[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-6349 and CVE-2023-44488
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfddebb7 by Salvatore Bonaccorso at 2024-05-28T14:06:11+02:00 Update information for CVE-2023-6349 and CVE-2023-44488 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77,8 +77,12 @@ CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Comman NOT-FOR-US: Grup Arge Energy and Control Systems Smartpower CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) - libvpx 1.13.1-2 + [bookworm] - libvpx 1.12.0-1+deb12u2 + [bullseye] - libvpx 1.9.0-1+deb11u2 + [buster] - libvpx 1.7.0-3+deb10u2 NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642 NOTE: Fixed by: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) + NOTE: Same upstream commit as CVE-2023-44488 CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) NOTE: Disputed GNOME Shell issue CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) @@ -59551,6 +59555,7 @@ CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a cras NOTE: https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f (main) NOTE: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) NOTE: http://www.openwall.com/lists/oss-security/2023/09/30/4 + NOTE: Same commit as CVE-2023-6349 CVE-2022-4956 (A vulnerability classified as critical has been found in Caphyon Advan ...) NOT-FOR-US: Caphyon Advanced Installer CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfddebb7351411a90392860e8dcf667f15b95d22 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfddebb7351411a90392860e8dcf667f15b95d22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-26256
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3ebbec8 by Salvatore Bonaccorso at 2024-05-28T13:53:57+02:00 Update status for CVE-2024-26256 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18663,11 +18663,12 @@ CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26256 (libarchive Remote Code Execution Vulnerability) - libarchive + [bullseye] - libarchive (Vulnerable code introduced in 3.6.0) [buster] - libarchive (Vulnerable code introduced in 3.6.0) NOTE: https://github.com/advisories/GHSA-2jc9-36w4-pmqw NOTE: https://github.com/libarchive/libarchive/pull/2135 - NOTE: https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237 (v3.7.4) - NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/01a2d329dfc71741892e2b590cf9fb25092474a0 (v.3.6.0) + NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/01a2d329dfc71741892e2b590cf9fb25092474a0 (v3.6.0) + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237 (v3.7.4) CVE-2024-26255 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2024-26254 (Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3ebbec843fca5002baa00adef95fd36afacb9e0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3ebbec843fca5002baa00adef95fd36afacb9e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5aeb324b by security tracker role at 2024-05-28T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2024-36428 (OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.) + TODO: check +CVE-2024-36426 (In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session ...) + TODO: check +CVE-2024-32944 (Path traversal vulnerability exists in UTAU versions prior to v0.4.19. ...) + TODO: check +CVE-2024-29078 (Incorrect permission assignment for critical resource issue exists in ...) + TODO: check +CVE-2024-28886 (OS command injection vulnerability exists in UTAU versions prior to v0 ...) + TODO: check +CVE-2024-28880 (Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier a ...) + TODO: check +CVE-2023-52712 (Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The firs ...) + TODO: check +CVE-2023-52711 (Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The firs ...) + TODO: check +CVE-2023-52710 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communicati ...) + TODO: check +CVE-2023-52548 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Co ...) + TODO: check +CVE-2023-52547 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption i ...) + TODO: check +CVE-2022-48681 (Some Huawei smart speakers have a memory overflow vulnerability. Succe ...) + TODO: check CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) NOT-FOR-US: RhinOS CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aeb324b056f16341b59a6716864a89c01590979 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aeb324b056f16341b59a6716864a89c01590979 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference commit from github mirror for CVE-2023-6349/libvpx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9cd1ffa by Salvatore Bonaccorso at 2024-05-27T22:53:47+02:00 Reference commit from github mirror for CVE-2023-6349/libvpx - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,7 +49,7 @@ CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) - libvpx 1.13.1-2 NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642 - NOTE: https://chromium.googlesource.com/webm/libvpx/+/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) + NOTE: Fixed by: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) TODO: check CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9cd1ffa9842382959a39721e79e2196b8919b73 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9cd1ffa9842382959a39721e79e2196b8919b73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-6349/libvpx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8751b782 by Salvatore Bonaccorso at 2024-05-27T22:39:55+02:00 Add CVE-2023-6349/libvpx - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,7 +47,9 @@ CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulne CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) - TODO: check + - libvpx 1.13.1-2 + NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642 + NOTE: https://chromium.googlesource.com/webm/libvpx/+/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) TODO: check CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8751b782ff8ca6e23bad23a8bc31e8e84bd41fe0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8751b782ff8ca6e23bad23a8bc31e8e84bd41fe0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e46e56a2 by Salvatore Bonaccorso at 2024-05-27T22:36:45+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code injection thro ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) - TODO: check + NOT-FOR-US: WinNMP CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) - TODO: check + NOT-FOR-US: WinNMP CVE-2024-3381 REJECTED CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6.0.3. ...) @@ -15,19 +15,19 @@ CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6 CVE-2024-36105 (dbt enables data analysts and engineers to transform their data using ...) TODO: check CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-35238 (Minder by Stacklok is an open source software supply chain security pl ...) - TODO: check + NOT-FOR-US: Minder by Stacklok CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js that ve ...) - TODO: check + NOT-FOR-US: MIT IdentiBot CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...) TODO: check CVE-2024-35231 (rack-contrib provides contributed rack middleware and utilities for Ra ...) TODO: check CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...) - TODO: check + NOT-FOR-US: ZKsync Era CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries (SDK gener ...) TODO: check CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the desig ...) @@ -35,7 +35,7 @@ CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the CVE-2024-35181 (Meshery is an open source, cloud native manager that enables the desig ...) TODO: check CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, ...) - TODO: check + NOT-FOR-US: Avocent DSR2030 Appliance firmware CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows l ...) TODO: check CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...) @@ -43,7 +43,7 @@ CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relati CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...) TODO: check CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulnerable ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46e56a25c12b44222a7ee274f4c363ca88b3733 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46e56a25c12b44222a7ee274f4c363ca88b3733 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60065691 by security tracker role at 2024-05-27T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) + TODO: check +CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) + TODO: check +CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code injection thro ...) + TODO: check +CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) + TODO: check +CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) + TODO: check +CVE-2024-3381 + REJECTED +CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6.0.3. ...) + TODO: check +CVE-2024-36105 (dbt enables data analysts and engineers to transform their data using ...) + TODO: check +CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) + TODO: check +CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) + TODO: check +CVE-2024-35238 (Minder by Stacklok is an open source software supply chain security pl ...) + TODO: check +CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js that ve ...) + TODO: check +CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...) + TODO: check +CVE-2024-35231 (rack-contrib provides contributed rack middleware and utilities for Ra ...) + TODO: check +CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...) + TODO: check +CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries (SDK gener ...) + TODO: check +CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the desig ...) + TODO: check +CVE-2024-35181 (Meshery is an open source, cloud native manager that enables the desig ...) + TODO: check +CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, ...) + TODO: check +CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows l ...) + TODO: check +CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...) + TODO: check +CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...) + TODO: check +CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulnerable ...) + TODO: check +CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) + TODO: check +CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) + TODO: check +CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) + TODO: check CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) NOT-FOR-US: ASKEY CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) @@ -1527,6 +1581,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Galler CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...) NOT-FOR-US: WinRAR CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...) + {DLA-3822-1} - python-pymysql (bug #1071628) NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp NOTE: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c (v1.1.1) @@ -17012,7 +17067,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vul CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...) - {DSA-5679-1} + {DSA-5679-1 DLA-3823-1} - less 590-2.1 (bug #1068938) NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5 NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 @@ -20962,7 +21017,8 @@ CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated a TODO: check upstream report status, seems not filled as issue CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) NO
[Git][security-tracker-team/security-tracker][master] Remove notes from rejected CVEs which were duplicates
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80b3452c by Salvatore Bonaccorso at 2024-05-27T21:34:28+02:00 Remove notes from rejected CVEs which were duplicates - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72808,10 +72808,8 @@ CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorr NOT-FOR-US: Shopware CVE-2023-33567 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-33566 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...) @@ -73168,7 +73166,6 @@ CVE-2023-34012 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pr NOT-FOR-US: WordPress plugin CVE-2023-33565 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEx ...) NOT-FOR-US: WordPress plugin CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80b3452c11a11495ca412bc7b4e8cbeb741d9d07 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80b3452c11a11495ca412bc7b4e8cbeb741d9d07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-33427
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a9fedad by Salvatore Bonaccorso at 2024-05-27T21:32:51+02:00 Remove notes from CVE-2024-33427 Further investigation showed that this was not a security issue for squid. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -230,11 +230,6 @@ CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4 NOT-FOR-US: AVTECH Room Alert CVE-2024-33427 REJECTED - - squid (unimportant) - - squid3 (unimportant) - NOTE: https://github.com/squid-cache/squid/pull/1763 - NOTE: https://github.com/squid-cache/squid/commit/1891ce596237b45e0a675f75c49a5f6a840d - NOTE: OOB read in config file parsing, doesn't cross any reasonable security boundary CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) - liboqs NOTE: https://github.com/liang-junkai/Fault-injection-of-ML-DSA View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9fedad946f8706599700577c5d6876adcaa1ae -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9fedad946f8706599700577c5d6876adcaa1ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-1135/gunicorn via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31dbe789 by Salvatore Bonaccorso at 2024-05-27T20:23:55+02:00 Track fixed version for CVE-2024-1135/gunicorn via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16490,7 +16490,7 @@ CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the h2oai/h CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the grad ...) NOT-FOR-US: Gradio CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...) - - gunicorn (bug #1069126) + - gunicorn 22.0.0-1 (bug #1069126) [bookworm] - gunicorn (Minor issue) [bullseye] - gunicorn (Minor issue) [buster] - gunicorn (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dbe78998411673120f9945931ce15c4ca4acc5 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dbe78998411673120f9945931ce15c4ca4acc5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update version number to 5.9.6-1 for CVE-2022-4967
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d01c980 by Salvatore Bonaccorso at 2024-05-27T17:54:50+02:00 Update version number to 5.9.6-1 for CVE-2022-4967 The change is only contained in 5.9.6-1 and 5.6.4-1 did not carry the patch separately. Bump thus the version to the 5.9.6 based one. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7161,7 +7161,7 @@ CVE-2023-49781 (NocoDB is software for building databases as spreadsheets. Prior CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAP ...) NOT-FOR-US: Nordic Semiconductor nRF Sniffer for Bluetooth CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...) - - strongswan 5.9.4-1 + - strongswan 5.9.6-1 [bullseye] - strongswan (Introduced in 5.9.2) [buster] - strongswan (Introduced in 5.9.2) NOTE: https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d01c9809671926a1e572f0114bea08d303acd6f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d01c9809671926a1e572f0114bea08d303acd6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update references for CVE-2024-2486{2,3}/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27cbdd4c by Salvatore Bonaccorso at 2024-05-27T17:43:17+02:00 Update references for CVE-2024-2486{2,3}/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16985,9 +16985,15 @@ CVE-2024-3651 [potential DoS via resource consumption via specially crafted inpu CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) - linux NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8750 CVE-2024-24862 (In function pci1_spi_probe, there is a potential null pointer that ...) - - linux + - linux 6.8.9-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1f886a7bfb3faf4c1021e73f045538008ce7634e (6.9-rc3) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8748 + NOTE: Duplicate of CVE-2024-35883. CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27cbdd4c2ccee194f310e09f2ed7b5601ac0f717 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27cbdd4c2ccee194f310e09f2ed7b5601ac0f717 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ebb9273 by security tracker role at 2024-05-27T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,87 @@ +CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) + TODO: check +CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) + TODO: check +CVE-2024-5399 (Openfind Mail2000 does not properly filter parameters of specific API. ...) + TODO: check +CVE-2024-5397 (A vulnerability classified as critical was found in itsourcecode Onlin ...) + TODO: check +CVE-2024-5396 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-5395 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5394 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5393 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5392 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5391 (A vulnerability has been found in itsourcecode Online Student Enrollme ...) + TODO: check +CVE-2024-5390 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-5385 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-5384 (A vulnerability classified as critical was found in SourceCodester Fac ...) + TODO: check +CVE-2024-5383 (A vulnerability classified as problematic has been found in lakernote ...) + TODO: check +CVE-2024-5381 (A vulnerability classified as critical was found in itsourcecode Stude ...) + TODO: check +CVE-2024-5380 (A vulnerability classified as problematic has been found in jsy-1 shor ...) + TODO: check +CVE-2024-5379 (A vulnerability was found in JFinalCMS up to 20240111. It has been rat ...) + TODO: check +CVE-2024-5378 (A vulnerability was found in SourceCodester School Intramurals Student ...) + TODO: check +CVE-2024-5377 (A vulnerability was found in SourceCodester Vehicle Management System ...) + TODO: check +CVE-2024-5376 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-5035 (The affected device expose a network service called "rftest" that is v ...) + TODO: check +CVE-2024-4535 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) + TODO: check +CVE-2024-4534 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) + TODO: check +CVE-2024-4533 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not san ...) + TODO: check +CVE-2024-4532 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4531 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4530 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4529 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4286 (Mintplex-Labs' anything-llm application is vulnerable to improper neut ...) + TODO: check +CVE-2024-3939 (The Ditty WordPress plugin before 3.1.36 does not sanitise and escape ...) + TODO: check +CVE-2024-3933 (In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, w ...) + TODO: check +CVE-2024-36384 (Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is rel ...) + TODO: check +CVE-2024-36056 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-36055 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-36054 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-35297 (Cross-site scripting vulnerability exists in WP Booking versions prior ...) + TODO: check +CVE-2024-35291 (Cross-site scripting vulnerability exists in Splunk Config Explorer ve ...) + TODO: check +CVE-2024-34454 (Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SS ...) + TODO: check +CVE-2024-30658 + REJECTED +CVE-2024-30657 + REJECTED +CVE-2024-27314 (Zoho ManageEngineServiceDesk Plus versions below14730,ServiceDesk Plus ...) + TODO: check +CVE-2024-26289 (Deserialization of Untrusted Data vulnerability in PMB Services PMB al ...) + TODO: check CVE-2024-5375 (A vulnerability has
