Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b9e1a5c by security tracker role at 2024-04-19T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,243 @@
+CVE-2024-3979 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-3818 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks,
Patterns & ...)
+ TODO: check
+CVE-2024-3742 (Electrolink transmitters store credentials in clear-text. Use
of these ...)
+ TODO: check
+CVE-2024-3741 (Electrolink transmitters are vulnerable to an authentication
bypass v ...)
+ TODO: check
+CVE-2024-3731 (The Customer Reviews for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-3684 (A server side request forgery vulnerability was identified in
GitHub E ...)
+ TODO: check
+CVE-2024-3654 (An XSS vulnerability has been found in Teimas Global's Teixo,
version ...)
+ TODO: check
+CVE-2024-3646 (A command injection vulnerability was identified in GitHub
Enterprise ...)
+ TODO: check
+CVE-2024-3615 (The Media Library Folders plugin for WordPress is vulnerable to
Reflec ...)
+ TODO: check
+CVE-2024-3600 (The Poll Maker \u2013 Best WordPress Poll Plugin plugin for
WordPress ...)
+ TODO: check
+CVE-2024-3598 (The ElementsKit Pro plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-3560 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-3470 (An Improper Privilege Management vulnerability was identified
in GitHu ...)
+ TODO: check
+CVE-2024-32683 (Authorization Bypass Through User-Controlled Key vulnerability
in Wpme ...)
+ TODO: check
+CVE-2024-32652 (The adapter @hono/node-server allows you to run your Hono
application ...)
+ TODO: check
+CVE-2024-32650 (Rustls is a modern TLS library written in Rust.
`rustls::ConnectionCom ...)
+ TODO: check
+CVE-2024-32644 (Evmos is a scalable, high-throughput Proof-of-Stake EVM
blockchain tha ...)
+ TODO: check
+CVE-2024-32478 (Git Credential Manager (GCM) is a secure Git credential
helper. Prior ...)
+ TODO: check
+CVE-2024-32473 (Moby is an open source container framework that is a key
component of ...)
+ TODO: check
+CVE-2024-32409 (An issue in SEMCMS v.4.8 allows a remote attacker to execute
arbitrary ...)
+ TODO: check
+CVE-2024-32206 (A stored cross-site scripting (XSS) vulnerability in the
component \af ...)
+ TODO: check
+CVE-2024-32166 (Webid v1.2.1 suffers from an Insecure Direct Object Reference
(IDOR) - ...)
+ TODO: check
+CVE-2024-32038 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2024-31846 (An issue was discovered in Italtel Embrace 1.6.4. The web
application ...)
+ TODO: check
+CVE-2024-31841 (An issue was discovered in Italtel Embrace 1.6.4. The web
server fails ...)
+ TODO: check
+CVE-2024-31750 (SQL injection vulnerability in f-logic datacube3 v.1.0 allows
a remote ...)
+ TODO: check
+CVE-2024-31745 (Libdwarf v0.9.1 was discovered to contain a heap
use-after-free via th ...)
+ TODO: check
+CVE-2024-31744 (In Jasper 4.2.2, the jpc_streamlist_remove function in
src/libjasper/j ...)
+ TODO: check
+CVE-2024-31587 (SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower
allows an ...)
+ TODO: check
+CVE-2024-31552 (CuteHttpFileServer v.3.1 version has an arbitrary file
download vulner ...)
+ TODO: check
+CVE-2024-31547 (Computer Laboratory Management System v1.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-31546 (Computer Laboratory Management System v1.0 is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-31450 (Owncast is an open source, self-hosted, decentralized, single
user liv ...)
+ TODO: check
+CVE-2024-30938 (SQL Injection vulnerability in SEMCMS v.4.8 allows a remote
attacker t ...)
+ TODO: check
+CVE-2024-30929 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below
allows a ...)
+ TODO: check
+CVE-2024-30928 (SQL Injection vulnerability in DerbyNet v9.0 and below allows
attacker ...)
+ TODO: check
+CVE-2024-30927 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below
allows a ...)
+ TODO: check
+CVE-2024-30926 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below
allows a ...)
+ TODO: check
+CVE-2024-30925 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below
allows a ...)
+ TODO: check
+CVE-2024-30924 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below
allows a ...)
+ TODO: check
+CVE-2024-30923 (SQL Injection vulnerability in DerbyNet v9.0 and below allows
a remote ...)
+ TODO: check
+CVE-2024-30922 (SQL Injection vulnerability in DerbyNet v9.0 allows a remote
attacker ...)
+ TODO: check
+CVE-2024-30921 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below
allows a ...)
+ TODO: check
+CVE-2024-30920 (Cross Site Scripting vulnerability in DerbyNet v9.0 and below
allows a ...)
