Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a2e8f18 by Moritz Muehlenhoff at 2024-05-24T17:00:36+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6610,7 +6610,7 @@ CVE-2023-52655 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux 5.10.205-1
NOTE:
https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3)
CVE-2024-25581 (When incoming DNS over HTTPS support is enabled using the
nghttp2 prov ...)
- - dnsdist <unfixed>
+ - dnsdist <unfixed> (bug #1071750)
[bookworm] - dnsdist <not-affected> (Vulnerable code not present)
[bullseye] - dnsdist <not-affected> (Vulnerable code not present)
[buster] - dnsdist <not-affected> (Vulnerable code not present)
@@ -6649,7 +6649,7 @@ CVE-2024-2299 (A stored Cross-Site Scripting (XSS)
vulnerability exists in the p
CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam
Service Pr ...)
NOT-FOR-US: Veeam
CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a
server wi ...)
- - iperf3 <unfixed>
+ - iperf3 <unfixed> (bug #1071751)
[bookworm] - iperf3 <no-dsa> (Minor issue)
[bullseye] - iperf3 <no-dsa> (Minor issue)
[buster] - iperf3 <postponed> (Minor issue; can be fixed in next update)
@@ -8989,7 +8989,7 @@ CVE-2024-31963 (A vulnerability on Mitel 6800 Series and
6900 Series SIP Phones
CVE-2024-31673 (Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in
load_data.php via t ...)
NOT-FOR-US: Kliqqi-CMS
CVE-2024-31636 (An issue in LIEF v.0.14.1 allows a local attacker to obtain
sensitive ...)
- - lief <unfixed>
+ - lief <unfixed> (bug #1071743)
[bookworm] - lief <no-dsa> (Minor issue)
[bullseye] - lief <no-dsa> (Minor issue)
[buster] - lief <postponed> (Minor issue)
@@ -12761,7 +12761,7 @@ CVE-2024-32406 (Server-Side Template Injection (SSTI)
vulnerability in inducer r
CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer
relate ...)
NOT-FOR-US: inducer relate
CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation
violation, whic ...)
- - cjson <unfixed>
+ - cjson <unfixed> (bug #1071742)
[bookworm] - cjson <no-dsa> (Minor issue)
[bullseye] - cjson <no-dsa> (Minor issue)
[buster] - cjson <postponed> (Sefault only; can be piggy-backed with
future DLAs)
@@ -27042,7 +27042,7 @@ CVE-2024-2364 (A vulnerability classified as
problematic has been found in Music
CVE-2024-2363 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
AOL AIM T ...)
NOT-FOR-US: AOL AIM Triton
CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to
load them ...)
- - bpfcc <unfixed>
+ - bpfcc <unfixed> (bug #1071747)
[bookworm] - bpfcc <no-dsa> (Minor issue)
[bullseye] - bpfcc <no-dsa> (Minor issue)
[buster] - bpfcc <not-affected> (Vulnerable code introduced later)
@@ -27051,7 +27051,7 @@ CVE-2024-2314 (If kernel headers need to be extracted,
bcc will attempt to load
NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied
in 0.25.0+ds-2), and
NOTE: resulting in the additional problem in
https://bugs.debian.org/1068297
CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt
to load ...)
- - bpftrace <unfixed>
+ - bpftrace <unfixed> (bug #1071748)
[bookworm] - bpftrace <no-dsa> (Minor issue)
[bullseye] - bpftrace <no-dsa> (Minor issue)
[buster] - bpftrace <not-affected> (Vulnerable code introduced later)
@@ -29661,7 +29661,7 @@ CVE-2024-23302 (Couchbase Server before 7.2.4 has a
private key leak in goxdcr.l
CVE-2024-22983 (SQL injection vulnerability in Projectworlds Visitor
Management System ...)
NOT-FOR-US: Projectworlds Visitor Management System
CVE-2024-22871 (An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an
attacker ...)
- - clojure <unfixed>
+ - clojure <unfixed> (bug #1071746)
NOTE: https://github.com/advisories/GHSA-vr64-r9qj-h27f
NOTE: https://hackmd.io/@fe1w0/rymmJGida
CVE-2024-22532 (Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for
Windows x8 ...)
@@ -36191,7 +36191,7 @@ CVE-2024-24569 (The Pixee Java Code Security Toolkit is
a set of security APIs m
CVE-2024-24561 (Vyper is a pythonic Smart Contract Language for the ethereum
virtual m ...)
NOT-FOR-US: Vyper
CVE-2024-24557 (Moby is an open-source project created by Docker to enable
software co ...)
- - docker.io <unfixed>
+ - docker.io <unfixed> (bug #1071745)
[bookworm] - docker.io <no-dsa> (Minor issue)
[bullseye] - docker.io <no-dsa> (Minor issue)
[buster] - docker.io <no-dsa> (Minor issue with workarounds)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a2e8f18e760db5951a641560bdf259098dcde85
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a2e8f18e760db5951a641560bdf259098dcde85
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