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d3184040 by Salvatore Bonaccorso at 2024-05-27T10:09:25+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,11 +29,11 @@ CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCo CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5358 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 and ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5272 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) - mattermost-server (bug #823556) CVE-2024-5270 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and ...) @@ -91,7 +91,7 @@ CVE-2024-4858 (The Testimonial Carousel For Elementor plugin for WordPress is vu CVE-2024-4045 (The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, ...) NOT-FOR-US: WordPress plugin CVE-2024-36079 (An issue was discovered in Vaultize 21.07.27. When uploading files, th ...) - TODO: check + NOT-FOR-US: Vaultize CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sq ...) NOT-FOR-US: Mocodo Mocodo Online CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Exec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3184040736d09d03f3fbee22ce6e74096497343 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3184040736d09d03f3fbee22ce6e74096497343 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae7b7e68 by Salvatore Bonaccorso at 2024-05-27T08:49:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-5375 (A vulnerability has been found in Kashipara College Management System ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5374 (A vulnerability, which was classified as problematic, was found in Kas ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5373 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5372 (A vulnerability classified as problematic was found in Kashipara Colle ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5371 (A vulnerability classified as problematic has been found in Kashipara ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5370 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5369 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5368 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5367 (A vulnerability was found in Kashipara College Management System 1.0 a ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5366 (A vulnerability has been found in SourceCodester Best House Rental Man ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5365 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5364 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5363 (A vulnerability classified as critical was found in SourceCodester Bes ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Hospital Management System CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) TODO: check CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae7b7e687b6251981c280dc7b8dcfa2e32759020 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae7b7e687b6251981c280dc7b8dcfa2e32759020 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some CVEs for mattermost-server, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 459bd79c by Salvatore Bonaccorso at 2024-05-27T07:40:47+02:00 Process some CVEs for mattermost-server, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,23 +35,23 @@ CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 CVE-2024-5358 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 and ...) TODO: check CVE-2024-5272 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-5270 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-36255 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-36241 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-34152 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-34029 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-32045 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-31859 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-29215 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8. ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/459bd79c1a74939df70bd0822558edfa7c54984c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/459bd79c1a74939df70bd0822558edfa7c54984c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 307c33fb by security tracker role at 2024-05-26T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-5375 (A vulnerability has been found in Kashipara College Management System ...) + TODO: check +CVE-2024-5374 (A vulnerability, which was classified as problematic, was found in Kas ...) + TODO: check +CVE-2024-5373 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-5372 (A vulnerability classified as problematic was found in Kashipara Colle ...) + TODO: check +CVE-2024-5371 (A vulnerability classified as problematic has been found in Kashipara ...) + TODO: check +CVE-2024-5370 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5369 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5368 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5367 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-5366 (A vulnerability has been found in SourceCodester Best House Rental Man ...) + TODO: check +CVE-2024-5365 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-5364 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-5363 (A vulnerability classified as critical was found in SourceCodester Bes ...) + TODO: check +CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5358 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 and ...) + TODO: check +CVE-2024-5272 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) + TODO: check +CVE-2024-5270 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and ...) + TODO: check +CVE-2024-36255 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-36241 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-34152 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-34029 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-32045 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) + TODO: check +CVE-2024-31859 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-29215 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8. ...) + TODO: check CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307c33fbacebd310f4b02a4c3f1c1a4693485a76 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307c33fbacebd310f4b02a4c3f1c1a4693485a76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for QAbstractOAuth issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b4c16cb by Salvatore Bonaccorso at 2024-05-26T21:11:25+02:00 Add Debian bug reference for QAbstractOAuth issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4193,10 +4193,10 @@ CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches, whic NOTE: https://github.com/NixOS/ofborg/issues/68#issuecomment-2082789441 TODO: check details and verify if same code (and only then) is present in guix CVE-2024-36048 (QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x b ...) - - qtnetworkauth-everywhere-src + - qtnetworkauth-everywhere-src (bug #1071974) [bookworm] - qtnetworkauth-everywhere-src (Minor issue) [bullseye] - qtnetworkauth-everywhere-src (Minor issue) - - qt6-networkauth + - qt6-networkauth (bug #1071973) [bookworm] - qt6-networkauth (Minor issue) NOTE: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 NOTE: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b4c16cb0175832aa6842c6d6bf39486478a7e1e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b4c16cb0175832aa6842c6d6bf39486478a7e1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-4603/openssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51c8e3bf by Salvatore Bonaccorso at 2024-05-26T21:05:47+02:00 Add Debian bug reference for CVE-2024-4603/openssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7423,7 +7423,7 @@ CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes Ultim CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote Code Execu ...) NOT-FOR-US: WordPress plugin CVE-2024-4603 (Issue summary: Checking excessively long DSA keys or parameters may be ...) - - openssl + - openssl (bug #1071972) [bookworm] - openssl (Minor issue, fix along with next update round) [bullseye] - openssl (Vulnerable code not present) [buster] - openssl (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c8e3bf52d1b38570a43f7f6ce8f737f03fc192 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c8e3bf52d1b38570a43f7f6ce8f737f03fc192 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-3708/lighttpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 17b2ea62 by Salvatore Bonaccorso at 2024-05-26T20:58:12+02:00 Update status for CVE-2024-3708/lighttpd The CNA will publish details only on July 9th, 2024 but the pre-announce in [1] declares it to be an issue fixed in 2018 siently by the maintainer in 1.4.51 upstream. The first version in unstable containing the fix was 1.4.52-1, so mark it as the fixed version. [1] https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -732,8 +732,8 @@ CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise an CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) NOT-FOR-US: WordPress plugin CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) - - lighttpd - TODO: check, maybe fixed in 1.4.51, details will be only pubished on July 9th, 2024 + - lighttpd 1.4.52-1 + TODO: check details (will be only pubished on July 9th, 2024), but said to be an issue fixed by maintainer in 2018 in version 1.4.51 CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b2ea62b125b0fedfb07428bddf308cdff31160 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b2ea62b125b0fedfb07428bddf308cdff31160 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-29895/cacti
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b37447a9 by Salvatore Bonaccorso at 2024-05-26T20:45:55+02:00 Update status for CVE-2024-29895/cacti - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6971,11 +6971,10 @@ CVE-2024-30258 (FastDDS is a C++ implementation of the DDS (Data Distribution Se NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh NOTE: https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b CVE-2024-29895 (Cacti provides an operational monitoring and fault management framewor ...) - - cacti + - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m NOTE: Fixed by: https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d NOTE: But fix reverted again: https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc - TODO: check, might affect only 1.3.x CVE-2024-29894 (Cacti provides an operational monitoring and fault management framewor ...) - cacti 1.2.27+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37447a9e09cd04673b0cb08aedc50d9f55f5fae -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37447a9e09cd04673b0cb08aedc50d9f55f5fae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 411767f9 by Salvatore Bonaccorso at 2024-05-26T13:31:23+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5355 (A vulnerability, which was classified as critical, has been found in a ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5354 (A vulnerability classified as problematic was found in anji-plus AJ-Re ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5353 (A vulnerability classified as critical has been found in anji-plus AJ- ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5352 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5351 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5350 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5340 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/411767f9e83873d0a41bfec6bc46d28bbd73242a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/411767f9e83873d0a41bfec6bc46d28bbd73242a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5465e8ce by security tracker role at 2024-05-26T08:12:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) + TODO: check +CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) + TODO: check +CVE-2024-5355 (A vulnerability, which was classified as critical, has been found in a ...) + TODO: check +CVE-2024-5354 (A vulnerability classified as problematic was found in anji-plus AJ-Re ...) + TODO: check +CVE-2024-5353 (A vulnerability classified as critical has been found in anji-plus AJ- ...) + TODO: check +CVE-2024-5352 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) + TODO: check +CVE-2024-5351 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) + TODO: check +CVE-2024-5350 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) + TODO: check +CVE-2024-5340 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) + TODO: check CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) @@ -6130,7 +6148,7 @@ CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password Protect CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of social tech ...) NOT-FOR-US: WordPress plugin CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in affected Lib ...) - {DSA-5690-1} + {DSA-5690-1 DLA-3821-1} - libreoffice 4:24.2.3~rc1-2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/ NOTE: https://git.libreoffice.org/core/+/8b2402b16df185119c91222b33ff1b8d55e0afe4%5E%21 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5465e8ce11c9b15e2c655d37ae6870ed79e9fb8a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5465e8ce11c9b15e2c655d37ae6870ed79e9fb8a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for linux update via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 10a958cd by Salvatore Bonaccorso at 2024-05-26T09:06:08+02:00 Track fixed version for linux update via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -752,15 +752,15 @@ CVE-2023-46807 (An SQL Injection vulnerability in web component of EPMM before 1 CVE-2023-46806 (An SQL Injection vulnerability in a web component of EPMM versions bef ...) NOT-FOR-US: Ivanti CVE-2024-36013 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9) CVE-2024-36012 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9) CVE-2024-36011 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -3669,7 +3669,7 @@ CVE-2024-35950 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/3eadd887dbac1df8f25f701e5d404d1b90fd0fea (6.9-rc4) CVE-2024-35949 (In the Linux kernel, the following vulnerability has been resolved: b ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/e03418abde871314e1a3a550f4c8afb7b89cb273 (6.9) CVE-2024-35948 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux @@ -3739,7 +3739,7 @@ CVE-2024-36070 (tine before 2023.11.8, when an LDAP backend is used, allows anon CVE-2024-36053 (In the mintupload package through 4.2.0 for Linux Mint, service-name m ...) NOT-FOR-US: mintupload CVE-2024-35947 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c (6.9-rc7) CVE-2024-35946 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.8.9-1 @@ -5499,7 +5499,7 @@ CVE-2023-27504 (Improper conditions check in some Intel(R) BIOS Guard firmware m CVE-2023-22662 (Improper input validation of EpsdSrMgmtConfig in UEFI firmware for som ...) NOT-FOR-US: Intel CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R) DSA and In ...) - - linux + - linux 6.8.11-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html CVE-2023-47855 (Improper input validation in some Intel(R) TDX module software before ...) @@ -6999,18 +6999,18 @@ CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/Sni CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...) TODO: check CVE-2024-27401 (In the Linux kernel, the following vulnerability has been resolved: f ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/38762a0763c10c24a4915feee722d7aa6e73eb98 (6.9-rc7) CVE-2024-27400 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux + - linux 6.8.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7) CVE-2024-27399 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/adf0398cee86643b8eacde95f17d073d022f782c (6.9) CVE-2024-27398 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) CVE-2023-52656 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.12-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a958cdb9d222388bd2682639df16f27ac4dfec -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a958cdb9d222388bd2682639df16f27ac4dfec You're receiving this email because of your account
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-33427/squid
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0befe408 by Salvatore Bonaccorso at 2024-05-26T07:51:57+02:00 Add CVE-2024-33427/squid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73,7 +73,10 @@ CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 a CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...) NOT-FOR-US: AVTECH Room Alert CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...) - TODO: check + - squid + - squid3 + NOTE: https://github.com/squid-cache/squid/pull/1763 + NOTE: https://github.com/squid-cache/squid/commit/1891ce596237b45e0a675f75c49a5f6a840d CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) TODO: check CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0befe408dbcd83114efd2ca35546b87d7759ae41 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0befe408dbcd83114efd2ca35546b87d7759ae41 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0857c4db by Salvatore Bonaccorso at 2024-05-26T07:49:30+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-5337 (A vulnerability was found in Ruijie RG-UAC up to 20240516 and classifi ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-5336 (A vulnerability has been found in Ruijie RG-UAC up to 20240516 and cla ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-30056 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) TODO: check CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0857c4dbd1226fd9d2551f57ba84518ebddeb51c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0857c4dbd1226fd9d2551f57ba84518ebddeb51c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 887ef5c3 by security tracker role at 2024-05-25T20:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) + TODO: check +CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) + TODO: check +CVE-2024-5337 (A vulnerability was found in Ruijie RG-UAC up to 20240516 and classifi ...) + TODO: check +CVE-2024-5336 (A vulnerability has been found in Ruijie RG-UAC up to 20240516 and cla ...) + TODO: check +CVE-2024-30056 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + TODO: check CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...) @@ -90853,6 +90863,7 @@ CVE-2023-27351 (This vulnerability allows remote attackers to bypass authenticat CVE-2023-27350 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: PaperCut CVE-2023-27349 (BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Co ...) + {DLA-3820-1} - bluez 5.68-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-386/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9 (5.67) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/887ef5c334c9ca7ccc7e0e2d24133cd8ec7c1ba8 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/887ef5c334c9ca7ccc7e0e2d24133cd8ec7c1ba8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-25581/dnsdist
