[Git][security-tracker-team/security-tracker][master] bind9 DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
663047d1 by Moritz Mühlenhoff at 2024-02-14T08:51:38+01:00
bind9 DSA
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -281,6 +281,7 @@ CVE-2023-5679 (A bad interaction between DNS64 and
serve-stale may cause `named`
NOTE: https://kb.isc.org/docs/cve-2023-5679
CVE-2023-6516 (To keep its cache database efficient, `named` running as a
recursive r ...)
- bind9 1:9.17.19-1
+ [bullseye] - bind9 1:9.16.48-1
[buster] - bind9 (Vulnerable code only in 9.16.y series)
NOTE: https://kb.isc.org/docs/cve-2023-6516
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y
series
=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[14 Feb 2024] DSA-5621-1 bind9 - security update
+ {CVE-2023-4408 CVE-2023-5517 CVE-2023-5679 CVE-2023-50387
CVE-2023-50868}
+ [bullseye] - bind9 1:9.16.48-1
+ [bookworm] - bind9 1:9.18.24-1
[14 Feb 2024] DSA-5620-1 unbound - security update
{CVE-2023-50387 CVE-2023-50868}
[bullseye] - unbound 1.13.1-1+deb11u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663047d1d0c1b090f05622adf67ca8b3136eb756
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663047d1d0c1b090f05622adf67ca8b3136eb756
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] python-dnslib ospu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 425e18b5 by Moritz Mühlenhoff at 2024-02-14T08:49:02+01:00 python-dnslib ospu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -32,3 +32,5 @@ CVE-2020-22218 [bullseye] - libssh2 1.9.0-2+deb11u1 CVE-2022-22995 [bullseye] - netatalk 3.1.12~ds-8+deb11u2 +CVE-2022-22846 + [bullseye] - python-dnslib 0.9.14-1+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/425e18b5a7c6c1fa39737b2567af29045bc0a546 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/425e18b5a7c6c1fa39737b2567af29045bc0a546 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 45fc5001 by Salvatore Bonaccorso at 2024-02-14T08:06:01+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-1342 + NOT-FOR-US: Red Hat OpenShift CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) TODO: check CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45fc5001129355db28bd923abea327ce947d64f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45fc5001129355db28bd923abea327ce947d64f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for unbound update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8797cb0d by Salvatore Bonaccorso at 2024-02-14T07:38:46+01:00
Reserve DSA number for unbound update
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,3 +1,7 @@
+[14 Feb 2024] DSA-5620-1 unbound - security update
+ {CVE-2023-50387 CVE-2023-50868}
+ [bullseye] - unbound 1.13.1-1+deb11u2
+ [bookworm] - unbound 1.17.1-2+deb12u2
[09 Feb 2024] DSA-5619-1 libgit2 - security update
{CVE-2024-24577}
[bullseye] - libgit2 1.1.0+dfsg.1-4+deb11u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8797cb0d06b8b0c2d9223cc4cefc954bb626819b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8797cb0d06b8b0c2d9223cc4cefc954bb626819b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2024-24557
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71ad7257 by Salvatore Bonaccorso at 2024-02-14T06:59:34+01:00 Update note for CVE-2024-24557 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2349,10 +2349,10 @@ CVE-2024-24557 (Moby is an open-source project created by Docker to enable softw - docker.io [bookworm] - docker.io (Minor issue) [bullseye] - docker.io (Minor issue) - [buster] - docker.io (Minor issue with workarround) + [buster] - docker.io (Minor issue with workarounds) NOTE: https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae NOTE: https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc - NOTE: workarround exists + NOTE: Workarounds exists (cf. GHSA-xw73-rw38-6vjc): Avoid using the cache or use Buildkit CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: springboot-manager CVE-2024-24061 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71ad72574f437f9e87ecf60d26a2e86f4d02e909 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71ad72574f437f9e87ecf60d26a2e86f4d02e909 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-25715 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d7b5cde8 by Salvatore Bonaccorso at 2024-02-14T06:43:13+01:00 Track fixed version for CVE-2024-25715 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -559,7 +559,7 @@ CVE-2024-25722 (qanything_kernel/connector/database/mysql/mysql_client.py in qan CVE-2024-25718 (In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_as ...) NOT-FOR-US: Samly CVE-2024-25715 (Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redi ...) - - glewlwyd + - glewlwyd 2.7.6+ds-2 NOTE: https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754 NOTE: https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75 CVE-2024-25714 (In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7b5cde802d5a61304b51e743c25663e736d75c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7b5cde802d5a61304b51e743c25663e736d75c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take sendmail
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 08b41d6f by Bastien Roucariès at 2024-02-13T22:42:57+00:00 Take sendmail - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -250,8 +250,9 @@ runc (dleidert) samba NOTE: 20230918: Added by Front-Desk (apo) -- -sendmail +sendmail (rouca) NOTE: 20231224: Added by Front-Desk (ta) + NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not publish patches -- squid NOTE: 20240109: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08b41d6fb4a8ec046ba51ee3207008fff483d2e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08b41d6fb4a8ec046ba51ee3207008fff483d2e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note about CVE-2024-24557 for docker
