Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6f7aac3 by security tracker role at 2024-11-24T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1373,17 +1373,17 @@ CVE-2024-11477 (7-Zip Zstandard Decompression Integer
Underflow Remote Code Exec
[bookworm] - 7zip <not-affected> (Vulnerable code introduced in 24.01)
- p7zip <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
-CVE-2024-11233
+CVE-2024-11233 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26,
8.3.* before ...)
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43
NOTE:
https://github.com/php/php-src/commit/a6c84cd7efd7eaaaefd4463412508df570d35358
(php-8.2.26)
-CVE-2024-11234
+CVE-2024-11234 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26,
8.3.* before ...)
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2
NOTE:
https://github.com/php/php-src/commit/cf6700e86d6357420a7c8386da63d48fec55f633
(php-8.2.26)
-CVE-2024-11236
+CVE-2024-11236 (In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26,
8.3.* before ...)
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv
@@ -3887,7 +3887,7 @@ CVE-2024-39712 (Argument injection in Ivanti Connect
Secure before version 22.7R
NOT-FOR-US: Ivanti
CVE-2024-39711 (Argument injection in Ivanti Connect Secure before version
22.7R2.1 an ...)
NOT-FOR-US: Ivanti
-CVE-2024-39710 (Argument injection in Ivanti Connect Secure before version
22.7R2 and ...)
+CVE-2024-39710 (Argument injection in Ivanti Connect Secure before version
22.7R2.1 an ...)
NOT-FOR-US: Ivanti
CVE-2024-39709 (Incorrect file permissions in Ivanti Connect Secure before
version 22. ...)
NOT-FOR-US: Ivanti
@@ -6188,6 +6188,7 @@ CVE-2024-10922 (The Featured Posts Scroll plugin for
WordPress is vulnerable to
CVE-2024-10027 (The WP Booking Calendar WordPress plugin before 10.6.3 does
not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9902 (A flaw was found in Ansible. The ansible-core `user` module can
allow ...)
+ {DLA-3963-1}
- ansible-core 2.18.0-1 (bug #1086883)
[bookworm] - ansible-core <no-dsa> (Minor issue)
- ansible 5.4.0-1
@@ -19552,6 +19553,7 @@ CVE-2024-8768 (A flaw was found in the vLLM library. A
completions API request w
CVE-2024-8797 (The WP Booking System \u2013 Booking Calendar plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8775 (A flaw was found in Ansible, where sensitive information stored
in Ans ...)
+ {DLA-3963-1}
- ansible-core 2.17.5-5 (bug #1082851)
[bookworm] - ansible-core <no-dsa> (Minor issue)
- ansible 5.4.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f7aac3b6e0f2a203b73de906203267936aaa42
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f7aac3b6e0f2a203b73de906203267936aaa42
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