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4242cbf1 by Salvatore Bonaccorso at 2024-05-25T21:24:00+02:00 Track fixed version for CVE-2024-25581/dnsdist - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7010,7 +7010,7 @@ CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3) CVE-2024-25581 (When incoming DNS over HTTPS support is enabled using the nghttp2 prov ...) - - dnsdist (bug #1071750) + - dnsdist 1.9.4-1 (bug #1071750) [bookworm] - dnsdist (Vulnerable code not present) [bullseye] - dnsdist (Vulnerable code not present) [buster] - dnsdist (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4242cbf1b289ca347bf43f20634ca52d441ac3d0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4242cbf1b289ca347bf43f20634ca52d441ac3d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track sendmail for proposed update via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 743091ab by Salvatore Bonaccorso at 2024-05-25T21:03:01+02:00 Track sendmail for proposed update via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -182,3 +182,5 @@ CVE-2024-26328 [bookworm] - qemu 1:7.2+dfsg-7+deb12u6 CVE-2023-4237 [bookworm] - ansible 7.7.0+dfsg-3+deb12u1 +CVE-2023-51765 + [bookworm] - sendmail 8.17.1.9-2+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743091ab65ee36822750f292100eb54d87ba1b34 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743091ab65ee36822750f292100eb54d87ba1b34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for ansible via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52f13b23 by Salvatore Bonaccorso at 2024-05-25T20:52:45+02:00 Track proposed update for ansible via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -180,3 +180,5 @@ CVE-2024-26327 [bookworm] - qemu 1:7.2+dfsg-7+deb12u6 CVE-2024-26328 [bookworm] - qemu 1:7.2+dfsg-7+deb12u6 +CVE-2023-4237 + [bookworm] - ansible 7.7.0+dfsg-3+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f13b23fac813a6e147b05e36a16145bda582db -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f13b23fac813a6e147b05e36a16145bda582db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Remove notes from CVE-2023-52656"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 733067fc by Salvatore Bonaccorso at 2024-05-25T20:39:01+02:00 Revert Remove notes from CVE-2023-52656 This reverts commit abb9601745fbbae5fb06e1c2ff9c79d8851e5b4c. CVE was restored again by the Linux Kernel CNA. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6999,8 +6999,11 @@ CVE-2024-27399 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-27398 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) -CVE-2023-52656 - REJECTED +CVE-2023-52656 (In the Linux kernel, the following vulnerability has been resolved: i ...) + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + [bullseye] - linux 5.10.216-1 + NOTE: https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1) CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/733067fc5c8c55bcecf6cf04960895444cad70f1 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/733067fc5c8c55bcecf6cf04960895444cad70f1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-31208/matrix-synapse via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 936939f8 by Salvatore Bonaccorso at 2024-05-25T16:45:24+02:00 Track fixed version for CVE-2024-31208/matrix-synapse via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13796,7 +13796,7 @@ CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerabi CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) NOT-FOR-US: Terratec CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) - - matrix-synapse (bug #1069763) + - matrix-synapse 1.103.0-2 (bug #1069763) NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v NOTE: https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a (v1.105.1) CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/936939f8e86d0d76f6773de892a976b9ab648b68 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/936939f8e86d0d76f6773de892a976b9ab648b68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add some notes for frr and git
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 97886111 by Salvatore Bonaccorso at 2024-05-25T16:21:18+02:00 Add some notes for frr and git - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -19,9 +19,11 @@ dnsdist (jmm) dnsmasq -- frr - Tobias Frost (tobi) proposed to work on preparing an update + Tobias Frost (tobi) proposed to work on preparing an update, but discussion + with Debian maintainer for status on bullseye + updates -- git + Maintainer is queried to prepare an update -- gpac/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/978861114bc80d7d0b5af7e171769aabedff7388 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/978861114bc80d7d0b5af7e171769aabedff7388 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Deassociate CVE-2024-24795 from fossil
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb3757d3 by Salvatore Bonaccorso at 2024-05-25T16:15:03+02:00 Deassociate CVE-2024-24795 from fossil CVE-2024-24795 is for apache2. - - - - - a63a6d31 by Salvatore Bonaccorso at 2024-05-25T16:19:20+02:00 Several Linux CVEs rejected - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -2385,9 +2385,8 @@ CVE-2021-47413 (In the Linux kernel, the following vulnerability has been resolv CVE-2021-47412 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.14.12-1 NOTE: https://git.kernel.org/linus/a647a524a46736786c95cdb553a070322ca096e3 (5.15-rc3) -CVE-2021-47411 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 5.14.12-1 - NOTE: https://git.kernel.org/linus/8bab4c09f24ec8d4a7a78ab343620f89d3a24804 (5.15-rc3) +CVE-2021-47411 + REJECTED CVE-2021-47410 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.14.12-1 NOTE: https://git.kernel.org/linus/197ae17722e989942b36e33e044787877f158574 (5.15-rc3) @@ -3819,10 +3818,8 @@ CVE-2024-35925 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-35924 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/b3db266fb031fba88c423d4bb8983a73a3db6527 (6.9-rc1) -CVE-2024-35923 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 6.8.9-1 - [bookworm] - linux 6.1.90-1 - NOTE: https://git.kernel.org/linus/e21e1c45e1fe2e31732f40256b49c04e76a17cee (6.9-rc1) +CVE-2024-35923 + REJECTED CVE-2024-35922 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 @@ -4492,12 +4489,8 @@ CVE-2024-35821 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/723012cab779eee8228376754e22c6594229bf8f (6.9-rc1) -CVE-2024-35820 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 6.7.12-1 - [bookworm] - linux (Vulnerable code not present) - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) - NOTE: https://git.kernel.org/linus/1a8ec63b2b6c91caec87d4e132b1f71b5df342be (6.9-rc1) +CVE-2024-35820 + REJECTED CVE-2024-35819 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 @@ -4847,58 +4840,28 @@ CVE-2024-27431 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.216-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2487007aa3b9fafbd2cb14068f49791ce1d7ede5 (6.8) -CVE-2024-27430 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/958d6145a6d9ba9e075c921aead8753fb91c9101 (6.8) +CVE-2024-27430 + REJECTED CVE-2024-27429 REJECTED -CVE-2024-27428 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/119cae5ea3f9e35cdada8e572cc067f072fa825a (6.8) -CVE-2024-27427 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/60a7a152abd494ed4f69098cf0f322e6bb140612 (6.8) -CVE-2024-27426 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/e799299aafed417cc1f32adccb2a0e5268b3f6d5 (6.8) -CVE-2024-27425 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/806f462ba9029d41aadf8ec93f2f99c5305deada (6.8) -CVE-2024-27424 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/43547d8699439a67b78d6bb39015113f7aa360fd (6.8) -CVE-2024-27423 (In the Linux kernel
[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2024-4453
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94659a5e by Salvatore Bonaccorso at 2024-05-25T13:23:36+02:00 Add reference for CVE-2024-4453 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -790,6 +790,7 @@ CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Priv CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) - gst-plugins-base1.0 1.24.3-1 - gst-plugins-base0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 NOTE: Backport: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6768 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94659a5e05fcdb35d7d1a489143f73d80289472e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94659a5e05fcdb35d7d1a489143f73d80289472e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc349f36 by Salvatore Bonaccorso at 2024-05-25T13:19:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5218 (The Reviews and Rating \u2013 Google Reviews plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4858 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4045 (The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36079 (An issue was discovered in Vaultize 21.07.27. When uploading files, th ...) TODO: check CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sq ...) - TODO: check + NOT-FOR-US: Mocodo Mocodo Online CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Exec ...) - TODO: check + NOT-FOR-US: Mocodo Mocodo Online CVE-2024-35232 (github.com/huandu/facebook is a Go package that fully supports the Fac ...) TODO: check CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc349f36758c15aa52bacaa92002aa16332dc801 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc349f36758c15aa52bacaa92002aa16332dc801 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54a17456 by security tracker role at 2024-05-25T08:11:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-5218 (The Reviews and Rating \u2013 Google Reviews plugin for WordPress is v ...) + TODO: check +CVE-2024-4858 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-4045 (The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, ...) + TODO: check +CVE-2024-36079 (An issue was discovered in Vaultize 21.07.27. When uploading files, th ...) + TODO: check +CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sq ...) + TODO: check +CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Exec ...) + TODO: check +CVE-2024-35232 (github.com/huandu/facebook is a Go package that fully supports the Fac ...) + TODO: check CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab (Vulnerable code introduced later) CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) @@ -19901,7 +19919,7 @@ CVE-2024-26745 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/09a3c1e46142199adcee372a420b024b4fc61051 (6.8-rc7) CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Server allo ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.59-1 (bug #1068412) - uwsgi (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5 @@ -19913,13 +19931,13 @@ CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Serve NOTE: packages which are provided by src:apache2 itself. NOTE: https://github.com/unbit/uwsgi/issues/2635 CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious or expl ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 NOTE: https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44 CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4 @@ -55873,7 +55891,7 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802 @@ -78703,7 +78721,7 @@ CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template En CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: Alf.io CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 @@ -347017,6 +347035,7 @@ CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.4 CVE-2019-17568 REJECTED CVE-2019-17567 (Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configu ...) + {DLA-3818-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.48-2 [stretch] - apache2 (Intrusive and risky backport) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54a1745646757b78eb1007dd43941003ea258867 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/co
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52656
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abb96017 by Salvatore Bonaccorso at 2024-05-25T09:44:37+02:00 Remove notes from CVE-2023-52656 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7017,11 +7017,8 @@ CVE-2024-27399 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-27398 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) -CVE-2023-52656 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.85-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1) +CVE-2023-52656 + REJECTED CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb9601745fbbae5fb06e1c2ff9c79d8851e5b4c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb9601745fbbae5fb06e1c2ff9c79d8851e5b4c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5515d4d by Salvatore Bonaccorso at 2024-05-25T08:53:53+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,45 +5,45 @@ CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 a CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) - dolibarr CVE-2024-5312 (PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /ph ...) - TODO: check + NOT-FOR-US: PHP Server Monitor CVE-2024-5310 (A vulnerability classified as problematic has been found in JFinalCMS ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2024-4455 (The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4037 (The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36049 (Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials ...) - TODO: check + NOT-FOR-US: Aptos Wisal payroll accounting CVE-2024-35618 (PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereferen ...) - TODO: check + NOT-FOR-US: PingCAP TiDB CVE-2024-35595 (An arbitrary file upload vulnerability in the File Preview function of ...) - TODO: check + NOT-FOR-US: Xintongda OA CVE-2024-35593 (An arbitrary file upload vulnerability in the File preview function of ...) - TODO: check + NOT-FOR-US: Raingad IM CVE-2024-35592 (An arbitrary file upload vulnerability in the Upload function of Box-I ...) - TODO: check + NOT-FOR-US: Box-IM CVE-2024-35591 (An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers ...) - TODO: check + NOT-FOR-US: O2OA CVE-2024-35396 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35395 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35388 (TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a st ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35387 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35340 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-35339 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-34995 (svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion v ...) - TODO: check + NOT-FOR-US: svnWebUI CVE-2024-33809 (PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulner ...) - TODO: check + NOT-FOR-US: PingCAP TiDB CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows ...) - TODO: check + NOT-FOR-US: AVTECH Room Alert CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...) - TODO: check + NOT-FOR-US: AVTECH Room Alert CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...) TODO: check CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) @@ -51,13 +51,13 @@ CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote atta CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) TODO: check CVE-2023-49575 (A vulnerability has been discovered in VX Search Enterprise affecting ...) - TODO: check + NOT-FOR-US: VX Search Enterprise CVE-2023-49574 (A vulnerability has been discovered in VX Search Enterprise affecting ...) - TODO: check + NOT-FOR-US: VX Search Enterprise CVE-2023-49573 (A vulnerability has been discovered in VX Search Enterprise affecting ...) - TODO: check + NOT-FOR-US: VX Search Enterprise CVE-2023-49572 (A vulnerability has been discovered in VX Search Enterprise affecting ...) - TODO: check + NOT-FOR-US: VX Search Enterprise CVE-2023-47710 (IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2023-46442 (An infinite loop in the retrieveActiveBody function of Soot before v4. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5515d4d1e24a730967061403378de2b411bd97a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security
[Git][security-tracker-team/security-tracker][master] Add two new issues in dolibarr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b3aea02d by Salvatore Bonaccorso at 2024-05-25T08:50:36+02:00 Add two new issues in dolibarr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab (Vulnerable code introduced later) CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) - TODO: check + - dolibarr CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) - TODO: check + - dolibarr CVE-2024-5312 (PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /ph ...) TODO: check CVE-2024-5310 (A vulnerability classified as problematic has been found in JFinalCMS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3aea02d134fd7ee5a0fa8a128f81e6f76defc18 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3aea02d134fd7ee5a0fa8a128f81e6f76defc18 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-5318/gitlab
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47bf90c0 by Salvatore Bonaccorso at 2024-05-25T08:49:08+02:00 Add CVE-2024-5318/gitlab - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - TODO: check + - gitlab (Vulnerable code introduced later) CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) TODO: check CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47bf90c09e0754f1b4c9397f6af849a14c99e724 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47bf90c09e0754f1b4c9397f6af849a14c99e724 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a5dde93 by Salvatore Bonaccorso at 2024-05-25T07:23:57+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,7 +59,7 @@ CVE-2023-49573 (A vulnerability has been discovered in VX Search Enterprise affe CVE-2023-49572 (A vulnerability has been discovered in VX Search Enterprise affecting ...) TODO: check CVE-2023-47710 (IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46442 (An infinite loop in the retrieveActiveBody function of Soot before v4. ...) TODO: check CVE-2023-52880 (In the Linux kernel, the following vulnerability has been resolved: t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a5dde93bae0364d58effb26556a3cd5af94c7e4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a5dde93bae0364d58effb26556a3cd5af94c7e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a200b01 by security tracker role at 2024-05-24T20:12:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,359 +1,423 @@ -CVE-2023-52880 [tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc] +CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) + TODO: check +CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) + TODO: check +CVE-2024-5312 (PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /ph ...) + TODO: check +CVE-2024-5310 (A vulnerability classified as problematic has been found in JFinalCMS ...) + TODO: check +CVE-2024-4455 (The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4037 (The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrar ...) + TODO: check +CVE-2024-36049 (Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials ...) + TODO: check +CVE-2024-35618 (PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereferen ...) + TODO: check +CVE-2024-35595 (An arbitrary file upload vulnerability in the File Preview function of ...) + TODO: check +CVE-2024-35593 (An arbitrary file upload vulnerability in the File preview function of ...) + TODO: check +CVE-2024-35592 (An arbitrary file upload vulnerability in the Upload function of Box-I ...) + TODO: check +CVE-2024-35591 (An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers ...) + TODO: check +CVE-2024-35396 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) + TODO: check +CVE-2024-35395 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) + TODO: check +CVE-2024-35388 (TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a st ...) + TODO: check +CVE-2024-35387 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) + TODO: check +CVE-2024-35340 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) + TODO: check +CVE-2024-35339 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) + TODO: check +CVE-2024-34995 (svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion v ...) + TODO: check +CVE-2024-33809 (PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulner ...) + TODO: check +CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows ...) + TODO: check +CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...) + TODO: check +CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...) + TODO: check +CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) + TODO: check +CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) + TODO: check +CVE-2023-49575 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49574 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49573 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49572 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-47710 (IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site ...) + TODO: check +CVE-2023-46442 (An infinite loop in the retrieveActiveBody function of Soot before v4. ...) + TODO: check +CVE-2023-52880 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.6.8-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/67c37756898a5a6b2941a13ae7260c89b54e0d88 (6.6-rc1) -CVE-2021-47572 [net: nexthop: fix null pointer dereference when IPv6 is not enabled] +CVE-2021-47572 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1c743127cc54b112b155f434756bd4b5fa565a99 (5.16-rc3) -CVE-2021-47571 [staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()] +CVE-2021-47571 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.15-1 [bullseye] - linux 5.10.84-1 [buster
