-25983 (Insufficient checks in a web service made it possible to add
comments ...)
- moodle <removed>
@@ -15431,14 +15431,14 @@ CVE-2024-23114 (Deserialization of Untrusted Data
vulnerability in Apache Camel
CVE-2024-22369 (Deserialization of Untrusted Data vulnerability in Apache
Camel SQL Co ...)
NOT-FOR-US: Apache Camel
CVE-2024-26328 (An issue was discovered in QEMU 7.1.0 through 8.2.1.
register_vfs in h ...)
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1068819)
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by:
https://gitlab.com/qemu-project/qemu/-/commit/7c0fa8dff811b5648964630a1334c3bb97e1e1c6
(v7.0.0-rc0)
NOTE:
https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org
CVE-2024-26327 (An issue was discovered in QEMU 7.1.0 through 8.2.1.
register_vfs in h ...)
- - qemu <unfixed>
+ - qemu <unfixed> (bug #1068819)
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -16938,7 +16938,7 @@ CVE-2022-48623 (The Cpanel::JSON::XS package before
4.33 for Perl performs out-o
CVE-2021-4437 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: lambda-middleware frameguard
CVE-2024-1459 (A path traversal vulnerability was found in Undertow. This
issue may a ...)
- - undertow <unfixed>
+ - undertow <unfixed> (bug #1068816)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259475
CVE-2024-1454 (The use-after-free vulnerability was found in the AuthentIC
driver in ...)
- opensc 0.25.0~rc1-1
@@ -63227,7 +63227,7 @@ CVE-2023-30468
RESERVED
CVE-2023-1973
RESERVED
- - undertow <unfixed>
+ - undertow <unfixed> (bug #1068815)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185662
CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR
models (MS- ...)
NOT-FOR-US: Milesight
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518daeec548e029080ea0dc66597c7a6839fa41d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/518daeec548e029080ea0dc66597c7a6839fa41d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
