Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be0e5fa1 by Moritz Muehlenhoff at 2024-10-12T11:44:07+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -83,7 +83,7 @@ CVE-2024-8531 (CWE-347: Improper Verification of
Cryptographic Signature vulnera
CVE-2024-8530 (CWE-306: Missing Authentication for Critical Function
vulnerability ex ...)
NOT-FOR-US: Schneider
CVE-2024-8376 (In Eclipse Mosquitto up to version 2.0.18a, an attacker can
achieve me ...)
- - mosquitto <unfixed>
+ - mosquitto <unfixed> (bug #1084982)
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217
@@ -152,7 +152,7 @@ CVE-2024-47884 (foxmarks is a CLI read-only interface for
Firefox's bookmarks an
CVE-2024-47877 (Extract is aA Go library to extract archives in zip, tar.gz or
tar.bz2 ...)
NOT-FOR-US: codeclysm/extract Go library
CVE-2024-47875 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS
sanitizer for H ...)
- - node-dompurify <unfixed>
+ - node-dompurify <unfixed> (bug #1084983)
NOTE:
https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
NOTE:
https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
NOTE:
https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
@@ -177,14 +177,14 @@ CVE-2024-46215 (A vulnerability was discovered in
KM08-708H-v1.1, There is a buf
CVE-2024-46088 (An arbitrary file upload vulnerability in the
ProductAction.entphone i ...)
NOT-FOR-US: Zhejiang University Entersoft Customer Resource Management
System
CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Wh ...)
- - h2o <unfixed>
+ - h2o <unfixed> (bug #1084984)
NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92
NOTE:
https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562
NOTE:
https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c
CVE-2024-45402 (Picotls is a TLS protocol library that allows users select
different c ...)
- picotls <itp> (bug #925405)
CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Wh ...)
- - h2o <unfixed>
+ - h2o <unfixed> (bug #1084984)
NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-jf2c-xjcp-wg4c
NOTE:
https://github.com/h2o/h2o/commit/15ed15a2efb83a77bb4baaa5a119e639c2f6898a
CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to
commtit d ...)
@@ -230,7 +230,7 @@ CVE-2024-33579 (A DLL hijack vulnerability was reported in
Lenovo Baiying that c
CVE-2024-33578 (A DLL hijack vulnerability was reported in Lenovo Leyun that
could all ...)
NOT-FOR-US: Lenovo
CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and
HTTP/3. Th ...)
- - h2o <unfixed>
+ - h2o <unfixed> (bug #1084984)
NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-5m7v-cj65-h6pj
NOTE: https://github.com/h2o/h2o/issues/3332
NOTE:
https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be
@@ -634,12 +634,12 @@ CVE-2024-7048 (In version v0.3.8 of open-webui, an
improper privilege management
CVE-2024-6747 (Information leakage in mknotifyd in Checkmk before 2.3.0p18,
2.2.0p36, ...)
- check-mk <removed>
CVE-2024-48958 (execute_filter_delta in archive_read_support_format_rar.c in
libarchiv ...)
- - libarchive <unfixed>
+ - libarchive <unfixed> (bug #1084978)
[bullseye] - libarchive <not-affected> (RAR filter support introduced
in 3.6.0)
NOTE: https://github.com/libarchive/libarchive/pull/2148
NOTE:
https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7
(v3.7.5)
CVE-2024-48957 (execute_filter_audio in archive_read_support_format_rar.c in
libarchiv ...)
- - libarchive <unfixed>
+ - libarchive <unfixed> (bug #1084978)
[bullseye] - libarchive <not-affected> (RAR filter support introduced
in 3.6.0)
NOTE: https://github.com/libarchive/libarchive/pull/2149
NOTE:
https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b
(v3.7.5)
@@ -651,7 +651,7 @@ CVE-2024-48942 (The Syracom Secure Login (2FA) plugin for
Jira, Confluence, and
CVE-2024-48941 (The Syracom Secure Login (2FA) plugin for Jira, Confluence,
and Bitbuc ...)
NOT-FOR-US: Jira plugin
CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG
before 2.1 ...)
- - lemonldap-ng <unfixed>
+ - lemonldap-ng <unfixed> (bug #1084979)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232
CVE-2024-9680 (An attacker was able to achieve code execution in the content
process ...)
{DSA-5788-1 DLA-3914-1}
@@ -659,7 +659,7 @@ CVE-2024-9680 (An attacker was able to achieve code
execution in the content pro
- firefox-esr 128.3.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not
properly val ...)
- - golang-github-containers-buildah <unfixed>
+ - golang-github-containers-buildah <unfixed> (bug #1084980)
[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317458
CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism
to see ...)
@@ -865,7 +865,7 @@ CVE-2024-46316 (DrayTek Vigor3900 v1.5.1.6 was discovered
to contain a command i
CVE-2024-46307 (A loop hole in the payment logic of Sparkshop v1.16 allows
attackers t ...)
NOT-FOR-US: Sparkshop
CVE-2024-46304 (A NULL pointer dereference in libcoap v4.3.5-rc2 and below
allows a re ...)
- - libcoap3 <unfixed>
+ - libcoap3 <unfixed> (bug #1084981)
- libcoap2 <removed>
- libcoap <removed>
NOTE: https://github.com/obgm/libcoap/issues/1509
@@ -1226,7 +1226,7 @@ CVE-2024-30092 (Windows Hyper-V Remote Code Execution
Vulnerability)
CVE-2024-27457 (Improper check for unusual or exceptional conditions in
Intel(R) TDX M ...)
NOT-FOR-US: Intel
CVE-2024-25885 (An issue in the getcolor function in utils.py of xhtml2pdf
v0.2.13 all ...)
- - xhtml2pdf <unfixed>
+ - xhtml2pdf <unfixed> (bug #1084986)
NOTE:
https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
CVE-2024-25825 (FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS
for You 1 ...)
NOT-FOR-US: FydeOS
@@ -1247,7 +1247,7 @@ CVE-2024-20659 (Windows Hyper-V Security Feature Bypass
Vulnerability)
CVE-2023-52952 (A vulnerability has been identified in HiMed Cockpit 12 pro
(J31032-K2 ...)
NOT-FOR-US: Siemens
CVE-2024-28168 (Improper Restriction of XML External Entity Reference ('XXE')
vulnerab ...)
- - fop <unfixed>
+ - fop <unfixed> (bug #1084985)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/09/1
NOTE: https://issues.apache.org/jira/browse/FOP-3168
NOTE:
https://github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134
@@ -2382,7 +2382,7 @@ CVE-2024-20385 (A vulnerability in the SSL/TLS
implementation of Cisco Nexus Das
CVE-2024-20365 (A vulnerability in the Redfish API of Cisco UCS B-Series,
Cisco UCS Ma ...)
NOT-FOR-US: Cisco
CVE-2024-9407 (A vulnerability exists in the bind-propagation option of the
Dockerfil ...)
- - golang-github-containers-buildah <unfixed>
+ - golang-github-containers-buildah <unfixed> (bug #1084980)
[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315887
CVE-2024-9333 (Permissions bypass in M-Files Connector for Copilot before
version 24. ...)
@@ -30453,7 +30453,7 @@ CVE-2023-6876 (The Clever Fox \u2013 One Click Website
Importer by Nayra Themes
CVE-2023-6491 (The Strong Testimonials plugin for WordPress is vulnerable to
unauthor ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51847 (An issue in obgm and Libcoap v.a3ed466 allows a remote
attacker to cau ...)
- - libcoap3 <unfixed>
+ - libcoap3 <unfixed> (bug #1084981)
- libcoap2 <removed>
- libcoap <removed>
NOTE: https://github.com/obgm/libcoap/issues/1509
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be0e5fa1fb690e61438336f231129ff81e1cf2d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be0e5fa1fb690e61438336f231129ff81e1cf2d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