[Git][security-tracker-team/security-tracker][master] Drop notes from rejected Linux CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1295d62d by Salvatore Bonaccorso at 2024-05-24T17:47:21+02:00 Drop notes from rejected Linux CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1668,25 +1668,19 @@ CVE-2023-52825 (In the Linux kernel, the following vulnerability has been resolv - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/709c348261618da7ed89d6c303e2ceb9e453ba74 (6.7-rc1) -CVE-2023-52824 (In the Linux kernel, the following vulnerability has been resolved: k ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/ca0776571d3163bd03b3e8c9e3da936abfaecbf6 (6.7-rc1) +CVE-2023-52824 + REJECTED CVE-2023-52823 REJECTED -CVE-2023-52822 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/06ab64a0d836ac430c5f94669710a78aa43942cb (6.7-rc1) +CVE-2023-52822 + REJECTED CVE-2023-52821 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/924e5814d1f84e6fa5cb19c6eceb69f066225229 (6.7-rc1) -CVE-2023-52820 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/f37d63e219c39199a59b8b8a211412ff27192830 (6.7-rc1) +CVE-2023-52820 + REJECTED CVE-2023-52819 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 @@ -2017,10 +2011,8 @@ CVE-2023-52759 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/4c6a08125f2249531ec01783a5f4317d7342add5 (6.7-rc1) -CVE-2023-52758 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d (6.7-rc1) +CVE-2023-52758 + REJECTED CVE-2023-52757 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1295d62d4515dd21aa67e8ed9c5535bafb732cb2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1295d62d4515dd21aa67e8ed9c5535bafb732cb2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-52880/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c4f0f24f by Salvatore Bonaccorso at 2024-05-24T17:45:24+02:00 Add CVE-2023-52880/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2023-52880 [tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc] + - linux 6.6.8-1 + [bookworm] - linux 6.1.85-1 + [bullseye] - linux 5.10.216-1 + NOTE: https://git.kernel.org/linus/67c37756898a5a6b2941a13ae7260c89b54e0d88 (6.6-rc1) CVE-2021-47572 [net: nexthop: fix null pointer dereference when IPv6 is not enabled] - linux 5.15.15-1 [bullseye] - linux 5.10.84-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f0f24f3c093ed5648103fb75fa43b1ba68475d -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f0f24f3c093ed5648103fb75fa43b1ba68475d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8b2075c by Salvatore Bonaccorso at 2024-05-24T17:33:15+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,358 @@ +CVE-2021-47572 [net: nexthop: fix null pointer dereference when IPv6 is not enabled] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1c743127cc54b112b155f434756bd4b5fa565a99 (5.16-rc3) +CVE-2021-47571 [staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/b535917c51acc97fb0761b1edec85f1f3d02bda4 (5.16-rc3) +CVE-2021-47570 [staging: r8188eu: fix a memory leak in rtw_wx_read32()] + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/be4ea8f383551b9dae11b8dfff1f38b3b5436e9a (5.16-rc3) +CVE-2021-47569 [io_uring: fail cancellation for EXITING tasks] + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/617a89484debcd4e7999796d693cf0b77d2519de (5.16-rc3) +CVE-2021-47568 [ksmbd: fix memleak in get_file_stream_info()] + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/178ca6f85aa3231094467691f5ea1ff2f398aa8d (5.16-rc3) +CVE-2021-47567 [powerpc/32: Fix hardlockup on vmap stack overflow] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5bb60ea611db1e04814426ed4bd1c95d1487678e (5.16-rc3) +CVE-2021-47566 [proc/vmcore: fix clearing user buffer by properly using clear_user()] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/c1e63117711977cc4295b2ce73de29dd17066c82 (5.16-rc2) +CVE-2021-47565 [scsi: mpt3sas: Fix kernel panic during drive powercycle test] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/0ee4ba13e09c9d9c1cb6abb59da8295d9952328b (5.16-rc3) +CVE-2021-47564 [net: marvell: prestera: fix double free issue on err path] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e8d032507cb7912baf1d3e0af54516f823befefd (5.16-rc3) +CVE-2021-47563 [ice: avoid bpf_prog refcount underflow] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f65ee535df775a13a1046c0a0b2d72db342f8a5b (5.16-rc3) +CVE-2021-47562 [ice: fix vsi->txq_map sizing] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/792b2086584f25d84081a526beee80d103c2a913 (5.16-rc3) +CVE-2021-47561 [i2c: virtio: disable timeout handling] + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/84e1d0bf1d7121759622dabf8fbef4c99ad597c5 (5.16-rc3) +CVE-2021-47560 [mlxsw: spectrum: Protect driver from buggy firmware] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047 (5.16-rc3) +CVE-2021-47559 [net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/587acad41f1bc48e16f42bb2aca63bf323380be8 (5.16-rc3) +CVE-2021-47558 [net: stmmac: Disable Tx queues when reconfiguring the interface] + - linux 5.15.15-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b270bfe697367776eca2e6759a71d700fb8d82a2 (5.16-rc3) +CVE-2021-47557 [net/sched: sch_ets: don't peek at classes beyond 'nbands'] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/de6d25924c2a8c2988c6a385990cafbe742061bf (5.16-rc3) +CVE-2021-47556 [ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()] + - li
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52823
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9d5c2a0 by Salvatore Bonaccorso at 2024-05-24T17:17:20+02:00 Remove notes from CVE-2023-52823 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1312,10 +1312,8 @@ CVE-2023-52824 (In the Linux kernel, the following vulnerability has been resolv - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/ca0776571d3163bd03b3e8c9e3da936abfaecbf6 (6.7-rc1) -CVE-2023-52823 (In the Linux kernel, the following vulnerability has been resolved: k ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/569c8d82f95eb5993c84fb61a649a9c4ddd208b3 (6.7-rc1) +CVE-2023-52823 + REJECTED CVE-2023-52822 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d5c2a0b6274435794fda7d9d6eb149c8b95d5c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d5c2a0b6274435794fda7d9d6eb149c8b95d5c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-5274 in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95446059 by Salvatore Bonaccorso at 2024-05-24T17:13:38+02:00 Track fixed version for CVE-2024-5274 in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -87,7 +87,7 @@ CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticat CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...) NOT-FOR-US: zzdevelop lenosp CVE-2024-5274 - - chromium + - chromium 125.0.6422.112-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95446059e99bf8c6a1240ec05161403933dc4402 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95446059e99bf8c6a1240ec05161403933dc4402 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb4a9746 by security tracker role at 2024-05-24T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2024-5299 (D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code E ...) + TODO: check +CVE-2024-5298 (D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method ...) + TODO: check +CVE-2024-5297 (D-Link D-View executeWmicCmd Command Injection Remote Code Execution V ...) + TODO: check +CVE-2024-5296 (D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypas ...) + TODO: check +CVE-2024-5295 (D-Link G416 flupl self Command Injection Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-5294 (D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Ser ...) + TODO: check +CVE-2024-5293 (D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code E ...) + TODO: check +CVE-2024-5292 (D-Link Network Assistant Uncontrolled Search Path Element Local Privil ...) + TODO: check +CVE-2024-5291 (D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code ...) + TODO: check +CVE-2024-5279 (A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been de ...) + TODO: check +CVE-2024-5247 (NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted F ...) + TODO: check +CVE-2024-5246 (NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution ...) + TODO: check +CVE-2024-5245 (NETGEAR ProSAFE Network Management System Default Credentials Local Pr ...) + TODO: check +CVE-2024-5244 (TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerabili ...) + TODO: check +CVE-2024-5243 (TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerabilit ...) + TODO: check +CVE-2024-5242 (TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution ...) + TODO: check +CVE-2024-5228 (TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer O ...) + TODO: check +CVE-2024-5227 (TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Ex ...) + TODO: check +CVE-2024-5205 (The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-5142 (Stored Cross-Site Scripting vulnerability in Social Module in M-Files ...) + TODO: check +CVE-2024-5060 (The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Ele ...) + TODO: check +CVE-2024-4544 (The Pie Register - Social Sites Login (Add on) plugin for WordPress is ...) + TODO: check +CVE-2024-4485 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-4484 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-4409 (The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Reques ...) + TODO: check +CVE-2024-4366 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...) + TODO: check +CVE-2024-3718 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-3557 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) + TODO: check +CVE-2024-36361 (Pug through 3.0.2 allows JavaScript code execution if an application a ...) + TODO: check +CVE-2024-2784 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2618 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-1376 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...) + TODO: check +CVE-2024-1332 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress i ...) + TODO: check +CVE-2024-1134 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-0893 (The Schema App Structured Data plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticated Ho ...) + TODO: check +CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...) + TODO: check CVE-2024-5274 - chromium [bullseye] - chromium (see #1061268) @@ -90230,8 +90304,8 @@ CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System NOT-FOR-US: SourceCodester Simple Payroll System CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload Contac ...) NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form -CVE-2023- - RESERVED +CVE-2
[Git][security-tracker-team/security-tracker][master] Add new round of chromium update required
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0218f529 by Salvatore Bonaccorso at 2024-05-24T07:34:05+02:00 Add new round of chromium update required - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-5274 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) NOT-FOR-US: Thales Luna EFT CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- cacti -- +chromium (dilinger) +-- dnsdist (jmm) -- dnsmasq View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0218f529b75e5bba4a9474d5633aca3a220fe7fa -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0218f529b75e5bba4a9474d5633aca3a220fe7fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52793
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f4f2aed7 by Salvatore Bonaccorso at 2024-05-24T06:45:39+02:00 Remove notes from CVE-2023-52793 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1377,12 +1377,8 @@ CVE-2023-52794 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7 (6.7-rc1) -CVE-2023-52793 (In the Linux kernel, the following vulnerability has been resolved: s ...) - - linux 6.6.8-1 - [bookworm] - linux (Vulnerable code not present) - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) - NOTE: https://git.kernel.org/linus/9220c3ef6fefbf18f24aeedb1142a642b3de0596 (6.7-rc1) +CVE-2023-52793 + REJECTED CVE-2023-52792 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f2aed7ac2e1cd4bf2118046551f0aa5a0abbcc -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f2aed7ac2e1cd4bf2118046551f0aa5a0abbcc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add gst-plugins-base1.0 to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3dbcdf94 by Salvatore Bonaccorso at 2024-05-23T23:19:53+02:00 Add gst-plugins-base1.0 to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -25,6 +25,8 @@ git -- gpac/oldstable -- +gst-plugins-base1.0 (carnil) +-- h2o (jmm) -- libreswan (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dbcdf942be6382a97ae3df453e473b5f44bb5c6 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dbcdf942be6382a97ae3df453e473b5f44bb5c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2024-4453
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7d9585a by Salvatore Bonaccorso at 2024-05-23T23:18:52+02:00 Update information for CVE-2024-4453 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -253,10 +253,12 @@ CVE-2024-4563 (The Progress MOVEit Automation configuration export function prio CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) NOT-FOR-US: WithSecure Elements Endpoint Protection CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) - - gst-plugins-base1.0 + - gst-plugins-base1.0 1.24.3-1 - gst-plugins-base0.10 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483 - NOTE: Fixed by: https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 + NOTE: Backport: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6768 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e33578a3c2b85a68962003bd053abda9409e73a2 (1.24.3) CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7d9585a4f396b6e19be0064cfccd8d212403672 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7d9585a4f396b6e19be0064cfccd8d212403672 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3708/lighttpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f7d537a by Salvatore Bonaccorso at 2024-05-23T22:51:32+02:00 Add CVE-2024-3708/lighttpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -165,7 +165,8 @@ CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise an CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) NOT-FOR-US: WordPress plugin CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) - TODO: check + - lighttpd + TODO: check, maybe fixed in 1.4.51, details will be only pubished on July 9th, 2024 CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f7d537a1de2da348450218e59b57179909d7449 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f7d537a1de2da348450218e59b57179909d7449 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two new issues for gitoxide, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c097e27 by Salvatore Bonaccorso at 2024-05-23T22:50:59+02:00 Add two new issues for gitoxide, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,9 +39,9 @@ CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distribut CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...) TODO: check CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...) - TODO: check + - rust-gitoxide (bug #1043208) CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) - TODO: check + - rust-gitoxide (bug #1043208) CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c097e273b026ca8fd6fc2d3398019cca7639216 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c097e273b026ca8fd6fc2d3398019cca7639216 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a697d4d by Salvatore Bonaccorso at 2024-05-23T22:50:16+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,15 +23,15 @@ CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cros CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3997 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35570 (An arbitrary file upload vulnerability in the component \controller\Im ...) - TODO: check + NOT-FOR-US: inxedu CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...) TODO: check CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...) @@ -43,57 +43,57 @@ CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetch CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) TODO: check CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35086 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35085 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35084 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35083 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35082 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35081 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file delet ...) - TODO: check + NOT-FOR-US: LuckyFrameWeb CVE-2024-35080 (An arbitrary file upload vulnerability in the gok4 method of inxedu v2 ...) - TODO: check + NOT-FOR-US: inxedu CVE-2024-35079 (An arbitrary file upload vulnerability in the uploadAudio method of in ...) - TODO: check + NOT-FOR-US: inxedu CVE-2024-34936 (A SQL injection vulnerability in /view/event1.php in Campcodes Complet ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34935 (A SQL injection vulnerability in /view/conversation_history_admin.php ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34934 (A SQL injection vulnerability in /view/emarks_range_grade_update_form. ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34933 (A SQL injection vulnerability in /model/update_grade.php in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34932 (A SQL injection vulnerability in /model/update_exam.php in Campcodes C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34931 (A SQL injection vulnerability in /model/update_subject.php in Campcode ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34930 (A SQL injection vulnerability in /model/all_events1.php in Campcodes C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34929 (A SQL injection vulnerability in /view/find_friends.php in Campcodes C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_routing.php in ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34927 (A SQL injection vulnerability in /model/update_classroom.php in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4453/gst-plugins-base*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 635a6b40 by Salvatore Bonaccorso at 2024-05-23T22:38:39+02:00 Add CVE-2024-4453/gst-plugins-base* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -252,7 +252,10 @@ CVE-2024-4563 (The Progress MOVEit Automation configuration export function prio CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) NOT-FOR-US: WithSecure Elements Endpoint Protection CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) - TODO: check + - gst-plugins-base1.0 + - gst-plugins-base0.10 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483 + NOTE: Fixed by: https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/635a6b400f6557215328d1353de59b18abd58043 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/635a6b400f6557215328d1353de59b18abd58043 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7487454e by Salvatore Bonaccorso at 2024-05-23T22:33:44+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) - TODO: check + NOT-FOR-US: Thales Luna EFT CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) TODO: check CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...) @@ -11,17 +11,17 @@ CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio co CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...) TODO: check CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...) - TODO: check + NOT-FOR-US: HP CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5084 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4779 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) TODO: check CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7487454e30ef95a97c527d8cc49ecb61d5ebced6 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7487454e30ef95a97c527d8cc49ecb61d5ebced6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: def2256a by security tracker role at 2024-05-23T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) + TODO: check +CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) + TODO: check +CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...) + TODO: check +CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an authenticated ...) + TODO: check +CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio codec a ...) + TODO: check +CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...) + TODO: check +CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...) + TODO: check +CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) + TODO: check +CVE-2024-5084 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) + TODO: check +CVE-2024-4779 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...) + TODO: check +CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3997 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-35570 (An arbitrary file upload vulnerability in the component \controller\Im ...) + TODO: check +CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...) + TODO: check +CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...) + TODO: check +CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...) + TODO: check +CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...) + TODO: check +CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...) + TODO: check +CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) + TODO: check +CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35086 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35085 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35084 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35083 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35082 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35081 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file delet ...) + TODO: check +CVE-2024-35080 (An arbitrary file upload vulnerability in the gok4 method of inxedu v2 ...) + TODO: check +CVE-2024-35079 (An arbitrary file upload vulnerability in the uploadAudio method of in ...) + TODO: check +CVE-2024-34936 (A SQL injection vulnerability in /view/event1.php in Campcodes Complet ...) + TODO: check +CVE-2024-34935 (A SQL injection vulnerability in /view/conversation_history_admin.php ...) + TODO: check +CVE-2024-34934 (A SQL injection vulnerability in /view/emarks_range_grade_update_form. ...) + TODO: check +CVE-2024-34933 (A SQL injection vulnerability in /model/update_grade.php in Campcodes ...) + TODO: check +CVE-2024-34932 (A SQL injection vulnerability in /model/update_exam.php in Campcodes C ...) + TODO: check +CVE-2024-34931 (A SQL injection vulnerability in /model/update_subject.php in Campcode ...) + TODO: check +CVE-2024-34930 (A SQL injection vulnerability in /model/all_events1.php in Campcodes C ...) + TODO: check +CVE-2024-34929 (A SQL injection vulnerability in /view/find_friends.php in Campcodes C ...) + TODO: check +CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_rou
[Git][security-tracker-team/security-tracker][master] Sync Linux CVE rejections with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0280e776 by Salvatore Bonaccorso at 2024-05-23T16:03:16+02:00 Sync Linux CVE rejections with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2424,10 +2424,8 @@ CVE-2021-47325 (In the Linux kernel, the following vulnerability has been resolv - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 NOTE: https://git.kernel.org/linus/7c8f176d6a3fa18aa0f8875da6f7c672ed2a8554 (5.14-rc1) -CVE-2021-47326 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux 5.14.6-1 - [bullseye] - linux 5.10.70-1 - NOTE: https://git.kernel.org/linus/2beb4a53fc3f1081cedc1c1a198c7f56cc4fc60c (5.14-rc1) +CVE-2021-47326 + REJECTED CVE-2021-47327 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 @@ -3277,9 +3275,8 @@ CVE-2024-35907 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f7442a634ac06b953fc1f7418f307b25acd4cfbc (6.9-rc2) -CVE-2024-35906 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux 6.8.9-1 - NOTE: https://git.kernel.org/linus/f341055b10bd8be55c3c995dff5f770b236b8ca9 (6.9-rc1) +CVE-2024-35906 + REJECTED CVE-2024-35905 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.8.9-1 [bookworm] - linux 6.1.85-1 @@ -3412,9 +3409,8 @@ CVE-2024-35882 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/05258a0a69b3c5d2c003f818702c0a52b6fea861 (6.9-rc3) -CVE-2024-35881 (In the Linux kernel, the following vulnerability has been resolved: R ...) - - linux 6.8.9-1 - NOTE: https://git.kernel.org/linus/3a6a32b31a111f6e66526fb2d3cb13a876465076 (6.9-rc1) +CVE-2024-35881 + REJECTED CVE-2024-35880 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.8.9-1 [bookworm] - linux (Vulnerable code not present) @@ -3435,11 +3431,8 @@ CVE-2024-35877 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/04c35ab3bdae7fefbd7c7a7355f29fa03a035221 (6.9-rc3) -CVE-2024-35876 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux 6.8.9-1 - [bookworm] - linux 6.1.85-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/3ddf944b32f88741c303f0b21459dbb3872b8bc5 (6.9-rc3) +CVE-2024-35876 + REJECTED CVE-2024-35875 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.8.9-1 [bookworm] - linux 6.1.85-1 @@ -22642,12 +22635,8 @@ CVE-2024-2883 (Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 a - chromium 123.0.6312.86-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-26650 (In the Linux kernel, the following vulnerability has been resolved: p ...) - - linux 6.6.15-1 - [bookworm] - linux 6.1.76-1 - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) - NOTE: https://git.kernel.org/linus/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b (6.8-rc2) +CVE-2024-26650 + REJECTED CVE-2024-26649 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0280e7766c9d98d6e2ff0561dfc2b8814aae4f01 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0280e7766c9d98d6e2ff0561dfc2b8814aae4f01 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09303ea8 by Salvatore Bonaccorso at 2024-05-23T10:53:23+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,67 +1,67 @@ CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...) - TODO: check + NOT-FOR-US: Huashi Private Cloud CDN Live Streaming Acceleration Server CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5239 (A vulnerability has been found in Campcodes Complete Web-Based School ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5238 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5237 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5236 (A vulnerability classified as critical was found in Campcodes Complete ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5235 (A vulnerability classified as critical has been found in Campcodes Com ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5234 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5233 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5232 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5231 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5230 (A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and ...) - TODO: check + NOT-FOR-US: EnvaySoft FleetCart CVE-2024-5177 (The Hash Elements plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4978 (Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious bin ...) - TODO: check + NOT-FOR-US: Justice AV Solutions Viewer Setup CVE-2024-4895 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4783 (The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4706 (The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4662 (The Oxygen Builder plugin for WordPress is vulnerable to Remote Code E ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...) TODO: check CVE-2024-4388 (This does not validate a path generated with user input when download ...) TODO: check CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3920 (The Flattr WordPress plugin through 1.2.2 does not sanitise and escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3918 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a r
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f3b5d6a by security tracker role at 2024-05-23T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,12 +1,106 @@ -CVE-2024-36013 [Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()] +CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...) + TODO: check +CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5239 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-5238 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-5237 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-5236 (A vulnerability classified as critical was found in Campcodes Complete ...) + TODO: check +CVE-2024-5235 (A vulnerability classified as critical has been found in Campcodes Com ...) + TODO: check +CVE-2024-5234 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5233 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5232 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5231 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5230 (A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and ...) + TODO: check +CVE-2024-5177 (The Hash Elements plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-4978 (Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious bin ...) + TODO: check +CVE-2024-4895 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) + TODO: check +CVE-2024-4783 (The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4706 (The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for Wor ...) + TODO: check +CVE-2024-4662 (The Oxygen Builder plugin for WordPress is vulnerable to Remote Code E ...) + TODO: check +CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...) + TODO: check +CVE-2024-4388 (This does not validate a path generated with user input when download ...) + TODO: check +CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...) + TODO: check +CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3920 (The Flattr WordPress plugin through 1.2.2 does not sanitise and escape ...) + TODO: check +CVE-2024-3918 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) + TODO: check +CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) + TODO: check +CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) + TODO: check +CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) + TODO: check +CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-3594 (The IDonate WordPress plugin through 1.9.0 does not sanitise and esca ...) + TODO: check +CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugi ...) + TODO: check +CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not sanitise a ...) + TODO: check +CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...) + TODO: check +CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for Microsoft Wi ...) + TODO: check +CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users to read b ...) + TODO: check +CVE-2024-29851 (Veeam Backup Enterprise Manager allows high-privileged users to steal ...) + TODO: check +CVE-2024-29850 (Veeam Backup Enterprise Manager allows account takeover via NTLM relay ...) + TODO: check +CVE-2024-29849 (Veeam Backup En
[Git][security-tracker-team/security-tracker][master] Add three new Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4dfb9e97 by Salvatore Bonaccorso at 2024-05-23T09:29:13+02:00 Add three new Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2024-36013 [Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()] + - linux + NOTE: https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9) +CVE-2024-36012 [Bluetooth: msft: fix slab-use-after-free in msft_do_close()] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9) +CVE-2024-36011 [Bluetooth: HCI: Fix potential null-ptr-deref] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d2706004a1b8b526592e823d7e52551b518a7941 (6.9) CVE-2024-1947 - gitlab NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfb9e970152c57c5b74b8043047e1d90842010f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfb9e970152c57c5b74b8043047e1d90842010f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new gitlab issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e04de21 by Salvatore Bonaccorso at 2024-05-23T08:39:25+02:00 Add new gitlab issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,18 @@ +CVE-2024-1947 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ +CVE-2023-6502 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ +CVE-2023-7045 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ +CVE-2024-2874 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ +CVE-2024-4835 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...) NOT-FOR-US: Arris VAP2500 CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e04de211693b610f329e2b47e1a9a5eddba1706 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e04de211693b610f329e2b47e1a9a5eddba1706 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ce7c83bd by Salvatore Bonaccorso at 2024-05-22T22:49:20+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,65 +33,65 @@ CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attacker CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) NOT-FOR-US: WordPress plugin CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) - TODO: check + NOT-FOR-US: Qlik Sense Enterprise for Windows CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...) TODO: check CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35559 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35558 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35557 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35556 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-3 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35554 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35553 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35552 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35551 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35550 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35475 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Op ...) TODO: check CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.) TODO: check CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/arti ...) - TODO: check + NOT-FOR-US: Ecshop CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV export.) - TODO: check + NOT-FOR-US: Ghost CMS CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software Corp SEG ...) - TODO: check + NOT-FOR-US: Insyde CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 ...) - TODO: check + NOT-FOR-US: Nicomsoft WinI2C/DDC CVE-2024-33226 (An issue in the component Access64.sys of Wistron Corporation TBT Forc ...) - TODO: check + NOT-FOR-US: Wistron Corporation TBT Force Power Control CVE-2024-33225 (An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp R ...) - TODO: check + NOT-FOR-US: Realtek Semiconductor Corp Realtek High Definition Audio Function Driver CVE-2024-33224 (An issue in the component rtkio64.sys of Realtek Semiconductor Corp Re ...) - TODO: check + NOT-FOR-US: Realtek Semiconductor Corp Realtek lO Driver CVE-2024-33223 (An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33222 (An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS AT ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33221 (An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS B ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33220 (An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33219 (An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABE ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33218 (An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS US ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-31904 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr