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: f057785d by Bastien Roucariès at 2024-02-13T22:23:30+00:00 Add note about CVE-2024-24557 for docker - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -70,6 +70,7 @@ docker.io NOTE: 20230424: Is in preparation. (gladk) NOTE: 20230706: ask for review testing https://lists.debian.org/debian-lts/2023/07/msg00013.html NOTE: 20230801: rouca and santiago testing the swarm overlay network (including current buster version) + NOTE: 20240213: CVE-2024-24557 patch does not directly apply and lack of reproducer test case -- dogecoin NOTE: 20230619: Added by Front-Desk (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f057785dc371332a6dd18f119c5d7a1901079f3d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f057785dc371332a6dd18f119c5d7a1901079f3d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-24557
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 603248c5 by Bastien Roucariès at 2024-02-13T22:25:52+00:00 CVE-2024-24557 Add note about existing workarround - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2349,8 +2349,10 @@ CVE-2024-24557 (Moby is an open-source project created by Docker to enable softw - docker.io [bookworm] - docker.io (Minor issue) [bullseye] - docker.io (Minor issue) + [buster] - docker.io (Minor issue with workarround) NOTE: https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae NOTE: https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc + NOTE: workarround exists CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: springboot-manager CVE-2024-24061 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/603248c555b8378b07c435a99dd6c3d47ee439d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/603248c555b8378b07c435a99dd6c3d47ee439d2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for unbound issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20a61922 by Salvatore Bonaccorso at 2024-02-13T22:11:59+01:00 Track fixed version for unbound issues fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -287,7 +287,7 @@ CVE-2023-50387 - dnsmasq 2.90-1 - bind9 - pdns-recursor (bug #1063852) - - unbound (bug #1063845) + - unbound 1.19.1-1 (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ @@ -297,7 +297,7 @@ CVE-2023-50868 - dnsmasq 2.90-1 - bind9 - pdns-recursor (bug #1063852) - - unbound (bug #1063845) + - unbound 1.19.1-1 (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20a619227c4bc118e62271cc03981ab729df7665 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20a619227c4bc118e62271cc03981ab729df7665 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4b6d5ad by Salvatore Bonaccorso at 2024-02-13T21:47:04+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,195 +17,195 @@ CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2) CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-24751 (sf_event_mgt is an event management and registration extension for the ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions). Th ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23811 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23810 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23804 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23803 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23802 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23801 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23800 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23799 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23798 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23797 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23796 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23795 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23440 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) - TODO: check + NOT-FOR-US: Vba32 Antivirus CVE-2024-23439 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) - TODO: check + NOT-FOR-US: Vba32 Antivirus CVE-2024-22923 (SQL injection vulnerability in adv radius v.2.2.5 allows a local attac ...) - TODO: check + NOT-FOR-US: adv radius CVE-2024-22043 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-22042 (A vulnerability has been identified in Unicam FX (All versions). The w ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-21420 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21413 (Microsoft Outlook Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21412 (Internet Shortcut Files Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21410 (Microsoft Exchange Server Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21406 (Windows Printing Service Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21405 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21404 (.NET Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21403 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21402 (Microsoft