+ TODO: check
+CVE-2024-30107 (HCL Connections contains a broken access control vulnerability
that ma ...)
+ TODO: check
+CVE-2024-2761 (The Genesis Blocks WordPress plugin before 3.1.3 does not
properly esc ...)
+ TODO: check
+CVE-2024-2440 (A race condition in GitHub Enterprise Server allowed an
existing admin ...)
+ TODO: check
+CVE-2024-29991 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
+ TODO: check
+CVE-2024-29969 (When a Brocade SANnav installation is upgraded from Brocade
SANnav v2. ...)
+ TODO: check
+CVE-2024-29968 (An information disclosure vulnerability exists in Brocade
SANnav befor ...)
+ TODO: check
+CVE-2024-29967 (In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it
was obse ...)
+ TODO: check
+CVE-2024-29966 (Brocade SANnav OVA before v2.3.1 and v2.3.0a contain
hard-coded creden ...)
+ TODO: check
+CVE-2024-29965 (In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible
to back u ...)
+ TODO: check
+CVE-2024-29964 (Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a
have an i ...)
+ TODO: check
+CVE-2024-29963 (Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain
hardcoded keys ...)
+ TODO: check
+CVE-2024-29962 (Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure
file per ...)
+ TODO: check
+CVE-2024-29961 (A vulnerability affects Brocade SANnav before v2.3.1 and
v2.3.0a. It a ...)
+ TODO: check
+CVE-2024-29960 (In the Brocade SANnav server versions before v2.3.1 and
v2.3.0a, the S ...)
+ TODO: check
+CVE-2024-29959 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a
prints Bro ...)
+ TODO: check
+CVE-2024-29958 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a
prints the ...)
+ TODO: check
+CVE-2024-29957 (When Brocade SANnav before v2.3.1 and v2.3.0a servers are
configured i ...)
+ TODO: check
+CVE-2024-29204 (A Heap Overflow vulnerability in WLAvalancheService component
of Ivant ...)
+ TODO: check
+CVE-2024-29183 (OpenRASP is a RASP solution that directly integrates its
protection en ...)
+ TODO: check
+CVE-2024-29030 (memos is a privacy-first, lightweight note-taking service. In
memos 0. ...)
+ TODO: check
+CVE-2024-29029 (memos is a privacy-first, lightweight note-taking service. In
memos 0. ...)
+ TODO: check
+CVE-2024-29028 (memos is a privacy-first, lightweight note-taking service. In
memos 0. ...)
+ TODO: check
+CVE-2024-27984 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-27978 (A Null Pointer Dereference vulnerability in WLAvalancheService
compone ...)
+ TODO: check
+CVE-2024-27977 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-27976 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-27975 (An Use-after-free vulnerability in WLAvalancheService
component of Iva ...)
+ TODO: check
+CVE-2024-27752 (Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a
remote ...)
+ TODO: check
+CVE-2024-25000 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-24999 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-24998 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-24997 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-24996 (A Heap overflow vulnerability in WLInfoRailService component
of Ivanti ...)
+ TODO: check
+CVE-2024-24995 (A Race Condition (TOCTOU) vulnerability in web component of
Ivanti Ava ...)
+ TODO: check
+CVE-2024-24994 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-24993 (A Race Condition (TOCTOU) vulnerability in web component of
Ivanti Ava ...)
+ TODO: check
+CVE-2024-24992 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-24991 (A Null Pointer Dereference vulnerability in WLAvalancheService
compone ...)
+ TODO: check
+CVE-2024-23535 (A Path Traversal vulnerability in web component of Ivanti
Avalanche be ...)
+ TODO: check
+CVE-2024-23534 (An Unrestricted File-upload vulnerability in web component of
Ivanti A ...)
+ TODO: check
+CVE-2024-23533 (An out-of-bounds read vulnerability in WLAvalancheService
component of ...)
+ TODO: check
+CVE-2024-23532 (An out-of-bounds Read vulnerability in WLAvalancheService
component of ...)
+ TODO: check
+CVE-2024-23531 (An Integer Overflow vulnerability in WLInfoRailService
component of Iv ...)
+ TODO: check
+CVE-2024-23530 (An out-of-bounds read vulnerability in WLAvalancheService
component of ...)
+ TODO: check
+CVE-2024-23529 (An out-of-bounds read vulnerability in WLAvalancheService
component of ...)
+ TODO: check
+CVE-2024-23528 (An out-of-bounds read vulnerability in WLAvalancheService
component of ...)
+ TODO: check
+CVE-2024-23526 (An out-of-bounds read vulnerability in WLAvalancheService
component of ...)