[Git][security-tracker-team/security-tracker][master] 2 commits: Revert "Reference fix for CVE-2024-4068/node-braces"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92ff20ed by Salvatore Bonaccorso at 2024-05-22T22:40:14+02:00 Revert Reference fix for CVE-2024-4068/node-braces This reverts commit ceeb6abf3bc08c2c81e86de151967575d3014f5a. For now revert this reference. It is not fully clear following upstream issue #35. - - - - - 28e43f48 by Salvatore Bonaccorso at 2024-05-22T22:44:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,37 +1,37 @@ CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...) - TODO: check + NOT-FOR-US: Arris VAP2500 CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...) - TODO: check + NOT-FOR-US: Arris VAP2500 CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...) - TODO: check + NOT-FOR-US: Arris VAP2500 CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...) - TODO: check + NOT-FOR-US: Ritlabs TinyWeb Server CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...) TODO: check CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4896 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4563 (The Progress MOVEit Automation configuration export function prior to ...) - TODO: check + NOT-FOR-US: Progress MOVEit CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) - TODO: check + NOT-FOR-US: WithSecure Elements Endpoint Protection CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) TODO: check CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) TODO: check CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) @@ -6062,7 +6062,6 @@ CVE-2024-4068 (The NPM package `braces`, versions prior to 3.0.3, fails to limit [bullseye] - node-braces (Minor issue) [buster] - node-braces (Minor issue) NOTE: https://github.com/micromatch/braces/issues/35 - NOTE: Fixed by: https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3 (3.0.3) CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) - node-micromatch (bug #1071631) [bookworm] - node-micromatch (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3cd6eea96a9394cdebf3d0676b09441fb9b757b...28e43f48d5033bc8741d5dc9fe7e923925be27b4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3cd6eea96a9394cdebf3d0676b09441fb9b757b...28e43f48d5033bc8741d5dc9fe7e923925be27b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3cd6eea by Salvatore Bonaccorso at 2024-05-22T22:30:19+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -93,13 +93,13 @@ CVE-2024-33219 (An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASU CVE-2024-33218 (An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS US ...) TODO: check CVE-2024-31904 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31895 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31894 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31893 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31617 (OpenLiteSpeed before 1.8.1 mishandles chunked encoding.) TODO: check CVE-2024-2036 (The ApplyOnline \u2013 Application Form Builder and Manager plugin for ...) @@ -109,7 +109,7 @@ CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Ove CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via Cl ...) TODO: check CVE-2024-27264 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-25738 (A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/Fix ...) TODO: check CVE-2024-25737 (A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3cd6eea96a9394cdebf3d0676b09441fb9b757b -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3cd6eea96a9394cdebf3d0676b09441fb9b757b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-4642
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 753ce9f1 by Salvatore Bonaccorso at 2024-05-22T22:26:31+02:00 Remove notes from CVE-2024-4642 CVE got rejected byt the assigning CNA (but without specific reason mentioned). - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4917,7 +4917,6 @@ CVE-2024-4733 (The ShiftController Employee Shift Scheduling plugin is vulnerabl NOT-FOR-US: WordPress plugin CVE-2024-4642 REJECTED - NOT-FOR-US: wandb CVE-2024-4635 (The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-4634 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753ce9f1aa7db7499b940476bf6e37b20cdbd0e5 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753ce9f1aa7db7499b940476bf6e37b20cdbd0e5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2024-4068/node-braces
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ceeb6abf by Salvatore Bonaccorso at 2024-05-22T22:24:10+02:00 Reference fix for CVE-2024-4068/node-braces Note this is in upstream 3.0.3. Checking 3.0.3+~3.0.4-1 though the code is not inclued. What is 3.0.3+~3.0.4 refering to? This needs double-checking to see if the issue was fixed in the last upload to unstable. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6063,6 +6063,7 @@ CVE-2024-4068 (The NPM package `braces`, versions prior to 3.0.3, fails to limit [bullseye] - node-braces (Minor issue) [buster] - node-braces (Minor issue) NOTE: https://github.com/micromatch/braces/issues/35 + NOTE: Fixed by: https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3 (3.0.3) CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) - node-micromatch (bug #1071631) [bookworm] - node-micromatch (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceeb6abf3bc08c2c81e86de151967575d3014f5a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceeb6abf3bc08c2c81e86de151967575d3014f5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3dd5fc42 by security tracker role at 2024-05-22T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,138 @@ -CVE-2024-36010 [igb: Fix string truncation warnings in igb_set_fw_version] +CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...) + TODO: check +CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...) + TODO: check +CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...) + TODO: check +CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...) + TODO: check +CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...) + TODO: check +CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...) + TODO: check +CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-4896 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-4563 (The Progress MOVEit Automation configuration export function prior to ...) + TODO: check +CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) + TODO: check +CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) + TODO: check +CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) + TODO: check +CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) + TODO: check +CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...) + TODO: check +CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) + TODO: check +CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...) + TODO: check +CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35559 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35558 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35557 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35556 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-3 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35554 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35553 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35552 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35551 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35550 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35475 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Op ...) + TODO: check +CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.) + TODO: check +CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/arti ...) + TODO: check +CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV export.) + TODO: check +CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software Corp SEG ...) + TODO: check +CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 ...) + TODO: check +CVE-2024-33226 (An issue in the component Access64.sys of Wistron Corporation TBT Forc ...) + TODO: check +CVE-2024-33225 (An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp R ...) + TODO: check +CVE-2024-33224 (An issue in the compo
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36010/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 56d06d90 by Salvatore Bonaccorso at 2024-05-22T16:15:50+02:00 Add CVE-2024-36010/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-36010 [igb: Fix string truncation warnings in igb_set_fw_version] + - linux 6.8.9-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c56d055893cbe97848611855d1c97d0ab171eccc (6.8-rc5) CVE-2024- [Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes] - roundcube 1.6.7+dfsg-1 (bug #1071474) NOTE: https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56d06d909d0f477fed3534b2df72e836f1e37652 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56d06d909d0f477fed3534b2df72e836f1e37652 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52830
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3bccdeab by Salvatore Bonaccorso at 2024-05-22T16:06:15+02:00 Remove notes from CVE-2023-52830 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -811,12 +811,8 @@ CVE-2023-52831 (In the Linux kernel, the following vulnerability has been resolv - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/38685e2a0476127db766f81b1c06019ddc4c9ffa (6.7-rc1) -CVE-2023-52830 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - [bullseye] - linux 5.10.205-1 - [buster] - linux 4.19.304-1 - NOTE: https://git.kernel.org/linus/a85fb91e3d728bdfc80833167e8162cce8bc7004 (6.7-rc1) +CVE-2023-52830 + REJECTED CVE-2023-52829 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.6.8-1 NOTE: https://git.kernel.org/linus/b302dce3d9edea5b93d1902a541684a967f3c63c (6.7-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bccdeabf87ca182b40fc0934c5fc412e667dbf2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bccdeabf87ca182b40fc0934c5fc412e667dbf2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two tempoary entries for roundcube
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ab8509b by Salvatore Bonaccorso at 2024-05-22T13:59:07+02:00 Add two tempoary entries for roundcube I excluded the windows only one. If there will be CVEs assigned for all three we can then track as well the last one. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024- [Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes] + - roundcube 1.6.7+dfsg-1 (bug #1071474) + NOTE: https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f +CVE-2024- [Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences] + - roundcube 1.6.7+dfsg-1 (bug #1071474) + NOTE: https://github.com/roundcube/roundcubemail/commit/9ca8aa6680c579132e0d1fa59447df8d524ec91c CVE-2021-47498 [dm rq: don't queue request to blk-mq during DM suspend] - linux 5.14.16-1 NOTE: https://git.kernel.org/linus/b4459b11e84092658fa195a2587aff3b9637f0e7 (5.15-rc6) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab8509bb8e129d120a84dca6d97d7f21c390fb7 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ab8509bb8e129d120a84dca6d97d7f21c390fb7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track chromium fixes via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e25cc9c2 by Salvatore Bonaccorso at 2024-05-22T12:36:07+02:00 Track chromium fixes via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -387,19 +387,19 @@ CVE-2024-5148 - gnome-remote-desktop (Vulnerable code only in 46 series) NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196 CVE-2024-5160 - - chromium + - chromium 125.0.6422.76-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-5159 - - chromium + - chromium 125.0.6422.76-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-5158 - - chromium + - chromium 125.0.6422.76-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-5157 - - chromium + - chromium 125.0.6422.76-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4988 (The mobile application (com.transsion.videocallenhancer) interface has ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e25cc9c2391b5c20f244b74f68048ec68408d0eb -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e25cc9c2391b5c20f244b74f68048ec68408d0eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ecfc3181 by Salvatore Bonaccorso at 2024-05-22T10:59:02+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,119 @@ +CVE-2021-47498 [dm rq: don't queue request to blk-mq during DM suspend] + - linux 5.14.16-1 + NOTE: https://git.kernel.org/linus/b4459b11e84092658fa195a2587aff3b9637f0e7 (5.15-rc6) +CVE-2021-47497 [nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 (5.15-rc6) +CVE-2021-47496 [net/tls: Fix flipped sign in tls_err_abort() calls] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/da353fac65fede6b8b4cfe207f0d9408e3121105 (5.15) +CVE-2021-47495 [usbnet: sanity check for maxpacket] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/397430b50a363d8b7bdda00522123f82df6adc5e (5.15-rc7) +CVE-2021-47494 [cfg80211: fix management registrations locking] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/09b1d5dc6ce1c9151777f6c4e128a59457704c97 (5.15) +CVE-2021-47493 [ocfs2: fix race between searching chunks and release journal_head from buffer_head] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/6f1b228529ae49b0f85ab89bcdb6c365df401558 (5.15) +CVE-2021-47492 [mm, thp: bail out early in collapse_file for writeback page] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/74c42e1baacf206338b1dd6b6199ac964512b5bb (5.15) +CVE-2021-47491 [mm: khugepaged: skip huge page collapse for special files] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a4aeaa06d45e90f9b279f0b09de84bd6e733 (5.15) +CVE-2021-47490 [drm/ttm: fix memleak in ttm_transfered_destroy] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/0db55f9a1bafbe3dac750ea669de9134922389b5 (5.15) +CVE-2021-47489 [drm/amdgpu: Fix even more out of bound writes from debugfs] + - linux 5.15.3-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3f4e54bd312d3dafb59daf2b97ffa08abebe60f5 (5.15) +CVE-2021-47488 [cgroup: Fix memory leak caused by missing cgroup_bpf_offline] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/04f8ef5643bcd8bcde25dfdebef998aea480b2ba (5.15) +CVE-2021-47487 [drm/amdgpu: fix out of bounds write] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/5afa7898ab7a0ec9c28556a91df714bf3c2f725e (5.15) +CVE-2021-47486 [riscv, bpf: Fix potential NULL dereference] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/27de809a3d83a6199664479ebb19712533d6fd9b (5.15) +CVE-2021-47485 [IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/d39bf40e55e666b5905fdbd46a0dced030ce87be (5.15) +CVE-2021-47484 [octeontx2-af: Fix possible null pointer dereference.] + - linux 5.15.3-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c2d4c543f74c90f883e8ec62a31973ae8807d354 (5.15) +CVE-2021-47483 [regmap: Fix possible double-free in regcache_rbtree_exit()] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/55e6d8037805b3400096d621091dfbf713f97e83 (5.15) +CVE-2021-47482 [net: batman-adv: fix error handling] + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/6f68cd634856f8ca93bafd623ba5357e0f648c68 (5.15) +CVE-2021-47481 [RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR] + - linux 5.15.3-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5508546631a0f555d7088203dec2614e41b5106e (5.15) +CVE
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1876ffd6 by security tracker role at 2024-05-22T08:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,192 +1,268 @@ -CVE-2021-47473 [scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()] +CVE-2024-5190 + REJECTED +CVE-2024-5147 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...) + TODO: check +CVE-2024-5092 (The Elegant Addons for elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5040 (There are multiple ways in LCDS LAquis SCADA for an attacker to acces ...) + TODO: check +CVE-2024-4980 (The WPKoi Templates for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-4971 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4443 (The Business Directory Plugin \u2013 Easy Listing Directories for Word ...) + TODO: check +CVE-2024-4157 (The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & D ...) + TODO: check +CVE-2024-3927 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-3671 (The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-3666 (The Opal Estate Pro \u2013 Property Management and Submission plugin f ...) + TODO: check +CVE-2024-3663 (The WP Scraper plugin for WordPress is vulnerable to unauthorized acce ...) + TODO: check +CVE-2024-3611 (The Toolbar Extras for Elementor & More \u2013 WordPress Admin Bar Enh ...) + TODO: check +CVE-2024-3519 (The Media Library Assistant plugin for WordPress is vulnerable to Refl ...) + TODO: check +CVE-2024-3518 (The Media Library Assistant plugin for WordPress is vulnerable to SQL ...) + TODO: check +CVE-2024-3198 (The WP Font Awesome Share Icons plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-3066 (The Elegant Addons for elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-35220 (@fastify/session is a session plugin for fastify. Requires the @fastif ...) + TODO: check +CVE-2024-35162 (Path traversal vulnerability exists in Download Plugins and Themes fro ...) + TODO: check +CVE-2024-32988 ('OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App ...) + TODO: check +CVE-2024-31396 (Code injection vulnerability exists in a-blog cms Ver.3.1.x series ver ...) + TODO: check +CVE-2024-31395 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...) + TODO: check +CVE-2024-31394 (Directory traversal vulnerability exists in a-blog cms Ver.3.1.x serie ...) + TODO: check +CVE-2024-31340 (TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prio ...) + TODO: check +CVE-2024-30420 (Server-side request forgery (SSRF) vulnerability exists in a-blog cms ...) + TODO: check +CVE-2024-30419 (Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x seri ...) + TODO: check +CVE-2024-2953 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-2163 (The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vu ...) + TODO: check +CVE-2024-2119 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to Re ...) + TODO: check +CVE-2024-2088 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...) + TODO: check +CVE-2024-21683 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) + TODO: check +CVE-2024-1762 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...) + TODO: check +CVE-2024-1446 (The NextScripts: Social Networks Auto-Poster plugin for WordPress is v ...) + TODO: check +CVE-2024-0632 (The Automatic Translator with Google Translate plugin for WordPress is ...) + TODO: check +CVE-2024-0453 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized modi ...) + TODO: check +CVE-2024-0452 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized modi ...) + TODO: check +CVE-2024-0451 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized acce ...) + TODO: check +CVE-2023-6487 (The LuckyWP Table of Contents plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2021-47473 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 NOTE: https://git.kernel.org/linus/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad (5.15-rc7) -CVE-2021-47472 [net: mdiobus: Fix memory leak in __mdiobus_regist
[Git][security-tracker-team/security-tracker][master] Add commit reference for CVE-2024-3044/libreoffice
