[Git][security-tracker-team/security-tracker][master] 4 commits: Add CVE-2024-8796/ruby-devise-two-factor

Tue, 17 Sep 2024 13:43:32 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
87a777c1 by Salvatore Bonaccorso at 2024-09-17T22:43:02+02:00
Add CVE-2024-8796/ruby-devise-two-factor

- - - - -
e021c076 by Salvatore Bonaccorso at 2024-09-17T22:43:02+02:00
Process some NFUs

- - - - -
1c7c7886 by Salvatore Bonaccorso at 2024-09-17T22:43:03+02:00
Add CVE-2024-7788/libreoffice

- - - - -
57560f31 by Salvatore Bonaccorso at 2024-09-17T22:43:03+02:00
Add two new druid CVEs, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30,27 +30,29 @@ CVE-2024-8897 (Under certain conditions, an attacker with 
the ability to redirec
        - firefox <not-affected> (Only affects Firefox on Android)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-45/#CVE-2024-8897
 CVE-2024-8796 (Under the default configuration, Devise-Two-Factor versions >= 
2.2.0 & ...)
-       TODO: check
+       - ruby-devise-two-factor <unfixed>
+       NOTE: 
https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-qjxf-mc72-wjr2
 CVE-2024-8767 (Sensitive data disclosure and manipulation due to unnecessary 
privileg ...)
-       TODO: check
+       NOT-FOR-US: Acronis
 CVE-2024-8761 (The Share This Image plugin for WordPress is vulnerable to Open 
Redire ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2024-8660 (Concrete CMS versions 9.0.0 through 9.3.3 are affected by a 
stored XSS ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2024-7873 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        TODO: check
 CVE-2024-7788 (Improper Digital Signature Invalidation vulnerability in Zip 
Repair Mo ...)
-       TODO: check
+       - libreoffice 4:24.2.5-1
+       NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788
 CVE-2024-5998 (A vulnerability in the FAISS.deserialize_from_bytes function of 
langch ...)
-       TODO: check
+       NOT-FOR-US: langchain-ai/langchain
 CVE-2024-47049 (The czim/file-handling package before 1.5.0 and 2.x before 
2.3.0 (used ...)
        TODO: check
 CVE-2024-47047 (An issue was discovered in the powermail extension through 
12.4.0 for  ...)
-       TODO: check
+       NOT-FOR-US: TYPO3 extension
 CVE-2024-46362 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request 
Forgery  ...)
-       TODO: check
+       NOT-FOR-US: FrogCMS
 CVE-2024-46085 (FrogCMS V0.9.5 was discovered to contain a Cross-Site Request 
Forgery  ...)
-       TODO: check
+       NOT-FOR-US: FrogCMS
 CVE-2024-45812 (Vite a frontend build tooling framework for javascript. 
Affected versi ...)
        TODO: check
 CVE-2024-45811 (Vite a frontend build tooling framework for javascript. In 
affected ve ...)
@@ -64,21 +66,21 @@ CVE-2024-45798 (arduino-esp32 is an Arduino core for the 
ESP32, ESP32-S2, ESP32-
 CVE-2024-45682 (There is a command injection vulnerability that may allow an 
attacker  ...)
        TODO: check
 CVE-2024-45612 (Contao is an Open Source CMS. In affected versions an 
untrusted user c ...)
-       TODO: check
+       NOT-FOR-US: Contao CMS
 CVE-2024-45606 (Sentry is a developer-first error tracking and performance 
monitoring  ...)
        TODO: check
 CVE-2024-45605 (Sentry is a developer-first error tracking and performance 
monitoring  ...)
        TODO: check
 CVE-2024-45604 (Contao is an Open Source CMS. In affected versions 
authenticated users ...)
-       TODO: check
+       NOT-FOR-US: Contao CMS
 CVE-2024-45537 (Apache Druid allows users with certain permissions to read 
data from o ...)
-       TODO: check
+       - druid <itp> (bug #825797)
 CVE-2024-45398 (Contao is an Open Source CMS. In affected versions a back end 
user wit ...)
-       TODO: check
+       NOT-FOR-US: Contao CMS
 CVE-2024-45384 (Padding Oracle vulnerability in Apache Druid extension, 
druid-pac4j. T ...)
-       TODO: check
+       - druid <itp> (bug #825797)
 CVE-2024-43460 (Improper authorization in Dynamics 365 Business Central 
resulted in a  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2024-42503 (Authenticated command execution vulnerability exist in the  
ArubaOS co ...)
        TODO: check
 CVE-2024-42502 (Authenticated command injection vulnerability exists in the 
ArubaOS co ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/725dc4cdd2481883503e7bfef02d07185d448edf...57560f31e90256d9c2ccb1b07acd711210f864a8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/725dc4cdd2481883503e7bfef02d07185d448edf...57560f31e90256d9c2ccb1b07acd711210f864a8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to