Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7a9d12b1 by Moritz Mühlenhoff at 2024-10-18T17:06:59+02:00
new jetty issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1208,7 +1208,10 @@ CVE-2024-9936 (When manipulating the selection node
cache, an attacker may have
- firefox 131.0.3-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936
CVE-2024-9823 (There exists a security vulnerability in Jetty's DosFilter
which can b ...)
- TODO: check
+ - jetty9 9.4.56-1
+ - jetty <removed>
+ NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq
+ NOTE: https://github.com/jetty/jetty.project/pull/11723
CVE-2024-9139 (The affected product permits OS command injection through
improperly r ...)
NOT-FOR-US: Moxa
CVE-2024-9137 (The affected product lacks an authentication check when sending
comman ...)
@@ -1216,13 +1219,25 @@ CVE-2024-9137 (The affected product lacks an
authentication check when sending c
CVE-2024-8602 (When the XML is read from the codes in the PDF and parsed using
a Docu ...)
NOT-FOR-US: DocumentBuilder
CVE-2024-8184 (There exists a security vulnerability in Jetty's
ThreadLimitHandler.ge ...)
- TODO: check
+ - jetty9 9.4.56-1
+ - jetty <removed>
+ NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq
+ NOTE: https://github.com/jetty/jetty.project/pull/11723
CVE-2024-7847 (VULNERABILITY DETAILS Rockwell Automation used the latest
versions of ...)
NOT-FOR-US: Rockwell Automation
CVE-2024-6763 (Eclipse Jetty is a lightweight, highly scalable, Java-based web
server ...)
- TODO: check
+ - jetty9 <unfixed>
+ - jetty <removed>
+ NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh
+ NOTE: https://github.com/jetty/jetty.project/pull/12012
CVE-2024-6762 (Jetty PushSessionCacheFilter can be exploited by
unauthenticated users ...)
- TODO: check
+ - jetty9 <unfixed>
+ - jetty <removed>
+ NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
+ NOTE: https://github.com/jetty/jetty.project/pull/9715
+ NOTE: https://github.com/jetty/jetty.project/pull/9716
+ NOTE: https://github.com/jetty/jetty.project/pull/10756
+ NOTE: https://github.com/jetty/jetty.project/pull/10755
CVE-2024-48799 (An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping
1.4.22 allows ...)
NOT-FOR-US: LOREX
CVE-2024-48798 (An issue in Hubble Connected (com.hubbleconnected.vervelife)
2.00.81 a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a9d12b10fbb2c34d3015131b736db347afb6a60
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a9d12b10fbb2c34d3015131b736db347afb6a60
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