+ TODO: check
+CVE-2024-22186 (The application suffers from a privilege escalation
vulnerability. An ...)
+ TODO: check
+CVE-2024-22179 (The application is vulnerable to an unauthenticated parameter
manipul ...)
+ TODO: check
+CVE-2024-22061 (A Heap Overflow vulnerability in WLInfoRailService component
of Ivanti ...)
+ TODO: check
+CVE-2024-21872 (The device allows an unauthenticated attacker to bypass
authentication ...)
+ TODO: check
+CVE-2024-21846 (An unauthenticated attacker can reset the board and stop
transmitter ...)
+ TODO: check
+CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the
log lev ...)
+ TODO: check
+CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows
MPFS ...)
+ TODO: check
+CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel
Driver, Arm ...)
+ TODO: check
+CVE-2024-0671 (Use After Free vulnerability in Arm Ltd Midgard GPU Kernel
Driver, Arm ...)
+ TODO: check
+CVE-2023-51798 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ TODO: check
+CVE-2023-51797 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ TODO: check
+CVE-2023-51796 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ TODO: check
+CVE-2023-51795 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ TODO: check
+CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ TODO: check
+CVE-2023-51792 (Buffer Overflow vulnerability in libde265 v1.0.12 allows a
local attac ...)
+ TODO: check
+CVE-2023-51791 (Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06
allows a ...)
+ TODO: check
+CVE-2023-50260 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2023-50010 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
+ TODO: check
+CVE-2023-50009 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
+ TODO: check
+CVE-2023-50008 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
+ TODO: check
+CVE-2023-50007 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
+ TODO: check
+CVE-2023-49963 (DYMO LabelWriter Print Server through 2.366 contains a
backdoor hard-c ...)
+ TODO: check
+CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
+ TODO: check
+CVE-2023-49501 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5
allows a ...)
+ TODO: check
+CVE-2023-49275 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2023-47435 (An issue in the verifyPassword function of hexo-theme-matery
v2.0.0 al ...)
+ TODO: check
+CVE-2023-37400 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user
to esca ...)
+ TODO: check
+CVE-2023-37397 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user
to obta ...)
+ TODO: check
+CVE-2023-37396 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user
to obta ...)
+ TODO: check
CVE-2024-3948 (A vulnerability was found in SourceCodester Home Clean Service
System ...)
NOT-FOR-US: SourceCodester Home Clean Service System
CVE-2024-32689 (Missing Authorization vulnerability in GenialSouls WP Social
Comments. ...)
@@ -117,6 +357,7 @@ CVE-2024-32470 (Tolgee is an open-source localization
platform. When API key cre
CVE-2024-32466 (Tolgee is an open-source localization platform. For the
`/v2/projects/ ...)
NOT-FOR-US: Tolgee
CVE-2024-32462 (Flatpak is a system for building, distributing, and running
sandboxed ...)
+ {DSA-5666-1}
- flatpak 1.14.6-1
NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/5
NOTE:
https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
@@ -1582,7 +1823,7 @@ CVE-2024-XXXX [Stored XSS in Avatar block]
NOTE:
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
NOTE:
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames
that wo ...)
- {DSA-5663-1}
+ {DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302
@@ -1591,7 +1832,7 @@ CVE-2024-3865 (Memory safety bugs present in Firefox 124.
Some of these bugs sho
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
CVE-2024-3864 (Memory safety bug present in Firefox 124, Firefox ESR 115.9,
and Thund ...)
- {DSA-5663-1}
+ {DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
@@ -1605,7 +1846,7 @@ CVE-2024-3862 (The MarkStack assignment operator, part of
the JavaScript engine,
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
CVE-2024-3861 (If an AlignedBuffer were assigned to itself, the subsequent
self-move ...)
- {DSA-5663-1}
+ {DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861
@@ -1614,7 +1855,7 @@ CVE-2024-3860 (An out-of-memory condition during object
initialization could res
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
CVE-2024-3859 (On 32-bit versions there were integer-overflows that led to an
out-of- ...)
- {DSA-5663-1}
+ {DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859
@@ -1623,7 +1864,7 @@ CVE-2024-3858 (It was possible to mutate a JavaScript
object so that the JIT cou
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
CVE-2024-3857 (The JIT created incorrect code for arguments in certain cases.
This le ...)
- {DSA-5663-1}
+ {DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857
@@ -1635,7 +1876,7 @@ CVE-2024-3855 (In certain cases the JIT incorrectly
optimized MSubstr operations
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
CVE-2024-3854 (In some code patterns the JIT incorrectly optimized switch
statements ...)