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 85877b1d by Salvatore Bonaccorso at 2024-05-22T09:19:09+02:00 Add commit reference for CVE-2024-3044/libreoffice - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5045,6 +5045,7 @@ CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in affecte {DSA-5690-1} - libreoffice 4:24.2.3~rc1-2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/ + NOTE: https://git.libreoffice.org/core/+/8b2402b16df185119c91222b33ff1b8d55e0afe4%5E%21 CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...) NOT-FOR-US: Red Hat Satellite CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85877b1d0b35636800a4a7d5ba98671c3c694e71 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85877b1d0b35636800a4a7d5ba98671c3c694e71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94fda6f3 by Salvatore Bonaccorso at 2024-05-22T08:57:43+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,195 @@ +CVE-2021-47473 [scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/7fb223d0ad801f633c78cbe42b1d1b55f5d163ad (5.15-rc7) +CVE-2021-47472 [net: mdiobus: Fix memory leak in __mdiobus_register] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/ab609f25d19858513919369ff3d9a63c02cd9e2e (5.15-rc4) +CVE-2021-47471 [drm: mxsfb: Fix NULL pointer dereference crash on unload] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3cfc183052c3dbf8eae57b6c1685dab00ed3db4a (5.15-rc7) +CVE-2021-47470 [mm, slub: fix potential use-after-free in slab_debugfs_fops] + - linux 5.14.16-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/67823a544414def2a36c212abadb55b23bcda00c (5.15-rc7) +CVE-2021-47469 [spi: Fix deadlock when adding SPI controllers on SPI buses] + - linux 5.14.16-1 + NOTE: https://git.kernel.org/linus/6098475d4cb48d821bdf453c61118c56e26294f0 (5.15-rc6) +CVE-2021-47468 [isdn: mISDN: Fix sleeping function called from invalid context] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/6510e80a0b81b5d814e3aea6297ba42f5e76f73c (5.15-rc6) +CVE-2021-47467 [kunit: fix reference count leak in kfree_at_end] + - linux 5.14.16-1 + NOTE: https://git.kernel.org/linus/f62314b1ced25c58b86e044fc951cd6a1ea234cf (5.15-rc6) +CVE-2021-47466 [mm, slub: fix potential memoryleak in kmem_cache_open()] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/9037c57681d25e4dcc442d940d6dbe24dd31f461 (5.15-rc7) +CVE-2021-47465 [KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9b4416c5095c20e110c82ae602c254099b83b72f (5.15-rc6) +CVE-2021-47464 [audit: fix possible null-pointer dereference in audit_filter_rules] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6e3ee990c90494561921c756481d0e2125d8b895 (5.15-rc7) +CVE-2021-47463 [mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem()] + - linux 5.14.16-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/79f9bc5843142b649575f887dccdf1c07ad75c20 (5.15-rc7) +CVE-2021-47462 [Description:] + - linux 5.14.16-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6d2aec9e123bb9c49cb5c7fc654f25f81e688e8c (5.15-rc7) +CVE-2021-47461 [userfaultfd: fix a race between writeprotect and exit_mmap()] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cb185d5f1ebf900f4ae3bf84cee212e6dd035aca (5.15-rc7) +CVE-2021-47460 [ocfs2: fix data corruption after conversion from inline format] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/5314454ea3ff6fc746eaf71b9a7ceebed52888fa (5.15-rc7) +CVE-2021-47459 [can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d9d52a3ebd284882f5562c88e55991add5d01586 (5.15-rc7) +CVE-2021-47458 [ocfs2: mount fails with buffer overflow in strlen] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/b15fa9224e6e1239414525d8d556d824701849fc (5.15-rc7) +CVE-2021-47457 [can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()] + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/li
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-31989 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a53cf941 by Salvatore Bonaccorso at 2024-05-22T08:21:06+02:00 Add CVE-2024-31989 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -93,7 +93,7 @@ CVE-2024-33526 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import CVE-2024-33525 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of or ...) TODO: check CVE-2024-31989 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2024-31847 (An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site ...) TODO: check CVE-2024-31845 (An issue was discovered in Italtel Embrace 1.6.4. The product does not ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a53cf941c005f86d9d98f27583d8cfd65f0400f0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a53cf941c005f86d9d98f27583d8cfd65f0400f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-5148/gnome-remote-desktop
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba8cb9cf by Salvatore Bonaccorso at 2024-05-22T08:17:41+02:00 CVE-2024-5148/gnome-remote-desktop - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,7 @@ CVE-2024-5148 [experimental] - gnome-remote-desktop 46.2-1 - gnome-remote-desktop (Vulnerable code only in 46 series) + NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/196 CVE-2024-5160 - chromium [bullseye] - chromium (see #1061268) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8cb9cf08e2d7a499c0fb8cc6fe7329ef764092 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba8cb9cf08e2d7a499c0fb8cc6fe7329ef764092 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-5148/gnome-remote-desktop
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc611396 by Salvatore Bonaccorso at 2024-05-22T08:08:26+02:00 Add CVE-2024-5148/gnome-remote-desktop - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2024-5148 + [experimental] - gnome-remote-desktop 46.2-1 + - gnome-remote-desktop (Vulnerable code only in 46 series) CVE-2024-5160 - chromium [bullseye] - chromium (see #1061268) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc611396961dfdfd189447e7bbd71922589401b1 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc611396961dfdfd189447e7bbd71922589401b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f02cdca2 by Salvatore Bonaccorso at 2024-05-21T22:19:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,29 @@ CVE-2024-4988 (The mobile application (com.transsion.videocallenhancer) interface has ...) TODO: check CVE-2024-4876 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4875 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4700 (The WP Table Builder \u2013 WordPress Table Plugin plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4695 (The Move Addons for Elementor plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4619 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4566 (The ShopLentor plugin for WordPress is vulnerable to unauthorized modi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4553 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4452 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4435 (When storing unbounded types in a BTreeMap, a node is represented as a ...) TODO: check CVE-2024-4420 (There exists a Denial of service vulnerability in Tink-cc in versions ...) TODO: check CVE-2024-4361 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4154 (In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulner ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-3345 (The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site ...) TODO: check CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plu ...) @@ -41,7 +41,7 @@ CVE-2024-35384 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause CVE-2024-35361 (MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/ ...) TODO: check CVE-2024-35218 (Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stor ...) - TODO: check + NOT-FOR-US: Umbraco CMS CVE-2024-35180 (OMERO.web provides a web based client and plugin infrastructure. There ...) TODO: check CVE-2024-35061 (NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f02cdca249297a6a3a6b795f15b94b8f00c03ca6 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f02cdca249297a6a3a6b795f15b94b8f00c03ca6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aa6eab1 by security tracker role at 2024-05-21T20:12:46+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,1778 +1,1898 @@ -CVE-2023-52879 [tracing: Have trace_event_file have ref counters] +CVE-2024-4988 (The mobile application (com.transsion.videocallenhancer) interface has ...) + TODO: check +CVE-2024-4876 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4875 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) + TODO: check +CVE-2024-4700 (The WP Table Builder \u2013 WordPress Table Plugin plugin for WordPres ...) + TODO: check +CVE-2024-4695 (The Move Addons for Elementor plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4619 (The Elementor Website Builder \u2013 More than Just a Page Builder plu ...) + TODO: check +CVE-2024-4566 (The ShopLentor plugin for WordPress is vulnerable to unauthorized modi ...) + TODO: check +CVE-2024-4553 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-4452 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-4435 (When storing unbounded types in a BTreeMap, a node is represented as a ...) + TODO: check +CVE-2024-4420 (There exists a Denial of service vulnerability in Tink-cc in versions ...) + TODO: check +CVE-2024-4361 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-4154 (In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulner ...) + TODO: check +CVE-2024-3345 (The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plu ...) + TODO: check +CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...) + TODO: check +CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...) + TODO: check +CVE-2024-35386 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35385 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35384 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2024-35361 (MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/ ...) + TODO: check +CVE-2024-35218 (Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stor ...) + TODO: check +CVE-2024-35180 (OMERO.web provides a web based client and plugin infrastructure. There ...) + TODO: check +CVE-2024-35061 (NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exc ...) + TODO: check +CVE-2024-35060 (An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows att ...) + TODO: check +CVE-2024-35059 (An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows a ...) + TODO: check +CVE-2024-35058 (An issue in the API wait function of NASA AIT-Core v2.5.2 allows attac ...) + TODO: check +CVE-2024-35057 (An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary ...) + TODO: check +CVE-2024-35056 (NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection ...) + TODO: check +CVE-2024-34274 (OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untr ...) + TODO: check +CVE-2024-34240 (QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) r ...) + TODO: check +CVE-2024-34071 (Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco ...) + TODO: check +CVE-2024-33529 (ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow ...) + TODO: check +CVE-2024-33528 (A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7. ...) + TODO: check +CVE-2024-33527 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Us ...) + TODO: check +CVE-2024-33526 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of us ...) + TODO: check +CVE-2024-33525 (A Stored Cross-site Scripting (XSS) vulnerability in the "Import of or ...) + TODO: check +CVE-2024-31989 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2024-31847 (An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site ...) + TODO: check +CVE-2024-31845 (An issue was discovered in Italtel Embrace 1.6.4. The product does not ...) + TODO: check +CVE-2024-
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-35195/requests
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27d76db8 by Salvatore Bonaccorso at 2024-05-21T22:05:39+02:00 Add Debian bug reference for CVE-2024-35195/requests - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1800,7 +1800,7 @@ CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not sanitise CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) NOT-FOR-US: WordPress plugin CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...) - - requests + - requests (bug #1071593) NOTE: https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 NOTE: https://github.com/psf/requests/pull/6655 NOTE: https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356 (v2.32.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d76db816d5abce13914725553994a1c9b8b60a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d76db816d5abce13914725553994a1c9b8b60a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-35190/asterisk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: babbdfd1 by Salvatore Bonaccorso at 2024-05-21T21:53:02+02:00 Update status for CVE-2024-35190/asterisk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3247,7 +3247,7 @@ CVE-2024-35784 (In the Linux kernel, the following vulnerability has been resolv - linux 6.7.12-1 NOTE: https://git.kernel.org/linus/b0ad381fa7690244802aed119b478b4bdafc31dd (6.8-rc6) CVE-2024-35190 (Asterisk is an open source private branch exchange and telephony toolk ...) - - asterisk + - asterisk (Vulnerable code not present) NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9 NOTE: https://github.com/asterisk/asterisk/pull/600 NOTE: https://github.com/asterisk/asterisk/pull/602 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babbdfd18382ecc0f35dafc160d5842f83307b32 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babbdfd18382ecc0f35dafc160d5842f83307b32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-34997/joblib
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91eea16f by Salvatore Bonaccorso at 2024-05-21T21:35:50+02:00 Update status for CVE-2024-34997/joblib - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3257,8 +3257,10 @@ CVE-2024-35174 (Missing Authorization vulnerability in Flothemes Flo Forms.This CVE-2024-35173 (Missing Authorization vulnerability in PluginEver Serial Numbers for W ...) NOT-FOR-US: WordPress plugin CVE-2024-34997 (joblib v1.4.2 was discovered to contain a deserialization vulnerabilit ...) - - joblib + - joblib (unimportant) NOTE: https://github.com/joblib/joblib/issues/1582 + NOTE: https://github.com/joblib/joblib/pull/1585#issuecomment-2120501881 + NOTE: Negligible security impact CVE-2024-34982 (An arbitrary file upload vulnerability in the component /include/file. ...) NOT-FOR-US: lylme_spage CVE-2024-34959 (DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_d ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91eea16f31d3bf940e5f408bfad5f9796c77992a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91eea16f31d3bf940e5f408bfad5f9796c77992a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track two CVEs for firmware-nonfree
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f516b40 by Salvatore Bonaccorso at 2024-05-21T21:07:24+02:00 Track two CVEs for firmware-nonfree - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3956,7 +3956,9 @@ CVE-2023-47859 (Improper access control for some Intel(R) Wireless Bluetooth pro CVE-2023-47282 (Out-of-bounds write in Intel(R) Media SDK all versions and some Intel( ...) NOT-FOR-US: Intel CVE-2023-47210 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html + TODO: check, likely fixed in 20240513 tag update CVE-2023-47169 (Improper buffer restrictions in Intel(R) Media SDK software all versio ...) NOT-FOR-US: Intel CVE-2023-47165 (Improper conditions check in the Intel(R) Data Center GPU Max Series 1 ...) @@ -4038,7 +4040,9 @@ CVE-2023-38581 (Buffer overflow in Intel(R) Power Gadget software for Windows al CVE-2023-38420 (Improper conditions check in Intel(R) Power Gadget software for macOS ...) TODO: check CVE-2023-38417 (Improper input validation for some Intel(R) PROSet/Wireless WiFi softw ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html + TODO: check, likely fixed in 20240513 tag update CVE-2023-38399 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) TODO: check CVE-2023-37999 (Improper Privilege Management vulnerability in HasThemes HT Mega allow ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f516b40e38c2fed2515eedc10516d944c6975d9 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f516b40e38c2fed2515eedc10516d944c6975d9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 618f2ba5 by Salvatore Bonaccorso at 2024-05-21T21:03:47+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3892,9 +3892,9 @@ CVE-2024-2619 (The Elementor Header & Footer Builder for WordPress is vulnerable CVE-2024-24981 (Improper input validation in PfrSmiUpdateFw driver in UEFI firmware fo ...) NOT-FOR-US: Intel CVE-2024-23980 (Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-23487 (Improper input validation in UserAuthenticationSmm driver in UEFI firm ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-22476 (Improper input validation in some Intel(R) Neural Compressor software ...) NOT-FOR-US: Intel CVE-2024-22390 (Improper input validation in firmware for some Intel(R) FPGA products ...) @@ -3902,11 +3902,11 @@ CVE-2024-22390 (Improper input validation in firmware for some Intel(R) FPGA pro CVE-2024-22384 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...) NOT-FOR-US: Intel CVE-2024-22382 (Improper input validation in PprRequestLog module in UEFI firmware for ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-22379 (Uncontrolled search path in some Intel(R) Inspector software before ve ...) NOT-FOR-US: Intel CVE-2024-22095 (Improper input validation in PlatformVariableInitDxe driver in UEFI fi ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-22015 (Improper input validation for some Intel(R) DLB driver software before ...) NOT-FOR-US: Intel CVE-2024-21864 (Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics ...) @@ -4076,7 +4076,7 @@ CVE-2023-28383 (Improper conditions check in some Intel(R) BIOS PPAM firmware ma CVE-2023-27504 (Improper conditions check in some Intel(R) BIOS Guard firmware may all ...) TODO: check CVE-2023-22662 (Improper input validation of EpsdSrMgmtConfig in UEFI firmware for som ...) - TODO: check + NOT-FOR-US: Intel CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R) DSA and In ...) - linux [buster] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/618f2ba51f75474f66fb98435262d2c13e6fc392 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/618f2ba51f75474f66fb98435262d2c13e6fc392 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark intel-microcode CVEs as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: aee4ffd6 by Salvatore Bonaccorso at 2024-05-21T21:00:26+02:00 Mark intel-microcode CVEs as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4083,18 +4083,26 @@ CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R) DSA NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html CVE-2023-47855 (Improper input validation in some Intel(R) TDX module software before ...) - intel-microcode 3.20240514.1 + [bookworm] - intel-microcode (Minor issue; can be fixed in point release) + [bullseye] - intel-microcode (Minor issue; can be fixed in point release) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514 CVE-2023-45745 (Improper input validation in some Intel(R) TDX module software before ...) - intel-microcode 3.20240514.1 + [bookworm] - intel-microcode (Minor issue; can be fixed in point release) + [bullseye] - intel-microcode (Minor issue; can be fixed in point release) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514 CVE-2023-46103 (Sequence of processor instructions leads to unexpected behavior in Int ...) - intel-microcode 3.20240514.1 + [bookworm] - intel-microcode (Minor issue; can be fixed in point release) + [bullseye] - intel-microcode (Minor issue; can be fixed in point release) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514 CVE-2023-45733 (Hardware logic contains race conditions in some Intel(R) Processors ma ...) - intel-microcode 3.20240514.1 + [bookworm] - intel-microcode (Minor issue; can be fixed in point release) + [bullseye] - intel-microcode (Minor issue; can be fixed in point release) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514 CVE-2024-5023 (Improper Neutralization of Special Elements used in a Command ('Comman ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aee4ffd6da83efb57aa1f51a34a89cfd7742a01d -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aee4ffd6da83efb57aa1f51a34a89cfd7742a01d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f81473bc by Salvatore Bonaccorso at 2024-05-21T19:18:28+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,1202 @@ +CVE-2023-52879 [tracing: Have trace_event_file have ref counters] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1) +CVE-2023-52878 [can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + NOTE: https://git.kernel.org/linus/6411959c10fe917288cbb1038886999148560057 (6.7-rc1) +CVE-2023-52877 [usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4987daf86c152ff882d51572d154ad12e4ff3a4b (6.7-rc1) +CVE-2023-52876 [clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0884393c63cc9a1772f7121a6645ba7bd76feeb9 (6.7-rc1) +CVE-2023-52875 [clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux 4.19.304-1 + NOTE: https://git.kernel.org/linus/0d6e24b422a2166a9297a8286ff2e6ab9a5e8cd3 (6.7-rc1) +CVE-2023-52874 [x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro] + - linux 6.6.8-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5d092b66119d774853cc9308522620299048a662 (6.7-rc1) +CVE-2023-52873 [clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1f57f78fbacf630430bf954e5a84caafdfea30c0 (6.7-rc1) +CVE-2023-52872 [tty: n_gsm: fix race condition in status line change on dead connections] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3a75b205de43365f80a33b98ec9289785da56243 (6.7-rc1) +CVE-2023-52871 [soc: qcom: llcc: Handle a second device without data corruption] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + NOTE: https://git.kernel.org/linus/f1a1bc8775b26345aba2be278118999e7f661d3d (6.7-rc1) +CVE-2023-52870 [clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b82681042724924ae3ba0f2f2eeec217fa31e830 (6.7-rc1) +CVE-2023-52869 [pstore/platform: Add check for kstrdup] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a19d48f7c5d57c0f0405a7d4334d1d38fe9d3c1c (6.7-rc1) +CVE-2023-52868 [thermal: core: prevent potential string overflow] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux 4.19.304-1 + NOTE: https://git.kernel.org/linus/c99626092efca3061b387043d4a7399bf75fbdd5 (6.7-rc1) +CVE-2023-52867 [drm/radeon: possible buffer overflow] + - linux 6.6.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux 4.19.304-1 + NOTE: https://git.kernel.org/linus/dd05484f99d16715a88eedfca363828ef9a4c2d4 (6.7-rc1) +CVE-2023-52866 [HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks()] + - linux 6.6.8-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/91cfe0bbaa1c434d4271eb6e1d7aaa1fe8d121f6 (6.7-rc1) +CVE-2023-52865 [clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data] + - linux 6.6.8-1
