Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0e106d4 by Moritz Muehlenhoff at 2024-05-22T17:23:03+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -447,7 +447,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube
Showcase \u2013 Video Galler
CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to
spoof the s ...)
NOT-FOR-US: WinRAR
CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with
untrusted JSON ...)
- - python-pymysql <unfixed>
+ - python-pymysql <unfixed> (bug #1071628)
NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp
NOTE:
https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c
(v1.1.1)
CVE-2024-35386 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to
cause a den ...)
@@ -4869,8 +4869,8 @@ CVE-2024-35184 (Paperless-ngx is a document management
system that transforms ph
CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git
authenti ...)
TODO: check
CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6
has a den ...)
- - ruby3.2 <unfixed>
- - ruby3.1 <unfixed>
+ - ruby3.2 <unfixed> (bug #1071627)
+ - ruby3.1 <unfixed> (bug #1071626)
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
- ruby2.5 <removed>
@@ -5919,13 +5919,13 @@ CVE-2024-4813 (A vulnerability classified as critical
has been found in Ruijie R
CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4068 (The NPM package `braces` fails to limit the number of
characters it ca ...)
- - node-braces <unfixed>
+ - node-braces <unfixed> (bug #1071632)
[bookworm] - node-braces <no-dsa> (Minor issue)
[bullseye] - node-braces <no-dsa> (Minor issue)
[buster] - node-braces <postponed> (Minor issue)
NOTE: https://github.com/micromatch/braces/issues/35
CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular
Expression Denia ...)
- - node-micromatch <unfixed>
+ - node-micromatch <unfixed> (bug #1071631)
[bookworm] - node-micromatch <no-dsa> (Minor issue)
[bullseye] - node-micromatch <no-dsa> (Minor issue)
[buster] - node-micromatch <postponed> (Minor issue)
@@ -7146,7 +7146,7 @@ CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316
has a vulnerability in
CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS)
vulnerability in ...)
NOT-FOR-US: jizhicms
CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the
modbus_writ ...)
- - libmodbus <unfixed>
+ - libmodbus <unfixed> (bug #1071633)
[bookworm] - libmodbus <no-dsa> (Minor issue)
[bullseye] - libmodbus <no-dsa> (Minor issue)
[buster] - libmodbus <postponed> (Minor issue; out-of-bounds read, DoS)
@@ -8048,7 +8048,7 @@ CVE-2024-4492 (A vulnerability, which was classified as
critical, has been found
CVE-2024-4491 (A vulnerability classified as critical was found in Tenda i21
1.0.0.14 ...)
NOT-FOR-US: Tenda
CVE-2024-34490 (In Maxima through 5.47.0 before 51704c, the plotting
facilities make u ...)
- - maxima <unfixed>
+ - maxima <unfixed> (bug #1071630)
[bookworm] - maxima <no-dsa> (Minor issue)
[bullseye] - maxima <no-dsa> (Minor issue)
[buster] - maxima <postponed> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0e106d41947da7c67df7bbf0fd5f85c734f459c
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0e106d41947da7c67df7bbf0fd5f85c734f459c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