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-24814/libapache2-mod-auth-openidc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 262c69e3 by Salvatore Bonaccorso at 2024-02-13T21:45:59+01:00 Add CVE-2024-24814/libapache2-mod-auth-openidc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,9 @@ CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All vers CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) - TODO: check + - libapache2-mod-auth-openidc + NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv + NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2) CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) TODO: check CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/262c69e37776e03540fd3ca0a0eb90329be462c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/262c69e37776e03540fd3ca0a0eb90329be462c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5317f3b2 by Salvatore Bonaccorso at 2024-02-13T21:32:37+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) TODO: check CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24924 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24923 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24922 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) TODO: check CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5317f3b291c95b94d0cdcf12e13436f59f96bb0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5317f3b291c95b94d0cdcf12e13436f59f96bb0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 40d9d1ae by security tracker role at 2024-02-13T20:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,281 @@ -CVE-2023-4408 +CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) + TODO: check +CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24924 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24923 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24922 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) + TODO: check +CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) + TODO: check +CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...) + TODO: check +CVE-2024-24751 (sf_event_mgt is an event management and registration extension for the ...) + TODO: check +CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...) + TODO: check +CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions). Th ...) + TODO: check +CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) + TODO: check +CVE-2024-23811 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) + TODO: check +CVE-2024-23810 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) + TODO: check +CVE-2024-23804 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23803 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23802 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23801 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23800 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23799 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23798 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23797 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23796 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23795 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23440 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) + TODO: check +CVE-2024-23439 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) + TODO: check +CVE-2024-22923 (SQL injection vulnerability in adv radius v.2.2.5 allows a local attac ...) + TODO: check +CVE-2024-22043 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) + TODO: check +CVE-2024-22042 (A vulnerability has been identified in Unicam FX (All versions). The w ...) + TODO: check +CVE-2024-21420 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + TODO: check +CVE-2024-21413 (Microsoft Outlook Remote Code Execution Vulnerability) + TODO: check +CVE-2024-21412 (Internet Shortcut Files Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-21410 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-21406 (Windows Printing Service Spoofing Vulnerability) + TODO: check +CVE-2024-21405 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-21404 (.NET Denial of Service Vulnerability) + TODO: check +CVE-2024-21403 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...) + TODO: check +CVE-2024-21402 (Microsoft Outlook Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-21401 (Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vuln ...) + TODO: check +CVE-2024-21397 (Microsoft Azure File Sync Elevation of Privilege Vulnerability) + TODO:
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-25112/exiv2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0fbc736 by Salvatore Bonaccorso at 2024-02-13T20:42:32+01:00 Add CVE-2024-25112/exiv2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44,7 +44,10 @@ CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) NOT-FOR-US: Motorola CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - TODO: check + - exiv2 + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36 + NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/355afea485550e8214ac6b449fb210a7efb71365 (v0.28.2) + TODO: unclear range of affected versions: while the report claims it is new in v0.28.0 the QuickTimeVideo::multipleEntriesDecoder is present earlier CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...) TODO: check CVE-2024-25108 (Pixelfed is an open source photo sharing platform. When processing req ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0fbc736e8229e540b7440208c1c9f2f213af445 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0fbc736e8229e540b7440208c1c9f2f213af445 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 094b44c5 by Salvatore Bonaccorso at 2024-02-13T20:26:16+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40,7 +40,7 @@ CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) NOT-FOR-US: SAP CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) - TODO: check + NOT-FOR-US: SteVe CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) NOT-FOR-US: Motorola CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/094b44c5722adaea23890ae8c46e810e8c301c96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/094b44c5722adaea23890ae8c46e810e8c301c96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: data/dla-needed.txt: Triage engrampa for buster LTS (CVE-2023-52138)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9de3efaf by Chris Lamb at 2024-02-13T18:13:24+00:00 data/dla-needed.txt: Triage engrampa for buster LTS (CVE-2023-52138) - - - - - 61cf5b52 by Chris Lamb at 2024-02-13T18:14:31+00:00 Triage CVE-2024-24815 CVE-2024-24816 in ckeditor for buster LTS. - - - - - dc4cf461 by Chris Lamb at 2024-02-13T18:14:55+00:00 Triage CVE-2023-42282 in node-ip for buster LTS. - - - - - 72d61192 by Chris Lamb at 2024-02-13T18:15:49+00:00 data/dla-needed.txt: Triage lucene-solr for buster LTS (CVE-2023-50291, CVE-2023-50292, CVE-2023-50298 CVE-2023-50386) - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -727,6 +727,7 @@ CVE-2023-42282 (An issue in NPM IP Package v.1.1.8 and before allows an attacker - node-ip (bug #1063535) [bookworm] - node-ip (Minor issue) [bullseye] - node-ip (Minor issue) + [buster] - node-ip (Minor issue) NOTE: https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/ NOTE: https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html NOTE: https://github.com/indutny/node-ip/issues/136 @@ -835,6 +836,7 @@ CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed - ckeditor (bug #1063536) [bookworm] - ckeditor (Minor issue) [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1063537) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) @@ -845,6 +847,7 @@ CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed - ckeditor (bug #1063536) [bookworm] - ckeditor (Minor issue) [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1063537) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) = data/dla-needed.txt = @@ -82,6 +82,9 @@ edk2 NOTE: 20231230: Added by Front-Desk (lamby) NOTE: 20231230: CVE-2019-11098 fixed in bullseye via DSA or point release (lamby) -- +engrampa + NOTE: 20240213: Added by Front-Desk (lamby) +-- exiftags NOTE: 20240121: Added by Front-Desk (apo) -- @@ -159,6 +162,9 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- +lucene-solr + NOTE: 20240213: Added by Front-Desk (lamby) +-- nova NOTE: 20230302: Re-add, request by maintainer (Beuc) NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16fa3d98947451f12de6faf3332185c6bdc2be11...72d61192b726f8162b6fab51542d093fb982ff9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16fa3d98947451f12de6faf3332185c6bdc2be11...72d61192b726f8162b6fab51542d093fb982ff9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-6516/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 16fa3d98 by Salvatore Bonaccorso at 2024-02-13T17:56:00+01:00 Update status for CVE-2023-6516/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8,9 +8,11 @@ CVE-2023-5679 - bind9 NOTE: https://kb.isc.org/docs/cve-2023-5679 CVE-2023-6516 - - bind9 + - bind9 1:9.17.19-1 + [buster] - bind9 (Vulnerable code only in 9.16.y series) NOTE: https://kb.isc.org/docs/cve-2023-6516 - TODO: check, should be 9.16.y specific and so mark first version after 9.16.y as fixed version + NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series + NOTE: which entered unstable as the fixed version as workaround. CVE-2023-50387 - dnsmasq 2.90-1 - bind9 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16fa3d98947451f12de6faf3332185c6bdc2be11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16fa3d98947451f12de6faf3332185c6bdc2be11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for dns-recursor issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc41b922 by Salvatore Bonaccorso at 2024-02-13T17:17:31+01:00 Add Debian bug reference for dns-recursor issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14,7 +14,7 @@ CVE-2023-6516 CVE-2023-50387 - dnsmasq 2.90-1 - bind9 - - pdns-recursor + - pdns-recursor (bug #1063852) - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released @@ -24,7 +24,7 @@ CVE-2023-50387 CVE-2023-50868 - dnsmasq 2.90-1 - bind9 - - pdns-recursor + - pdns-recursor (bug #1063852) - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc41b922d87e23364683b648df4e972420b2300f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc41b922d87e23364683b648df4e972420b2300f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add pdns-recursor for CVE-2023-5038{6,7}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89da9660 by Salvatore Bonaccorso at 2024-02-13T16:56:44+01:00
Add pdns-recursor for CVE-2023-5038{6,7}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -14,16 +14,20 @@ CVE-2023-6516
CVE-2023-50387
- dnsmasq 2.90-1
- bind9
+ - pdns-recursor
- unbound (bug #1063845)
NOTE: https://kb.isc.org/docs/cve-2023-50387
+ NOTE:
https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released
NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
NOTE:
https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae
(release-1.19.1)
CVE-2023-50868
- dnsmasq 2.90-1
- bind9
+ - pdns-recursor
- unbound (bug #1063845)
NOTE: https://kb.isc.org/docs/cve-2023-50868
+ NOTE:
https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released
NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
NOTE:
https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c
(release-1.19.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89da966094447111ee28cf32aa81f2a7fdd0ab8b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89da966094447111ee28cf32aa81f2a7fdd0ab8b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2023-28450/dnsmasq