- {DSA-5663-1}
+ {DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854
@@ -1644,7 +1885,7 @@ CVE-2024-3853 (A use-after-free could result if a
JavaScript realm was in the pr
- firefox 125.0.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
CVE-2024-3852 (GetBoundName could return the wrong version of an object when
JIT opti ...)
- {DSA-5663-1}
+ {DSA-5663-1 DLA-3790-1}
- firefox 125.0.1-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852
@@ -2483,7 +2724,7 @@ CVE-2024-3623
NOT-FOR-US: mirror-registry for Quay
CVE-2024-3622
NOT-FOR-US: mirror-registry for Quay
-CVE-2024-3400 (A command injection vulnerability in the GlobalProtect feature
of Palo ...)
+CVE-2024-3400 (A command injection as a result of arbitrary file creation
vulnerabili ...)
NOT-FOR-US: Palo Alto Networks
CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote
attacker to exe ...)
NOT-FOR-US: tiagorlampert CHAOS
@@ -10354,7 +10595,7 @@ CVE-2024-2610 (Using a markup injection an attacker
could have stolen nonce valu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
CVE-2024-2609 (The permission prompt input delay could expire while the window
is not ...)
- {DSA-5663-1}
+ {DSA-5663-1 DLA-3790-1}
- firefox 124.0-1
- firefox-esr 115.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
@@ -11756,7 +11997,7 @@ CVE-2024-24693 (Improper access control in the
installer for Zoom Rooms Client f
CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for
Windows befo ...)
NOT-FOR-US: Zoom
CVE-2024-24549 (Denial of Service due to improper input validation
vulnerability for H ...)
- {DSA-5665-1 DLA-3779-1}
+ {DSA-5667-1 DSA-5665-1 DLA-3779-1}
- tomcat10 10.1.20-1 (bug #1066878)
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
@@ -11764,7 +12005,7 @@ CVE-2024-24549 (Denial of Service due to improper input
validation vulnerability
NOTE:
https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
(9.0.86)
NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack,
using that as the fixed version
CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in
Apache Tomca ...)
- {DSA-5665-1 DLA-3779-1}
+ {DSA-5667-1 DSA-5665-1 DLA-3779-1}
- tomcat10 10.1.20-1 (bug #1066877)
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
@@ -22879,7 +23120,7 @@ CVE-2024-23055 (An issue in Plone Docker Official Image
5.2.13 (5221) open-sourc
NOT-FOR-US: Plone Docker image
CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0
allows ...)
NOT-FOR-US: Projectworlds Vistor Management Systemin PHP
-CVE-2024-22640
+CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular
Expression Denia ...)
- tcpdf <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
NOTE: https://github.com/zunak/CVE-2024-22640
@@ -34528,7 +34769,7 @@ CVE-2023-40056 (SQL Injection Remote Code Vulnerability
was found in the SolarWi
CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and
3.1.0-3.1.5, ...)
NOT-FOR-US: Spring Boot
CVE-2023-46589 (Improper Input Validation vulnerability in Apache
Tomcat.Tomcat from 1 ...)
- {DSA-5665-1 DLA-3707-1}
+ {DSA-5667-1 DSA-5665-1 DLA-3707-1}
- tomcat10 10.1.16-1 (bug #1057082)
- tomcat9 9.0.70-2
- tomcat8 <removed>
@@ -76144,8 +76385,8 @@ CVE-2023-27281
RESERVED
CVE-2023-27280
RESERVED
-CVE-2023-27279
- RESERVED
+CVE-2023-27279 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to
cause a de ...)
+ TODO: check
CVE-2023-27278
RESERVED
CVE-2023-27277
@@ -89439,8 +89680,8 @@ CVE-2023-22871
RESERVED
CVE-2023-22870 (IBM Aspera Faspex 5.0.5 transmits sensitive information in
cleartext w ...)
NOT-FOR-US: IBM
-CVE-2023-22869
- RESERVED
+CVE-2023-22869 (IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially
sensitive inf ...)
+ TODO: check
CVE-2023-22868 (IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting.
This vu ...)
NOT-FOR-US: IBM
CVE-2023-22867
@@ -117335,8 +117576,8 @@ CVE-2022-40747 ("IBM InfoSphere Information Server
11.7 is vulnerable to an XML
NOT-FOR-US: IBM
CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through
1.1.9.0 co ...)
NOT-FOR-US: IBM
-CVE-2022-40745
- RESERVED
+CVE-2022-40745 (IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user
to obta ...)
+ TODO: check
CVE-2022-40744 (IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site
scripting. ...)
NOT-FOR-US: IBM
CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin
in Apach ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b9e1a5c632f0d169c76fed1ce5009afbf1539a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b9e1a5c632f0d169c76fed1ce5009afbf1539a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
