Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ffba85b7 by security tracker role at 2024-09-15T08:12:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-8868 (A vulnerability was found in code-projects Crud Operation
System 1.0. ...)
+ TODO: check
+CVE-2024-8867 (A vulnerability was found in Perfex CRM 3.1.6. It has been
declared as ...)
+ TODO: check
+CVE-2024-8866 (A vulnerability was found in AutoCMS 5.4. It has been
classified as pr ...)
+ TODO: check
+CVE-2024-8865 (A vulnerability was found in composiohq composio up to 0.5.8
and class ...)
+ TODO: check
+CVE-2024-8864 (A vulnerability has been found in composiohq composio up to
0.5.6 and ...)
+ TODO: check
+CVE-2024-8863 (A vulnerability, which was classified as problematic, was found
in aim ...)
+ TODO: check
+CVE-2024-45460 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-45459 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-45458 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-45457 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-45456 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-45455 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-44063 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-44062 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-44060 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
CVE-2024-8862 (A vulnerability, which was classified as critical, has been
found in h ...)
TODO: check
CVE-2024-6482 (The Login with phone number plugin for WordPress is vulnerable
to priv ...)
@@ -117759,7 +117789,7 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on
Cairo, a 2D graphics libra
NOTE:
https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
NOTE: Introduced in
https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c
(0.3)
CVE-2023-27585 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5438-1 DLA-3549-1 DLA-3394-1}
+ {DSA-5438-1 DLA-3887-1 DLA-3549-1 DLA-3394-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1036697)
- pjproject <removed>
- ring 20230922.0~ds1-1
@@ -163735,7 +163765,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK
for Android. Prior to vers
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package
Repository. ...)
NOT-FOR-US: Makedeb Mist
CVE-2022-39244 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5358-1 DLA-3549-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3887-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
- pjproject <removed>
- ring 20230206.0~ds1-1
@@ -186781,7 +186811,7 @@ CVE-2022-31033 (The Mechanize library is used for
automating interaction with we
CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of
software ...)
NOT-FOR-US: Tuleap
CVE-2022-31031 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5358-1 DLA-3549-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3887-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1017005)
@@ -205414,7 +205444,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL
JSON parsing and generation
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware
implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -205544,7 +205574,7 @@ CVE-2022-24765 (Git for Windows is a fork of Git
containing Windows-specific pat
NOTE:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
NOTE: See CVE-2022-29187 for further fixes
CVE-2022-24764 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <unfixed>
@@ -205552,7 +205582,7 @@ CVE-2022-24764 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE:
https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -205600,7 +205630,7 @@ CVE-2022-24755 (Bareos is open source software for
backup, archiving, and recove
NOTE: https://github.com/bareos/bareos/pull/1121
NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/
CVE-2022-24754 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DLA-3549-1 DLA-2962-1}
+ {DLA-3887-1 DLA-3549-1 DLA-2962-1}
- asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1014998)
@@ -209892,7 +209922,7 @@ CVE-2022-23610 (wire-server provides back end
services for Wire, an open source
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on
Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -210029,14 +210059,14 @@ CVE-2022-23549 (Discourse is an option source
discussion platform. Prior to vers
CVE-2022-23548 (Discourse is an option source discussion platform. Prior to
version 2. ...)
NOT-FOR-US: Discourse
CVE-2022-23537 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5358-1 DLA-3549-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3887-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject <removed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE:
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
CVE-2022-23547 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5358-1 DLA-3549-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3887-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject <removed>
@@ -222437,7 +222467,7 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC
Driver. A security hole wa
NOTE:
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
NOTE:
https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813
(REL42.3.2)
CVE-2022-21723 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -222448,7 +222478,7 @@ CVE-2022-21723 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
NOTE:
https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
CVE-2022-21722 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -222996,7 +223026,7 @@ CVE-2021-43847 (HumHub is an open-source social
network kit written in PHP. Prio
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus
e-commer ...)
NOT-FOR-US: solidus_frontend
CVE-2021-43845 (PJSIP is a free and open source multimedia communication
library. In v ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -223101,7 +223131,7 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source
tool for end to end traceabili
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on
Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225501,7 +225531,7 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's
LZ4 compression codec when
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE:
https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An
attacker ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225509,7 +225539,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when
calling pjsua_call_dump. An at
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling
pjsua_recorder_create. An ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225517,7 +225547,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when
calling pjsua_recorder_crea
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling
pjsua_playlist_create. An att ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225525,7 +225555,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when
calling pjsua_playlist_create.
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling
pjsua_recorder_create. An att ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225533,7 +225563,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when
calling pjsua_recorder_create.
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create.
An attac ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -242360,7 +242390,7 @@ CVE-2021-37708 (Shopware is an open source eCommerce
platform. Versions prior to
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior
to 6.4.3 ...)
NOT-FOR-US: Shopware
CVE-2021-37706 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -254801,7 +254831,7 @@ CVE-2021-32687 (Redis is an open source, in-memory
database that persists on dis
- redis 5:6.0.16-1
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
CVE-2021-32686 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DSA-4999-1 DLA-2962-1}
+ {DSA-4999-1 DLA-3887-1 DLA-2962-1}
- asterisk 1:16.16.1~dfsg-2 (bug #991931)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffba85b76e64c9cf44ae91482a0b98728ae9a5c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffba85b76e64c9cf44ae91482a0b98728ae9a5c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