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b7342f7 by Salvatore Bonaccorso at 2024-02-13T16:54:31+01:00 Add fixed version for CVE-2023-28450/dnsmasq - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52242,7 +52242,7 @@ CVE-2023-28452 CVE-2023-28451 RESERVED CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...) - - dnsmasq (bug #1033165) + - dnsmasq 2.90-1 (bug #1033165) [bookworm] - dnsmasq (Minor issue) [bullseye] - dnsmasq (Minor issue) [buster] - dnsmasq (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7342f7aa7060397f55325eb0aa27b8b2cddef6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7342f7aa7060397f55325eb0aa27b8b2cddef6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add dnsmasq for CVE-2023-5038{6,7}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
afbe2a02 by Salvatore Bonaccorso at 2024-02-13T16:54:02+01:00
Add dnsmasq for CVE-2023-5038{6,7}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -12,6 +12,7 @@ CVE-2023-6516
NOTE: https://kb.isc.org/docs/cve-2023-6516
TODO: check, should be 9.16.y specific and so mark first version after
9.16.y as fixed version
CVE-2023-50387
+ - dnsmasq 2.90-1
- bind9
- unbound (bug #1063845)
NOTE: https://kb.isc.org/docs/cve-2023-50387
@@ -19,6 +20,7 @@ CVE-2023-50387
NOTE:
https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
NOTE: Fixed by:
https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae
(release-1.19.1)
CVE-2023-50868
+ - dnsmasq 2.90-1
- bind9
- unbound (bug #1063845)
NOTE: https://kb.isc.org/docs/cve-2023-50868
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afbe2a02a462866144c7b8591de8ed565c897582
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afbe2a02a462866144c7b8591de8ed565c897582
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional references for unbound issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5fc09850 by Salvatore Bonaccorso at 2024-02-13T16:50:32+01:00 Add additional references for unbound issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16,11 +16,15 @@ CVE-2023-50387 - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ + NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt + NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1) CVE-2023-50868 - bind9 - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ + NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt + NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c (release-1.19.1) CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) NOT-FOR-US: WordPress plugin CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fc09850b66ac309f1e10f0cca40bdc2e1abfd82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fc09850b66ac309f1e10f0cca40bdc2e1abfd82 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for unbound issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1499a85 by Salvatore Bonaccorso at 2024-02-13T16:47:15+01:00 Add Debian bug reference for unbound issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,12 +13,12 @@ CVE-2023-6516 TODO: check, should be 9.16.y specific and so mark first version after 9.16.y as fixed version CVE-2023-50387 - bind9 - - unbound + - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2023-50868 - bind9 - - unbound + - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1499a8554e81b7097fcc4a287fb6f3b3ec0593f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1499a8554e81b7097fcc4a287fb6f3b3ec0593f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-4408/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23ad0643 by Salvatore Bonaccorso at 2024-02-13T16:45:47+01:00 Add CVE-2023-4408/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-4408 + - bind9 + NOTE: https://kb.isc.org/docs/cve-2023-4408 CVE-2023-5517 - bind9 NOTE: https://kb.isc.org/docs/cve-2023-5517 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ad0643924585588e90695c6887aaa0266c539f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ad0643924585588e90695c6887aaa0266c539f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5517/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73fe771f by Salvatore Bonaccorso at 2024-02-13T16:44:26+01:00 Add CVE-2023-5517/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-5517 + - bind9 + NOTE: https://kb.isc.org/docs/cve-2023-5517 CVE-2023-5679 - bind9 NOTE: https://kb.isc.org/docs/cve-2023-5679 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73fe771fd542af5d2cc08998eeb593fe98bcbf0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73fe771fd542af5d2cc08998eeb593fe98bcbf0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5679/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22e5514a by Salvatore Bonaccorso at 2024-02-13T16:41:44+01:00 Add CVE-2023-5679/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-5679 + - bind9 + NOTE: https://kb.isc.org/docs/cve-2023-5679 CVE-2023-6516 - bind9 NOTE: https://kb.isc.org/docs/cve-2023-6516 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22e5514a4cf99ba0773759f77de0f197dadc7f88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22e5514a4cf99ba0773759f77de0f197dadc7f88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-6516/bind9 but needs further triage