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-27429
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d87e386c by Salvatore Bonaccorso at 2024-05-21T17:37:49+02:00 Remove notes from CVE-2024-27429 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2216,11 +2216,8 @@ CVE-2024-27430 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.82-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/958d6145a6d9ba9e075c921aead8753fb91c9101 (6.8) -CVE-2024-27429 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/cfd9f4a740f772298308b2e6070d2c744fb5cf79 (6.8) +CVE-2024-27429 + REJECTED CVE-2024-27428 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.7.12-1 [bookworm] - linux 6.1.82-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d87e386c49029ad5bda2f4ad78cf3512a75a0944 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d87e386c49029ad5bda2f4ad78cf3512a75a0944 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e52dd50 by Salvatore Bonaccorso at 2024-05-21T17:37:03+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,583 @@ +CVE-2021-47220 [usb: dwc3: core: fix kernel panic when do reboot] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/4bf584a03eec674975ee9fe36c8583d9d470dab1 (5.13-rc7) +CVE-2021-47221 [mm/slub: actually fix freelist pointer vs redzoning] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e41a49fadbc80b60b48d3c095d9e2ee7ef7c9a8e (5.13-rc7) +CVE-2021-47222 [net: bridge: fix vlan tunnel dst refcnt when egressing] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/cfc579f9d89af4ada58c69b03bcaa4887840f3b3 (5.13-rc7) +CVE-2021-47223 [net: bridge: fix vlan tunnel dst null pointer dereference] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/58e2071742e38f29f051b709a5cca014ba51166f (5.13-rc7) +CVE-2021-47224 [net: ll_temac: Make sure to free skb when it is completely used] + - linux 5.10.46-1 + NOTE: https://git.kernel.org/linus/6aa32217a9a446275440ee8724b1ecaf1838df47 (5.13-rc7) +CVE-2021-47225 [mac80211: fix deadlock in AP/VLAN handling] + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d5befb224edbe53056c2c18999d630dafb4a08b9 (5.13-rc7) +CVE-2021-47226 [x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d8778e393afa421f1f117471144f8ce6deb6953a (5.13-rc7) +CVE-2021-47227 [x86/fpu: Prevent state corruption in __fpu__restore_sig()] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/484cea4f362e1eeb5c869abbfb5f90eae6421b38 (5.13-rc7) +CVE-2021-47228 [x86/ioremap: Map EFI-reserved memory as encrypted for SEV] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8d651ee9c71bb12fc0c8eb2786b66cbe5aa3e43b (5.13-rc7) +CVE-2021-47229 [PCI: aardvark: Fix kernel panic during PIO transfer] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/f18139966d072dab8e4398c95ce955a9742e04f7 (5.13-rc7) +CVE-2021-47230 [KVM: x86: Immediately reset the MMU context when the SMM flag is cleared] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/78fcb2c91adfec8ce3a2ba6b4d0dda89f2f4a7c6 (5.13-rc7) +CVE-2021-47231 [can: mcba_usb: fix memory leak in mcba_usb] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/91c02557174be7f72e46ed7311e3bea1939840b0 (5.13-rc7) +CVE-2021-47232 [can: j1939: fix Use-after-Free, hold skb ref while in use] + - linux 5.10.46-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2030043e616cab40f510299f09b636285e0a3678 (5.13-rc7) +CVE-2021-47233 [regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL] + - linux 5.10.46-1 + NOTE: https://git.kernel.org/linus/cb2381cbecb81a8893b2d1e1af29bc2e5531df27 (5.13-rc6) +CVE-2021-47234 [phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init()] + - linux 5.10.46-1 + NOTE: https://git.kernel.org/linus/aaac9a1bd370338ce372669eb9a6059d16b929aa (5.13-rc6) +CVE-2021-47235 [net: ethernet: fix potential use-after-free in ec_bhf_remove] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/9cca0c2d70149160407bda9a9446ce0c29b6e6c6 (5.13-rc7) +CVE-2021-47236 [net: cdc_eem: fix tx fixup skb leak] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/c3b26fdf1b32f91c7a3bc743384b4a298ab53ad7 (5.13-rc7) +CVE-2021-47237 [net: hamradio: fix memory leak in mkiss_close] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/7edcc682301492380fbdd604b4516af5ae667a13 (5.13-rc7) +CVE-2021-47238 [net: ipv4: fix memory leak in ip_mc_add1_src] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/d8e2973029b8b2ce477b564824431f3385c77083 (5.13-rc7) +CVE-2021-47239 [net: usb: fix possible use-after-free in smsc75xx_bind] + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/56b786d86694e079d8aad9b314e015cd4ac02a3d (5
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-35176/ruby
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9864baa by Salvatore Bonaccorso at 2024-05-21T15:46:25+02:00 Add CVE-2024-35176/ruby - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2535,7 +2535,13 @@ CVE-2024-35184 (Paperless-ngx is a document management system that transforms ph CVE-2024-35183 (wolfictl is a command line tool for working with Wolfi. A git authenti ...) TODO: check CVE-2024-35176 (REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a den ...) - TODO: check + - ruby3.2 + - ruby3.1 + - ruby2.7 + - ruby2.5 + NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh + NOTE: Fixed by: https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb (v3.2.7) + NOTE: https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/ CVE-2024-35039 (idccms V1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-34958 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9864baa6df462de02fe2fc65d338dfec8487926 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9864baa6df462de02fe2fc65d338dfec8487926 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-1968/python-scrapy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d9f4731e by Salvatore Bonaccorso at 2024-05-21T15:45:33+02:00 Add CVE-2024-1968/python-scrapy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -97,7 +97,12 @@ CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine v.0 CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 all ...) TODO: check CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the Authorization head ...) - TODO: check + - python-scrapy 2.11.2-1 + NOTE: https://huntr.com/bounties/27f6a021-a891-446a-ada5-0226d619dd1a + NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-4qqq-9vqf-3h3f + NOTE: https://github.com/scrapy/scrapy/commit/f8d6c456e0669ea5344e93fe9206bd1ffebc2008 (2.11.2) + NOTE: https://github.com/scrapy/scrapy/commit/6499214a4f6817e1845073bd167deb33ed5261af (2.11.2) + NOTE: https://github.com/scrapy/scrapy/commit/7a1ab7e1be2187daf047f3bf5ed8e9192751b145 (2.11.2) CVE-2024-0401 (ASUS routers supporting custom OpenVPN profiles are vulnerable to a co ...) NOT-FOR-US: ASUS CVE-2023-49335 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f4731ee9ad459bccd5dc14fdda10fa62ca1ce8 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f4731ee9ad459bccd5dc14fdda10fa62ca1ce8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1a268088 by Salvatore Bonaccorso at 2024-05-21T15:42:55+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2024-4289 (The Sailthru Triggermail WordPress plugin through 1.1 does not sa CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...) - requests NOTE: https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 @@ -39,9 +39,9 @@ CVE-2024-33901 (Issue in KeePassXC 2.7.7 allows an attacker to recover some pass CVE-2024-33900 (KeePassXC 2.7.7 allows attackers to recover cleartext credentials.) TODO: check CVE-2024-2189 (The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0816 (The buffer overflow vulnerability in the DX3300-T1 firmware version V5 ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2023-37929 (The buffer overflow vulnerability in the CGI program of the VMG3625-T5 ...) TODO: check CVE-2024-5137 (A vulnerability classified as problematic was found in PHPGurukul Dire ...) @@ -83,15 +83,15 @@ CVE-2024-34947 (Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7. CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get file fl ...) NOT-FOR-US: smanga CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows ...) - TODO: check + NOT-FOR-US: Waxlab wax CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) TODO: check CVE-2024-29651 (A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v. ...) TODO: check CVE-2024-29000 (The SolarWinds Platform was determined to be affected by a reflected c ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2024-27312 (Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization v ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-24294 (A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 a ...) TODO: check CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 all ...) @@ -99,19 +99,19 @@ CVE-2024-24293 (A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0 CVE-2024-1968 (In scrapy/scrapy, an issue was identified where the Authorization head ...) TODO: check CVE-2024-0401 (ASUS routers supporting custom OpenVPN profiles are vulnerable to a co ...) - TODO: check + NOT-FOR-US: ASUS CVE-2023-49335 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2023-49334 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2023-49333 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2023-49332 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2023-49331 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injectio ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2023-49330 (Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injectio ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-36009 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 @@ -1024,7 +1024,7 @@ CVE-2024-5064 (A vulnerability was found in PHPGurukul Online Course Registratio CVE-2024-5063 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...) NOT-FOR-US: PHPGurukul Online Course Registration System CVE-2024-5055 (Uncontrolled resource consumption vulnerability in XAMPP Windows, vers ...) - TODO: check + NOT-FOR-US: XAMPP Windows CVE-2024-5052 (Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 ...) NOT-FOR-US: Cerberus Enterprise CVE-2024-5051 (A vulnerability has been found in SourceCodester Gas Agency Management ...) @@ -1803,7 +1803,7 @@ CVE-2024-22120 (Zabbix server can perform command execution for configured scrip CVE-2024-21746 (Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate R ...) NOT-FOR-US: WordP
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 99451f44 by Salvatore Bonaccorso at 2024-05-21T10:44:43+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26,14 +26,14 @@ CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making request NOTE: https://github.com/psf/requests/pull/6655 NOTE: https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356 (v2.32.0) CVE-2024-35194 (Minder is a software supply chain security platform. Prior to version ...) - TODO: check + NOT-FOR-US: Minder by Stacklok CVE-2024-35192 (Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is ...) - trivy (bug #929458) NOTE: https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj CVE-2024-35191 (Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users ...) - TODO: check + NOT-FOR-US: Craft CMS plugin CVE-2024-34710 (Wiki.js is al wiki app built on Node.js. Client side template injectio ...) - TODO: check + NOT-FOR-US: Wiki.js CVE-2024-33901 (Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords ...) TODO: check CVE-2024-33900 (KeePassXC 2.7.7 allows attackers to recover cleartext credentials.) @@ -71,9 +71,9 @@ CVE-2024-35576 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb CVE-2024-35571 (Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode ...) NOT-FOR-US: Tenda CVE-2024-34953 (An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denia ...) - TODO: check + NOT-FOR-US: taurusxin ncmdump CVE-2024-34952 (taurusxin ncmdump v1.3.2 was discovered to contain a segmentation viol ...) - TODO: check + NOT-FOR-US: taurusxin ncmdump CVE-2024-34949 (likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList fun ...) NOT-FOR-US: likeshop CVE-2024-34948 (An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 ...) @@ -81,7 +81,7 @@ CVE-2024-34948 (An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK CVE-2024-34947 (Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 ...) NOT-FOR-US: Quanxun Huiju Network Technology(Beijing) Co. CVE-2024-34193 (smanga 3.2.7 does not filter the file parameter at the PHP/get file fl ...) - TODO: check + NOT-FOR-US: smanga CVE-2024-31714 (Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows ...) TODO: check CVE-2024-2835 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99451f44c76ca2ddf7b9d78c078f069617468261 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99451f44c76ca2ddf7b9d78c078f069617468261 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-35192/trivy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9390119a by Salvatore Bonaccorso at 2024-05-21T10:22:45+02:00 Add CVE-2024-35192/trivy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28,7 +28,8 @@ CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making request CVE-2024-35194 (Minder is a software supply chain security platform. Prior to version ...) TODO: check CVE-2024-35192 (Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is ...) - TODO: check + - trivy (bug #929458) + NOTE: https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj CVE-2024-35191 (Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users ...) TODO: check CVE-2024-34710 (Wiki.js is al wiki app built on Node.js. Client side template injectio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9390119af7aaee4bd95ba9e2d190549af9475448 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9390119af7aaee4bd95ba9e2d190549af9475448 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Directly reference the upstream commit for fixing requests issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5fc2922 by Salvatore Bonaccorso at 2024-05-21T10:19:44+02:00 Directly reference the upstream commit for fixing requests issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24,7 +24,7 @@ CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making request - requests NOTE: https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 NOTE: https://github.com/psf/requests/pull/6655 - NOTE: https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac (v2.32.0) + NOTE: https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356 (v2.32.0) CVE-2024-35194 (Minder is a software supply chain security platform. Prior to version ...) TODO: check CVE-2024-35192 (Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fc2922d694d62117fcc9d50afba387dd35f9b5 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fc2922d694d62117fcc9d50afba387dd35f9b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-35195/requests
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00c1a0fb by Salvatore Bonaccorso at 2024-05-21T10:18:52+02:00 Add CVE-2024-35195/requests - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,7 +21,10 @@ CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not sanitise CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) TODO: check CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...) - TODO: check + - requests + NOTE: https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 + NOTE: https://github.com/psf/requests/pull/6655 + NOTE: https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac (v2.32.0) CVE-2024-35194 (Minder is a software supply chain security platform. Prior to version ...) TODO: check CVE-2024-35192 (Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00c1a0fb7f2726f4a31e451795b70b9401541094 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00c1a0fb7f2726f4a31e451795b70b9401541094 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ccbe81f by Salvatore Bonaccorso at 2024-05-21T10:18:22+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,23 +1,23 @@ CVE-2024-5145 (A vulnerability was found in SourceCodester Vehicle Management System ...) - TODO: check + NOT-FOR-US: SourceCodester Vehicle Management System CVE-2024-4985 (An authentication bypass vulnerability was present in the GitHub Enter ...) - TODO: check + NOT-FOR-US: GitHub Enterprise Server (GHES CVE-2024-4943 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-4710 (The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4470 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4442 (The Salon booking system plugin for WordPress is vulnerable to arbitra ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4372 (The Carousel Slider WordPress plugin before 2.2.11 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4290 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4289 (The Sailthru Triggermail WordPress plugin through 1.1 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4061 (The Survey Maker WordPress plugin before 4.2.9 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Block ...) TODO: check CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ccbe81f74cb476b72c695786eef3bd0845861e4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ccbe81f74cb476b72c695786eef3bd0845861e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits