[Git][security-tracker-team/security-tracker][master] bind9 DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 663047d1 by Moritz Mühlenhoff at 2024-02-14T08:51:38+01:00 bind9 DSA - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -281,6 +281,7 @@ CVE-2023-5679 (A bad interaction between DNS64 and serve-stale may cause `named` NOTE: https://kb.isc.org/docs/cve-2023-5679 CVE-2023-6516 (To keep its cache database efficient, `named` running as a recursive r ...) - bind9 1:9.17.19-1 + [bullseye] - bind9 1:9.16.48-1 [buster] - bind9 (Vulnerable code only in 9.16.y series) NOTE: https://kb.isc.org/docs/cve-2023-6516 NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series = data/DSA/list = @@ -1,3 +1,7 @@ +[14 Feb 2024] DSA-5621-1 bind9 - security update + {CVE-2023-4408 CVE-2023-5517 CVE-2023-5679 CVE-2023-50387 CVE-2023-50868} + [bullseye] - bind9 1:9.16.48-1 + [bookworm] - bind9 1:9.18.24-1 [14 Feb 2024] DSA-5620-1 unbound - security update {CVE-2023-50387 CVE-2023-50868} [bullseye] - unbound 1.13.1-1+deb11u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663047d1d0c1b090f05622adf67ca8b3136eb756 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663047d1d0c1b090f05622adf67ca8b3136eb756 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] python-dnslib ospu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 425e18b5 by Moritz Mühlenhoff at 2024-02-14T08:49:02+01:00 python-dnslib ospu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -32,3 +32,5 @@ CVE-2020-22218 [bullseye] - libssh2 1.9.0-2+deb11u1 CVE-2022-22995 [bullseye] - netatalk 3.1.12~ds-8+deb11u2 +CVE-2022-22846 + [bullseye] - python-dnslib 0.9.14-1+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/425e18b5a7c6c1fa39737b2567af29045bc0a546 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/425e18b5a7c6c1fa39737b2567af29045bc0a546 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 45fc5001 by Salvatore Bonaccorso at 2024-02-14T08:06:01+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-1342 + NOT-FOR-US: Red Hat OpenShift CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) TODO: check CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45fc5001129355db28bd923abea327ce947d64f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45fc5001129355db28bd923abea327ce947d64f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for unbound update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8797cb0d by Salvatore Bonaccorso at 2024-02-14T07:38:46+01:00 Reserve DSA number for unbound update - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[14 Feb 2024] DSA-5620-1 unbound - security update + {CVE-2023-50387 CVE-2023-50868} + [bullseye] - unbound 1.13.1-1+deb11u2 + [bookworm] - unbound 1.17.1-2+deb12u2 [09 Feb 2024] DSA-5619-1 libgit2 - security update {CVE-2024-24577} [bullseye] - libgit2 1.1.0+dfsg.1-4+deb11u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8797cb0d06b8b0c2d9223cc4cefc954bb626819b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8797cb0d06b8b0c2d9223cc4cefc954bb626819b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for CVE-2024-24557
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71ad7257 by Salvatore Bonaccorso at 2024-02-14T06:59:34+01:00 Update note for CVE-2024-24557 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2349,10 +2349,10 @@ CVE-2024-24557 (Moby is an open-source project created by Docker to enable softw - docker.io [bookworm] - docker.io (Minor issue) [bullseye] - docker.io (Minor issue) - [buster] - docker.io (Minor issue with workarround) + [buster] - docker.io (Minor issue with workarounds) NOTE: https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae NOTE: https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc - NOTE: workarround exists + NOTE: Workarounds exists (cf. GHSA-xw73-rw38-6vjc): Avoid using the cache or use Buildkit CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: springboot-manager CVE-2024-24061 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71ad72574f437f9e87ecf60d26a2e86f4d02e909 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71ad72574f437f9e87ecf60d26a2e86f4d02e909 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-25715 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d7b5cde8 by Salvatore Bonaccorso at 2024-02-14T06:43:13+01:00 Track fixed version for CVE-2024-25715 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -559,7 +559,7 @@ CVE-2024-25722 (qanything_kernel/connector/database/mysql/mysql_client.py in qan CVE-2024-25718 (In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_as ...) NOT-FOR-US: Samly CVE-2024-25715 (Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redi ...) - - glewlwyd + - glewlwyd 2.7.6+ds-2 NOTE: https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754 NOTE: https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75 CVE-2024-25714 (In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7b5cde802d5a61304b51e743c25663e736d75c1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7b5cde802d5a61304b51e743c25663e736d75c1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take sendmail
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 08b41d6f by Bastien Roucariès at 2024-02-13T22:42:57+00:00 Take sendmail - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -250,8 +250,9 @@ runc (dleidert) samba NOTE: 20230918: Added by Front-Desk (apo) -- -sendmail +sendmail (rouca) NOTE: 20231224: Added by Front-Desk (ta) + NOTE: 20240213: Patch need to be extracted (rouca). Upstream does not publish patches -- squid NOTE: 20240109: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08b41d6fb4a8ec046ba51ee3207008fff483d2e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08b41d6fb4a8ec046ba51ee3207008fff483d2e1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note about CVE-2024-24557 for docker
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: f057785d by Bastien Roucariès at 2024-02-13T22:23:30+00:00 Add note about CVE-2024-24557 for docker - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -70,6 +70,7 @@ docker.io NOTE: 20230424: Is in preparation. (gladk) NOTE: 20230706: ask for review testing https://lists.debian.org/debian-lts/2023/07/msg00013.html NOTE: 20230801: rouca and santiago testing the swarm overlay network (including current buster version) + NOTE: 20240213: CVE-2024-24557 patch does not directly apply and lack of reproducer test case -- dogecoin NOTE: 20230619: Added by Front-Desk (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f057785dc371332a6dd18f119c5d7a1901079f3d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f057785dc371332a6dd18f119c5d7a1901079f3d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-24557
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 603248c5 by Bastien Roucariès at 2024-02-13T22:25:52+00:00 CVE-2024-24557 Add note about existing workarround - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2349,8 +2349,10 @@ CVE-2024-24557 (Moby is an open-source project created by Docker to enable softw - docker.io [bookworm] - docker.io (Minor issue) [bullseye] - docker.io (Minor issue) + [buster] - docker.io (Minor issue with workarround) NOTE: https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae NOTE: https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc + NOTE: workarround exists CVE-2024-24062 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) NOT-FOR-US: springboot-manager CVE-2024-24061 (springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) vi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/603248c555b8378b07c435a99dd6c3d47ee439d2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/603248c555b8378b07c435a99dd6c3d47ee439d2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for unbound issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20a61922 by Salvatore Bonaccorso at 2024-02-13T22:11:59+01:00 Track fixed version for unbound issues fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -287,7 +287,7 @@ CVE-2023-50387 - dnsmasq 2.90-1 - bind9 - pdns-recursor (bug #1063852) - - unbound (bug #1063845) + - unbound 1.19.1-1 (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ @@ -297,7 +297,7 @@ CVE-2023-50868 - dnsmasq 2.90-1 - bind9 - pdns-recursor (bug #1063852) - - unbound (bug #1063845) + - unbound 1.19.1-1 (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20a619227c4bc118e62271cc03981ab729df7665 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20a619227c4bc118e62271cc03981ab729df7665 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d4b6d5ad by Salvatore Bonaccorso at 2024-02-13T21:47:04+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,195 +17,195 @@ CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2) CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...) - TODO: check + NOT-FOR-US: VDE CVE-2024-24751 (sf_event_mgt is an event management and registration extension for the ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions). Th ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23811 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23810 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23804 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23803 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23802 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23801 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23800 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23799 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23798 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23797 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23796 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23795 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-23440 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) - TODO: check + NOT-FOR-US: Vba32 Antivirus CVE-2024-23439 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) - TODO: check + NOT-FOR-US: Vba32 Antivirus CVE-2024-22923 (SQL injection vulnerability in adv radius v.2.2.5 allows a local attac ...) - TODO: check + NOT-FOR-US: adv radius CVE-2024-22043 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-22042 (A vulnerability has been identified in Unicam FX (All versions). The w ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-21420 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21413 (Microsoft Outlook Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21412 (Internet Shortcut Files Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21410 (Microsoft Exchange Server Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21406 (Windows Printing Service Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21405 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21404 (.NET Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21403 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-21402 (Microsoft
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-24814/libapache2-mod-auth-openidc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 262c69e3 by Salvatore Bonaccorso at 2024-02-13T21:45:59+01:00 Add CVE-2024-24814/libapache2-mod-auth-openidc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,9 @@ CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All vers CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...) NOT-FOR-US: Siemens CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) - TODO: check + - libapache2-mod-auth-openidc + NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv + NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d (v2.4.15.2) CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) TODO: check CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/262c69e37776e03540fd3ca0a0eb90329be462c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/262c69e37776e03540fd3ca0a0eb90329be462c7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5317f3b2 by Salvatore Bonaccorso at 2024-02-13T21:32:37+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) TODO: check CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24924 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24923 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24922 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) TODO: check CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5317f3b291c95b94d0cdcf12e13436f59f96bb0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5317f3b291c95b94d0cdcf12e13436f59f96bb0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 40d9d1ae by security tracker role at 2024-02-13T20:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,281 @@ -CVE-2023-4408 +CVE-2024-25122 (sidekiq-unique-jobs is an open source project which prevents simultane ...) + TODO: check +CVE-2024-24925 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24924 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24923 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24922 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24921 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24920 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + TODO: check +CVE-2024-24814 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) + TODO: check +CVE-2024-24782 (An unauthenticated attacker can send a ping request from one network t ...) + TODO: check +CVE-2024-24781 (An unauthenticated remote attacker can use an uncontrolled resource co ...) + TODO: check +CVE-2024-24751 (sf_event_mgt is an event management and registration extension for the ...) + TODO: check +CVE-2024-23816 (A vulnerability has been identified in Location Intelligence Perpetual ...) + TODO: check +CVE-2024-23813 (A vulnerability has been identified in Polarion ALM (All versions). Th ...) + TODO: check +CVE-2024-23812 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) + TODO: check +CVE-2024-23811 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) + TODO: check +CVE-2024-23810 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) + TODO: check +CVE-2024-23804 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23803 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23802 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23801 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23800 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23799 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23798 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23797 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23796 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23795 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + TODO: check +CVE-2024-23440 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) + TODO: check +CVE-2024-23439 (Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vuln ...) + TODO: check +CVE-2024-22923 (SQL injection vulnerability in adv radius v.2.2.5 allows a local attac ...) + TODO: check +CVE-2024-22043 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) + TODO: check +CVE-2024-22042 (A vulnerability has been identified in Unicam FX (All versions). The w ...) + TODO: check +CVE-2024-21420 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + TODO: check +CVE-2024-21413 (Microsoft Outlook Remote Code Execution Vulnerability) + TODO: check +CVE-2024-21412 (Internet Shortcut Files Security Feature Bypass Vulnerability) + TODO: check +CVE-2024-21410 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-21406 (Windows Printing Service Spoofing Vulnerability) + TODO: check +CVE-2024-21405 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-21404 (.NET Denial of Service Vulnerability) + TODO: check +CVE-2024-21403 (Microsoft Azure Kubernetes Service Confidential Container Elevation of ...) + TODO: check +CVE-2024-21402 (Microsoft Outlook Elevation of Privilege Vulnerability) + TODO: check +CVE-2024-21401 (Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vuln ...) + TODO: check +CVE-2024-21397 (Microsoft Azure File Sync Elevation of Privilege Vulnerability) + TODO:
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-25112/exiv2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0fbc736 by Salvatore Bonaccorso at 2024-02-13T20:42:32+01:00 Add CVE-2024-25112/exiv2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44,7 +44,10 @@ CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) NOT-FOR-US: Motorola CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) - TODO: check + - exiv2 + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36 + NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/355afea485550e8214ac6b449fb210a7efb71365 (v0.28.2) + TODO: unclear range of affected versions: while the report claims it is new in v0.28.0 the QuickTimeVideo::multipleEntriesDecoder is present earlier CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...) TODO: check CVE-2024-25108 (Pixelfed is an open source photo sharing platform. When processing req ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0fbc736e8229e540b7440208c1c9f2f213af445 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0fbc736e8229e540b7440208c1c9f2f213af445 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 094b44c5 by Salvatore Bonaccorso at 2024-02-13T20:26:16+01:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40,7 +40,7 @@ CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) NOT-FOR-US: SAP CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) - TODO: check + NOT-FOR-US: SteVe CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) NOT-FOR-US: Motorola CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/094b44c5722adaea23890ae8c46e810e8c301c96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/094b44c5722adaea23890ae8c46e810e8c301c96 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: data/dla-needed.txt: Triage engrampa for buster LTS (CVE-2023-52138)
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 9de3efaf by Chris Lamb at 2024-02-13T18:13:24+00:00 data/dla-needed.txt: Triage engrampa for buster LTS (CVE-2023-52138) - - - - - 61cf5b52 by Chris Lamb at 2024-02-13T18:14:31+00:00 Triage CVE-2024-24815 CVE-2024-24816 in ckeditor for buster LTS. - - - - - dc4cf461 by Chris Lamb at 2024-02-13T18:14:55+00:00 Triage CVE-2023-42282 in node-ip for buster LTS. - - - - - 72d61192 by Chris Lamb at 2024-02-13T18:15:49+00:00 data/dla-needed.txt: Triage lucene-solr for buster LTS (CVE-2023-50291, CVE-2023-50292, CVE-2023-50298 CVE-2023-50386) - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -727,6 +727,7 @@ CVE-2023-42282 (An issue in NPM IP Package v.1.1.8 and before allows an attacker - node-ip (bug #1063535) [bookworm] - node-ip (Minor issue) [bullseye] - node-ip (Minor issue) + [buster] - node-ip (Minor issue) NOTE: https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/ NOTE: https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html NOTE: https://github.com/indutny/node-ip/issues/136 @@ -835,6 +836,7 @@ CVE-2024-24816 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed - ckeditor (bug #1063536) [bookworm] - ckeditor (Minor issue) [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1063537) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) @@ -845,6 +847,7 @@ CVE-2024-24815 (CKEditor4 is an open source what-you-see-is-what-you-get HTML ed - ckeditor (bug #1063536) [bookworm] - ckeditor (Minor issue) [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) - ckeditor3 (bug #1063537) [bookworm] - ckeditor3 (Minor issue) [bullseye] - ckeditor3 (Minor issue) = data/dla-needed.txt = @@ -82,6 +82,9 @@ edk2 NOTE: 20231230: Added by Front-Desk (lamby) NOTE: 20231230: CVE-2019-11098 fixed in bullseye via DSA or point release (lamby) -- +engrampa + NOTE: 20240213: Added by Front-Desk (lamby) +-- exiftags NOTE: 20240121: Added by Front-Desk (apo) -- @@ -159,6 +162,9 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- +lucene-solr + NOTE: 20240213: Added by Front-Desk (lamby) +-- nova NOTE: 20230302: Re-add, request by maintainer (Beuc) NOTE: 20230302: zigo says that DLA 3302-1 ships a buster-specific CVE-2022-47951 backport that introduces regression View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16fa3d98947451f12de6faf3332185c6bdc2be11...72d61192b726f8162b6fab51542d093fb982ff9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16fa3d98947451f12de6faf3332185c6bdc2be11...72d61192b726f8162b6fab51542d093fb982ff9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-6516/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 16fa3d98 by Salvatore Bonaccorso at 2024-02-13T17:56:00+01:00 Update status for CVE-2023-6516/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8,9 +8,11 @@ CVE-2023-5679 - bind9 NOTE: https://kb.isc.org/docs/cve-2023-5679 CVE-2023-6516 - - bind9 + - bind9 1:9.17.19-1 + [buster] - bind9 (Vulnerable code only in 9.16.y series) NOTE: https://kb.isc.org/docs/cve-2023-6516 - TODO: check, should be 9.16.y specific and so mark first version after 9.16.y as fixed version + NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series + NOTE: which entered unstable as the fixed version as workaround. CVE-2023-50387 - dnsmasq 2.90-1 - bind9 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16fa3d98947451f12de6faf3332185c6bdc2be11 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16fa3d98947451f12de6faf3332185c6bdc2be11 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for dns-recursor issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc41b922 by Salvatore Bonaccorso at 2024-02-13T17:17:31+01:00 Add Debian bug reference for dns-recursor issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14,7 +14,7 @@ CVE-2023-6516 CVE-2023-50387 - dnsmasq 2.90-1 - bind9 - - pdns-recursor + - pdns-recursor (bug #1063852) - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released @@ -24,7 +24,7 @@ CVE-2023-50387 CVE-2023-50868 - dnsmasq 2.90-1 - bind9 - - pdns-recursor + - pdns-recursor (bug #1063852) - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc41b922d87e23364683b648df4e972420b2300f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc41b922d87e23364683b648df4e972420b2300f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add pdns-recursor for CVE-2023-5038{6,7}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 89da9660 by Salvatore Bonaccorso at 2024-02-13T16:56:44+01:00 Add pdns-recursor for CVE-2023-5038{6,7} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14,16 +14,20 @@ CVE-2023-6516 CVE-2023-50387 - dnsmasq 2.90-1 - bind9 + - pdns-recursor - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 + NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1) CVE-2023-50868 - dnsmasq 2.90-1 - bind9 + - pdns-recursor - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 + NOTE: https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c (release-1.19.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89da966094447111ee28cf32aa81f2a7fdd0ab8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89da966094447111ee28cf32aa81f2a7fdd0ab8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2023-28450/dnsmasq
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b7342f7 by Salvatore Bonaccorso at 2024-02-13T16:54:31+01:00 Add fixed version for CVE-2023-28450/dnsmasq - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -52242,7 +52242,7 @@ CVE-2023-28452 CVE-2023-28451 RESERVED CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...) - - dnsmasq (bug #1033165) + - dnsmasq 2.90-1 (bug #1033165) [bookworm] - dnsmasq (Minor issue) [bullseye] - dnsmasq (Minor issue) [buster] - dnsmasq (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7342f7aa7060397f55325eb0aa27b8b2cddef6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7342f7aa7060397f55325eb0aa27b8b2cddef6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add dnsmasq for CVE-2023-5038{6,7}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: afbe2a02 by Salvatore Bonaccorso at 2024-02-13T16:54:02+01:00 Add dnsmasq for CVE-2023-5038{6,7} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12,6 +12,7 @@ CVE-2023-6516 NOTE: https://kb.isc.org/docs/cve-2023-6516 TODO: check, should be 9.16.y specific and so mark first version after 9.16.y as fixed version CVE-2023-50387 + - dnsmasq 2.90-1 - bind9 - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 @@ -19,6 +20,7 @@ CVE-2023-50387 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1) CVE-2023-50868 + - dnsmasq 2.90-1 - bind9 - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afbe2a02a462866144c7b8591de8ed565c897582 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afbe2a02a462866144c7b8591de8ed565c897582 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add additional references for unbound issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5fc09850 by Salvatore Bonaccorso at 2024-02-13T16:50:32+01:00 Add additional references for unbound issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16,11 +16,15 @@ CVE-2023-50387 - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ + NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt + NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/882903f2fa800c4cb6f5e225b728e2887bb7b9ae (release-1.19.1) CVE-2023-50868 - bind9 - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ + NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt + NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/92f2a1ca690a44880f4c4fa70a4b5a4b029aaf1c (release-1.19.1) CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) NOT-FOR-US: WordPress plugin CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fc09850b66ac309f1e10f0cca40bdc2e1abfd82 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fc09850b66ac309f1e10f0cca40bdc2e1abfd82 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for unbound issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1499a85 by Salvatore Bonaccorso at 2024-02-13T16:47:15+01:00 Add Debian bug reference for unbound issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,12 +13,12 @@ CVE-2023-6516 TODO: check, should be 9.16.y specific and so mark first version after 9.16.y as fixed version CVE-2023-50387 - bind9 - - unbound + - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2023-50868 - bind9 - - unbound + - unbound (bug #1063845) NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1499a8554e81b7097fcc4a287fb6f3b3ec0593f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1499a8554e81b7097fcc4a287fb6f3b3ec0593f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-4408/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23ad0643 by Salvatore Bonaccorso at 2024-02-13T16:45:47+01:00 Add CVE-2023-4408/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-4408 + - bind9 + NOTE: https://kb.isc.org/docs/cve-2023-4408 CVE-2023-5517 - bind9 NOTE: https://kb.isc.org/docs/cve-2023-5517 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ad0643924585588e90695c6887aaa0266c539f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ad0643924585588e90695c6887aaa0266c539f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5517/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73fe771f by Salvatore Bonaccorso at 2024-02-13T16:44:26+01:00 Add CVE-2023-5517/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-5517 + - bind9 + NOTE: https://kb.isc.org/docs/cve-2023-5517 CVE-2023-5679 - bind9 NOTE: https://kb.isc.org/docs/cve-2023-5679 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73fe771fd542af5d2cc08998eeb593fe98bcbf0b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73fe771fd542af5d2cc08998eeb593fe98bcbf0b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-5679/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22e5514a by Salvatore Bonaccorso at 2024-02-13T16:41:44+01:00 Add CVE-2023-5679/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-5679 + - bind9 + NOTE: https://kb.isc.org/docs/cve-2023-5679 CVE-2023-6516 - bind9 NOTE: https://kb.isc.org/docs/cve-2023-6516 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22e5514a4cf99ba0773759f77de0f197dadc7f88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22e5514a4cf99ba0773759f77de0f197dadc7f88 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-6516/bind9 but needs further triage
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1cc75d0f by Salvatore Bonaccorso at 2024-02-13T16:40:48+01:00 Add CVE-2023-6516/bind9 but needs further triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2023-6516 + - bind9 + NOTE: https://kb.isc.org/docs/cve-2023-6516 + TODO: check, should be 9.16.y specific and so mark first version after 9.16.y as fixed version CVE-2023-50387 - bind9 - unbound View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cc75d0fcf79127df2c3105f29ca02e9fb816848 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cc75d0fcf79127df2c3105f29ca02e9fb816848 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-50387/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f004699a by Salvatore Bonaccorso at 2024-02-13T16:36:42+01:00 Add CVE-2023-50387/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2023-50387 + - bind9 - unbound + NOTE: https://kb.isc.org/docs/cve-2023-50387 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2023-50868 - bind9 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f004699ad4e27ec26c1b6cbed433aaf0e14fcab2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f004699ad4e27ec26c1b6cbed433aaf0e14fcab2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-50868/bind9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 93a36dab by Salvatore Bonaccorso at 2024-02-13T16:35:48+01:00 Add CVE-2023-50868/bind9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,7 +2,9 @@ CVE-2023-50387 - unbound NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2023-50868 + - bind9 - unbound + NOTE: https://kb.isc.org/docs/cve-2023-50868 NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a36dabcb04a1009a190c2d5c1374459afc37d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a36dabcb04a1009a190c2d5c1374459afc37d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new unbound issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 45ff561c by Moritz Muehlenhoff at 2024-02-13T16:07:49+01:00 new unbound issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2023-50387 + - unbound + NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ +CVE-2023-50868 + - unbound + NOTE: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) NOT-FOR-US: WordPress plugin CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45ff561c82dd8287f55ae36b929c12fe56c406ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45ff561c82dd8287f55ae36b929c12fe56c406ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 32d0c184 by Salvatore Bonaccorso at 2024-02-13T09:26:35+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) NOT-FOR-US: SAP CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) @@ -7,23 +7,23 @@ CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) TODO: check CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) - TODO: check + NOT-FOR-US: Motorola CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) TODO: check CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...) TODO: check CVE-2024-25108 (Pixelfed is an open source photo sharing platform. When processing req ...) - TODO: check + NOT-FOR-US: Pixelfed CVE-2024-24935 (Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24929 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter We ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24887 (Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Pho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24884 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Li ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) TODO: check CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...) @@ -37,7 +37,7 @@ CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...) NOT-FOR-US: SAP CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...) - TODO: check + NOT-FOR-US: Koha Library Management System CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...) TODO: check CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...) @@ -51,29 +51,29 @@ CVE-2024-23760 (Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 all CVE-2024-23759 (Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows att ...) TODO: check CVE-2024-23512 (Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u20 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22454 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22445 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22230 (Dell Unity, versions prior to 5.4, contains a Cross-site scripting vul ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-8 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-7 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-6 (Dell Unity, versions prior to 5.4, contain a path traversal vulnerabil ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-5 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-4 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-3 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-2 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-1 (Dell Unity, versions prior to 5.4, contains SQL Injection vulnerabilit ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution of arbitr ...)
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9baa3dae by Salvatore Bonaccorso at 2024-02-13T09:21:13+01:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) TODO: check CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) TODO: check CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) @@ -27,15 +27,15 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefeb CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) TODO: check CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104, S4FND 1 ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24741 (SAP Master Data Governance for Material Data - versions 618, 619, 620, ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...) TODO: check CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...) @@ -75,17 +75,17 @@ CVE-2024-2 (Dell Unity, versions prior to 5.4, contains an OS Command Inject CVE-2024-1 (Dell Unity, versions prior to 5.4, contains SQL Injection vulnerabilit ...) TODO: check CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution of arbitr ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22131 (In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750 ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22130 (Print preview option inSAP CRM WebClient UI - versions S4FND 102, S4FN ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22129 (SAP Companion - version <3.1.38, has a URL with parameter that could b ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22128 (SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_U ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22126 (The User Admin application of SAP NetWeaver AS for Java - version 7.50 ...) - TODO: check + NOT-FOR-US: SAP CVE-2024-22024 (An XML external entity or XXE vulnerability in the SAML component of I ...) TODO: check CVE-2024-21491 (Versions of the package svix before 1.17.0 are vulnerable to Authentic ...) @@ -102681,7 +102681,7 @@ CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Success CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption module. Suc ...) NOT-FOR-US: Huawei CVE-2022-38714 (IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive cr ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-38713 RESERVED CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services ...) @@ -115121,11 +115121,11 @@ CVE-2022-34313 (IBM CICS TX 11.1 does not set the secure attribute on authorizat CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which can be re ...) NOT-FOR-US: IBM CVE-2022-34311 (IBM CICS TX Standard and Advanced 11.1 could allow a user with physica ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34310 (IBM CICS TX Standard and Advanced 11.1 uses weaker than expected crypt ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34309 (IBM CICS TX Standard and Advanced 11.1 uses weaker than expected crypt ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of service ...) NOT-FOR-US: IBM CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...) @@ -151406,7 +151406,7 @@ CVE-2022-22508 (Improper Input Validation vulnerability in multiple CODESYS V3 p CVE-2022-22507 REJECTED CVE-2022-22506 (IBM Robotic Process Automation 21.0.2 contains a vulnerability that co ...) - TODO: check + NOT-FOR-US: IBM CVE-2022-22505 (IBM Robotic Process Automation 21.0.0,
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ff1881e by security tracker role at 2024-02-13T08:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,183 @@ -CVE-2024-1459 [directory traversal vulnerability] +CVE-2024-25914 (Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Ma ...) + TODO: check +CVE-2024-25643 (The SAP Fiori app (My Overtime Request) - version 605, does not perfor ...) + TODO: check +CVE-2024-25642 (Due to improper validation of certificate in SAP Cloud Connector - ver ...) + TODO: check +CVE-2024-25407 (SteVe v3.6.0 was discovered to use predictable transaction ID's when r ...) + TODO: check +CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks infor ...) + TODO: check +CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + TODO: check +CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...) + TODO: check +CVE-2024-25108 (Pixelfed is an open source photo sharing platform. When processing req ...) + TODO: check +CVE-2024-24935 (Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic ...) + TODO: check +CVE-2024-24929 (Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter We ...) + TODO: check +CVE-2024-24887 (Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Pho ...) + TODO: check +CVE-2024-24884 (Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Fo ...) + TODO: check +CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Li ...) + TODO: check +CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + TODO: check +CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...) + TODO: check +CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104, S4FND 1 ...) + TODO: check +CVE-2024-24741 (SAP Master Data Governance for Material Data - versions 618, 619, 620, ...) + TODO: check +CVE-2024-24740 (SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL ...) + TODO: check +CVE-2024-24739 (SAP Bank Account Management (BAM) allows an authenticated user with re ...) + TODO: check +CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aq ...) + TODO: check +CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...) + TODO: check +CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...) + TODO: check +CVE-2024-23762 (Unrestricted File Upload vulnerability in Content Manager feature in G ...) + TODO: check +CVE-2024-23761 (Server Side Template Injection in Gambio 4.9.2.0 allows attackers to r ...) + TODO: check +CVE-2024-23760 (Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows at ...) + TODO: check +CVE-2024-23759 (Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows att ...) + TODO: check +CVE-2024-23512 (Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u20 ...) + TODO: check +CVE-2024-22454 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) + TODO: check +CVE-2024-22445 (Dell PowerProtect Data Manager, version 19.15 and prior versions, cont ...) + TODO: check +CVE-2024-22230 (Dell Unity, versions prior to 5.4, contains a Cross-site scripting vul ...) + TODO: check +CVE-2024-8 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-7 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-6 (Dell Unity, versions prior to 5.4, contain a path traversal vulnerabil ...) + TODO: check +CVE-2024-5 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-4 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-3 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-2 (Dell Unity, versions prior to 5.4, contains an OS Command Injection Vu ...) + TODO: check +CVE-2024-1 (Dell Unity, versions prior to 5.4, contains SQL Injection vulnerabilit ...) + TODO: check +CVE-2024-22132 (SAP IDES ECC-systems contain code that permits the execution of arbitr ...) + TODO: check +CVE-2024-22131 (In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750 ...) + TODO: check +CVE-2024-22130 (Print preview