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1cc75d0f by Salvatore Bonaccorso at 2024-02-13T16:40:48+01:00 Add CVE-2023-6516/bind9 but needs further triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2023-6516 + - bind9 + NOTE: https://kb.isc.org/docs/cve-2023-6516 + TODO: check, should be 9.16.y specific and so mark first version after 9.16.y as fixed version CVE-2023-50387 - bind9 - unbound View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cc75d0fcf79127df2c3105f29ca02e9fb816848 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cc75d0fcf79127df2c3105f29ca02e9fb816848 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-50387/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f004699a by Salvatore Bonaccorso at 2024-02-13T16:36:42+01:00 Add CVE-2023-50387/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2023-50387 + - bind9 - unbound + NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2023-50868 - bind9 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f004699ad4e27ec26c1b6cbed433aaf0e14fcab2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f004699ad4e27ec26c1b6cbed433aaf0e14fcab2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-50868/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 93a36dab by Salvatore Bonaccorso at 2024-02-13T16:35:48+01:00 Add CVE-2023-50868/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,7 +2,9 @@ CVE-2023-50387 - unbound NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2023-50868 + - bind9 - unbound + NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a36dabcb04a1009a190c2d5c1374459afc37d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a36dabcb04a1009a190c2d5c1374459afc37d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new unbound issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 45ff561c by Moritz Muehlenhoff at 2024-02-13T16:07:49+01:00 new unbound issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2023-50387 + - unbound + NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ +CVE-2023-50868 + - unbound + NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) NOT-FOR-US: WordPress plugin CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45ff561c82dd8287f55ae36b929c12fe56c406ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45ff561c82dd8287f55ae36b929c12fe56c406ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 32d0c184 by Salvatore Bonaccorso at 2024-02-13T09:26:35+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) NOT-FOR-US: SAP CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) @@ -7,23 +7,23 @@ CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) TODO: check CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) - TODO: check + NOT-FOR-US: Motorola CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) TODO: check CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...) TODO: check CVE-2024-25108 (Pixelfed is an open source photo sharing platform. When processing req ...) - TODO: check + NOT-FOR-US: Pixelfed CVE-2024-24935 (Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24929 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter We ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24887 (Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Pho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24884 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Li ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) TODO: check CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...) @@ -37,7 +37,7 @@ CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...) NOT-FOR-US: SAP CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...) - TODO: check + NOT-FOR-US: Koha Library Management System CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...) TODO: check CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...) @@ -51,29 +51,29 @@ CVE-2024-23760 (Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 all CVE-2024-23759 (Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows att ...) TODO: check CVE-2024-23512 (Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u20 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22454 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22445 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22230 (Dell Unity, versions prior to 5.4, contains a Cross-site scripting vul ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-8 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-7 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-6 (Dell Unity, versions prior to 5.4, contain a path traversal vulnerabil ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-5 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-4 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-3 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-2 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-1 (Dell Unity, versions prior to 5.4, contains SQL Injection vulnerabilit ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution of arbitr ...)
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9baa3dae by Salvatore Bonaccorso at 2024-02-13T09:21:13+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,9 +1,9 @@
CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone
SMTP Ma ...)
TODO: check
CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does
not perfor ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud
Connector - ver ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction
ID's when r ...)
TODO: check
CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1
leaks infor ...)
@@ -27,15 +27,15 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF)
vulnerability in Yannick Lefeb
CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
TODO: check
CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version
7.50, allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104,
S4FND 1 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-24741 (SAP Master Data Governance for Material Data - versions 618,
619, 620, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL
7.53, KERNEL ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user
with re ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and
'/admin/aq ...)
TODO: check
CVE-2024-23833 (OpenRefine is a free, open source power tool for working with
messy da ...)
@@ -75,17 +75,17 @@ CVE-2024-2 (Dell Unity, versions prior to 5.4, contains
an OS Command Inject
CVE-2024-1 (Dell Unity, versions prior to 5.4, contains SQL Injection
vulnerabilit ...)
TODO: check
CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution
of arbitr ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-22131 (In SAP ABA (Application Basis) - versions 700, 701, 702, 731,
740, 750 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-22130 (Print preview option inSAP CRM WebClient UI - versions S4FND
102, S4FN ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-22129 (SAP Companion - version <3.1.38, has a URL with parameter that
could b ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-22128 (SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI
756, SAP_U ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-22126 (The User Admin application of SAP NetWeaver AS for Java -
version 7.50 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2024-22024 (An XML external entity or XXE vulnerability in the SAML
component of I ...)
TODO: check
CVE-2024-21491 (Versions of the package svix before 1.17.0 are vulnerable to
Authentic ...)
@@ -102681,7 +102681,7 @@ CVE-2020-36601 (Out-of-bounds write vulnerability in
the kernel modules. Success
CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption
module. Suc ...)
NOT-FOR-US: Huawei
CVE-2022-38714 (IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores
sensitive cr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-38713
RESERVED
CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web
services ...)
@@ -115121,11 +115121,11 @@ CVE-2022-34313 (IBM CICS TX 11.1 does not set the
secure attribute on authorizat
CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which
can be re ...)
NOT-FOR-US: IBM
CVE-2022-34311 (IBM CICS TX Standard and Advanced 11.1 could allow a user with
physica ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34310 (IBM CICS TX Standard and Advanced 11.1 uses weaker than
expected crypt ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34309 (IBM CICS TX Standard and Advanced 11.1 uses weaker than
expected crypt ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of
service ...)
NOT-FOR-US: IBM
CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on
authorization to ...)
@@ -151406,7 +151406,7 @@ CVE-2022-22508 (Improper Input Validation
vulnerability in multiple CODESYS V3 p
CVE-2022-22507
REJECTED
CVE-2022-22506 (IBM Robotic Process Automation 21.0.2 contains a vulnerability
that co ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-22505 (IBM Robotic Process Automation 21.0.0,
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ff1881e by security tracker role at 2024-02-13T08:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,183 @@ -CVE-2024-1459 [directory traversal vulnerability] +CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) + TODO: check +CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) + TODO: check +CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) + TODO: check +CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) + TODO: check +CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) + TODO: check +CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + TODO: check +CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...) + TODO: check +CVE-2024-25108 (Pixelfed is an open source photo sharing platform. When processing req ...) + TODO: check +CVE-2024-24935 (Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic ...) + TODO: check +CVE-2024-24929 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter We ...) + TODO: check +CVE-2024-24887 (Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Pho ...) + TODO: check +CVE-2024-24884 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Fo ...) + TODO: check +CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Li ...) + TODO: check +CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + TODO: check +CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...) + TODO: check +CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104, S4FND 1 ...) + TODO: check +CVE-2024-24741 (SAP Master Data Governance for Material Data - versions 618, 619, 620, ...) + TODO: check +CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL ...) + TODO: check +CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...) + TODO: check +CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...) + TODO: check +CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...) + TODO: check +CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...) + TODO: check +CVE-2024-23762 (Unrestricted File Upload vulnerability in Content Manager feature in G ...) + TODO: check +CVE-2024-23761 (Server Side Template Injection in Gambio 4.9.2.0 allows attackers to r ...) + TODO: check +CVE-2024-23760 (Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows at ...) + TODO: check +CVE-2024-23759 (Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows att ...) + TODO: check +CVE-2024-23512 (Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u20 ...) + TODO: check +CVE-2024-22454 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) + TODO: check +CVE-2024-22445 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) + TODO: check +CVE-2024-22230 (Dell Unity, versions prior to 5.4, contains a Cross-site scripting vul ...) + TODO: check +CVE-2024-8 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-7 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-6 (Dell Unity, versions prior to 5.4, contain a path traversal vulnerabil ...) + TODO: check +CVE-2024-5 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-4 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-3 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-2 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-1 (Dell Unity, versions prior to 5.4, contains SQL Injection vulnerabilit ...) + TODO: check +CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution of arbitr ...) + TODO: check +CVE-2024-22131 (In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750 ...) + TODO: check +CVE-2024-22130 (Print preview
