Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d85816e2 by Salvatore Bonaccorso at 2024-05-08T23:33:34+02:00
Process some NFUs
- - - - -
ec0f49b4 by Salvatore Bonaccorso at 2024-05-08T23:33:34+02:00
Add new suricata issues
- - - - -
c528e26a by Salvatore Bonaccorso at 2024-05-08T23:33:35+02:00
Add two new glpi issues
- - - - -
c236e40b by Salvatore Bonaccorso at 2024-05-08T23:33:35+02:00
Add CVE-2024-32972/golang-github-go-ethereum
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,9 +27,9 @@ CVE-2024-4233 (Missing Authorization vulnerability in Tyche
Softwares Print Invo
CVE-2024-4135 (The WP Latest Posts plugin for WordPress is vulnerable to
arbitrary sh ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3951 (PTC Codebeamer is vulnerable to a cross site scripting
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: PTC Codebeamer
CVE-2024-3507 (Improper privilege management vulnerability in Lunar software
that aff ...)
- TODO: check
+ NOT-FOR-US: Lunar
CVE-2024-34574 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34573 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -352,7 +352,7 @@ CVE-2024-4346 (The Startklar Elementor Addons plugin for
WordPress is vulnerable
CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is
vulnerable to a ...)
NOT-FOR-US: WordPress plugin
CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of
arbitrary ...)
- TODO: check
+ NOT-FOR-US: AChecker
CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles
IMMUTABLE privi ...)
TODO: check
CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to
load a mal ...)
@@ -364,7 +364,7 @@ CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain
a local file inclusio
CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file
inclusion vune ...)
NOT-FOR-US: CmsEasy
CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of
service a ...)
- TODO: check
+ NOT-FOR-US: Minder by Stacklok
CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows
Local File ...)
NOT-FOR-US: Logpoint
CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code
sent throu ...)
@@ -388,37 +388,57 @@ CVE-2024-33748 (Cross-site scripting (XSS) vulnerability
in the search function
CVE-2024-33434 (An issue in tiagorlampert CHAOS before
1b451cf62582295b7225caf5a7b506f ...)
TODO: check
CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33161 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33155 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33153 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33149 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33148 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33147 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33146 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33144 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33139 (J2EEFAST v2.7.0 was discovered to contain a SQL injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: J2EEFAST
CVE-2024-33124 (Roothub v2.6 was discovered to contain a SQL injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: Roothub
CVE-2024-33122 (Roothub v2.6 was discovered to contain a SQL injection
vulnerability v ...)
- TODO: check
+ NOT-FOR-US: Roothub
CVE-2024-33120 (Roothub v2.5 was discovered to contain an arbitrary file
upload vulner ...)
- TODO: check
+ NOT-FOR-US: Roothub
CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- TODO: check
+ - suricata 1:7.0.5-1
+ NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5
+ NOTE:
https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9
+ NOTE:
https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66
+ NOTE:
https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634
+ NOTE:
https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b
+ NOTE:
https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9
+ NOTE:
https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8
+ NOTE: https://redmine.openinfosecfoundation.org/issues/6672
+ NOTE: https://redmine.openinfosecfoundation.org/issues/6673
+ NOTE: https://redmine.openinfosecfoundation.org/issues/6677
CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- TODO: check
+ - suricata 1:7.0.5-1
+ NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
+ NOTE:
https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379
+ NOTE:
https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion
Prevention ...)
- TODO: check
+ - suricata 1:7.0.5-1
+ NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
+ NOTE:
https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64
+ NOTE:
https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
+ NOTE:
https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019
+ NOTE:
https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5
+ NOTE: https://redmine.openinfosecfoundation.org/issues/6892
+ NOTE: https://redmine.openinfosecfoundation.org/issues/6900
CVE-2024-32371 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3
through 5.2.18 ...)
NOT-FOR-US: HSC Cybersecurity HC Mailinspector
CVE-2024-32370 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3
through 5.2.18 ...)
@@ -426,9 +446,13 @@ CVE-2024-32370 (An issue in HSC Cybersecurity HC
Mailinspector 5.2.17-3 through
CVE-2024-32369 (SQL Injection vulnerability in HSC Cybersecurity HC
Mailinspector 5.2. ...)
NOT-FOR-US: HSC Cybersecurity HC Mailinspector
CVE-2024-31456 (GLPI is a Free Asset and IT Management Software package. Prior
to 10.0 ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j
+ NOTE:
https://github.com/glpi-project/glpi/commit/730c3db29a1edc32f9b9d1e2a940e90a0211ab26
CVE-2024-29889 (GLPI is a Free Asset and IT Management Software package. Prior
to 10.0 ...)
- TODO: check
+ - glpi <removed>
+ NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g
+ NOTE:
https://github.com/glpi-project/glpi/commit/0a6b28be4c0f848106c60b554c703ec2e178d6c7
CVE-2024-29210 (A local privilege escalation (LPE) vulnerability has been
identified i ...)
TODO: check
CVE-2024-29209 (A medium severity vulnerability has been identified in the
update mech ...)
@@ -704,9 +728,9 @@ CVE-2024-34366 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2024-34252 (wasm3 v0.5.0 was discovered to contain a global buffer
overflow which ...)
NOT-FOR-US: wasm3
CVE-2024-34251 (An out-of-bound memory read vulnerability was discovered in
Bytecode A ...)
- TODO: check
+ NOT-FOR-US: wasm-micro-runtime
CVE-2024-34250 (A heap buffer overflow vulnerability was discovered in
Bytecode Allian ...)
- TODO: check
+ NOT-FOR-US: wasm-micro-runtime
CVE-2024-34249 (wasm3 v0.5.0 was discovered to contain a heap buffer overflow
which le ...)
NOT-FOR-US: wasm3
CVE-2024-34246 (wasm3 v0.5.0 was discovered to contain an out-of-bound memory
read whi ...)
@@ -795,7 +819,7 @@ CVE-2024-33110 (D-Link DIR-845L router v1.01KRb03 and
before is vulnerable to Pe
CVE-2024-32982 (Litestar and Starlite is an Asynchronous Server Gateway
Interface (ASG ...)
TODO: check
CVE-2024-32972 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
- TODO: check
+ - golang-github-go-ethereum <itp> (bug #890541)
CVE-2024-32807 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2041
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/030d71aa119533d74d58ce4a451b5fa79426b745...c236e40b86d7c13b941c0eeebae7eb76503f3f72
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/030d71aa119533d74d58ce4a451b5fa79426b745...c236e40b86d7c13b941c0eeebae7eb76503f3f72
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
