[Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2024-35226
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 204ddf9c by Salvatore Bonaccorso at 2024-05-29T22:43:11+02:00 Add upstream tag information for CVE-2024-35226 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -125,7 +125,7 @@ CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation - smarty3 - smarty4 NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w - NOTE: https://github.com/smarty-php/smarty/commit/76881c8d33d80648f70c9b0339f770f5f69a87a2 (support/4) + NOTE: https://github.com/smarty-php/smarty/commit/76881c8d33d80648f70c9b0339f770f5f69a87a2 (v4.5.3) NOTE: https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a (v5.2.0) CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encryption of ...) NOT-FOR-US: HCL View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/204ddf9c79fa0f52dd5001c9ca84f1ff50d32323 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/204ddf9c79fa0f52dd5001c9ca84f1ff50d32323 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28826/check-mk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b92a2f2 by Salvatore Bonaccorso at 2024-05-29T22:34:00+02:00 Add CVE-2024-28826/check-mk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -74,7 +74,7 @@ CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QU CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequat ...) NOT-FOR-US: Dell CVE-2024-28826 (Improper restriction of local upload and download paths in check_sftp ...) - TODO: check + - check-mk CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. Th ...) NOT-FOR-US: Zoho ManageEngine CVE-2024-25977 (The application does not change the session token when using the login ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b92a2f229f53f30f54609b9b0330996d2424550 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b92a2f229f53f30f54609b9b0330996d2424550 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77c38f97 by Salvatore Bonaccorso at 2024-05-29T22:31:56+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,7 @@ CVE-2024-5039 (The HUSKY \u2013 Products Filter Professional for WooCommerce plu CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) NOT-FOR-US: Progress Telerik Report Server CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...) @@ -58,13 +58,13 @@ CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...) TODO: check CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) - TODO: check + NOT-FOR-US: Mitel CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact Center Busi ...) - TODO: check + NOT-FOR-US: Mitel CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) TODO: check CVE-2024-34715 (Fides is an open-source privacy engineering platform. The Fides webser ...) - TODO: check + NOT-FOR-US: Fides CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) TODO: check CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) @@ -72,11 +72,11 @@ CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QU CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) TODO: check CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequat ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-28826 (Improper restriction of local upload and download paths in check_sftp ...) TODO: check CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. Th ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-25977 (The application does not change the session token when using the login ...) TODO: check CVE-2024-25976 (When LDAP authentication is activated in the configuration it is possi ...) @@ -306,7 +306,7 @@ CVE-2024-23948 (Multiple improper array index validation vulnerabilities exist i CVE-2024-23947 (Multiple improper array index validation vulnerabilities exist in the ...) TODO: check CVE-2024-23601 (A code injection vulnerability exists in the scan_lib.bin functionalit ...) - TODO: check + NOT-FOR-US: AutomationDirect CVE-2024-23315 (A read-what-where vulnerability exists in the Programming Software Con ...) TODO: check CVE-2024-22590 (The TLS engine in Kwik commit 745fd4e2 does not track the current stat ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77c38f97ab77842a7e609b1d962159eb77b48014 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77c38f97ab77842a7e609b1d962159eb77b48014 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a8e1a846 by Salvatore Bonaccorso at 2024-05-29T22:26:12+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,49 +1,49 @@ CVE-2024-5185 (The EmbedAI application is susceptible to security issues that enable ...) - TODO: check + NOT-FOR-US: EmbedAI application CVE-2024-5039 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) - TODO: check + NOT-FOR-US: Progress Telerik Report Server CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore ...) TODO: check CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...) - TODO: check + NOT-FOR-US: TARGIT Decision Suite CVE-2024-36378 (In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS a ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36377 (In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36376 (In JetBrains TeamCity before 2024.03.2 users could perform actions tha ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36375 (In JetBrains TeamCity before 2024.03.2 technical information regarding ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36374 (In JetBrains TeamCity before 2024.03.2 stored XSS via build step setti ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36373 (In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36372 (In JetBrains TeamCity before 2023.05.5 reflected XSS on the subscripti ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36371 (In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36370 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36369 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36368 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36367 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36366 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36365 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36364 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux NOTE: https://git.kernel.org/linus/47388e807f85948eefc403a8a5fdc5b406a65d5a (6.10-rc1) @@ -86,7 +86,7 @@ CVE-2024-25975 (The application implements an up- and downvote function which al CVE-2023-46297 (An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 ...) TODO: check CVE-2023-42005 (IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-52881 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8e1a846082136d154059e6013e98ba16ab292ef -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8e1a846082136d154059e6013e98ba16ab292ef You're receiving this email because of your account on salsa.debian.org.
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36016/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c95236f6 by Salvatore Bonaccorso at 2024-05-29T22:13:19+02:00 Add CVE-2024-36016/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45,7 +45,8 @@ CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 20 CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) TODO: check CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolved: t ...) - TODO: check + - linux + NOTE: https://git.kernel.org/linus/47388e807f85948eefc403a8a5fdc5b406a65d5a (6.10-rc1) CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Service ( ...) TODO: check CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c95236f6d1aded55679e2f66f1d09586667c6348 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c95236f6d1aded55679e2f66f1d09586667c6348 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2a6af29 by security tracker role at 2024-05-29T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,92 @@ -CVE-2023-52881 [tcp: do not accept ACK of bytes we never sent] +CVE-2024-5185 (The EmbedAI application is susceptible to security issues that enable ...) + TODO: check +CVE-2024-5039 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...) + TODO: check +CVE-2024-4358 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) + TODO: check +CVE-2024-3412 (The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore ...) + TODO: check +CVE-2024-36470 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36427 (The file-serving function in TARGIT Decision Suite 23.2.15007 allows a ...) + TODO: check +CVE-2024-36378 (In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS a ...) + TODO: check +CVE-2024-36377 (In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints ...) + TODO: check +CVE-2024-36376 (In JetBrains TeamCity before 2024.03.2 users could perform actions tha ...) + TODO: check +CVE-2024-36375 (In JetBrains TeamCity before 2024.03.2 technical information regarding ...) + TODO: check +CVE-2024-36374 (In JetBrains TeamCity before 2024.03.2 stored XSS via build step setti ...) + TODO: check +CVE-2024-36373 (In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted ...) + TODO: check +CVE-2024-36372 (In JetBrains TeamCity before 2023.05.5 reflected XSS on the subscripti ...) + TODO: check +CVE-2024-36371 (In JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit ...) + TODO: check +CVE-2024-36370 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36369 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36368 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36367 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36366 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36365 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36364 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36363 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36362 (In JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11. ...) + TODO: check +CVE-2024-36016 (In the Linux kernel, the following vulnerability has been resolved: t ...) + TODO: check +CVE-2024-35512 (An issue in hmq v1.5.5 allows attackers to cause a Denial of Service ( ...) + TODO: check +CVE-2024-35492 (Cesanta Mongoose commit b316989 was discovered to contain a NULL point ...) + TODO: check +CVE-2024-35434 (Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow ...) + TODO: check +CVE-2024-35333 (A stack-buffer-overflow vulnerability exists in the read_charset_decl ...) + TODO: check +CVE-2024-35311 (Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0 ...) + TODO: check +CVE-2024-35284 (A vulnerability in the legacy chat component of Mitel MiContact Center ...) + TODO: check +CVE-2024-35283 (A vulnerability in the Ignite component of Mitel MiContact Center Busi ...) + TODO: check +CVE-2024-35200 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) + TODO: check +CVE-2024-34715 (Fides is an open-source privacy engineering platform. The Fides webser ...) + TODO: check +CVE-2024-34161 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) + TODO: check +CVE-2024-32760 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) + TODO: check +CVE-2024-31079 (When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC mod ...) + TODO: check +CVE-2024-28974 (Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequat ...) + TODO: check +CVE-2024-28826 (Improper restriction of local upload and download paths in check_sftp ...) + TODO: check +CVE-2024-27313 (Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. Th ...) + TODO: check +CVE-2024-25977 (The application does not change the session token when using the login ...) + TODO: check +CVE-2024-25976 (When LDAP
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-4956{8,9} via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c942c9eb by Salvatore Bonaccorso at 2024-05-29T20:44:17+02:00 Track fixed version for CVE-2023-4956{8,9} via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -40946,11 +40946,11 @@ CVE-2023-51806 (File Upload vulnerability in Ujcms v.8.0.2 allows a local attack CVE-2023-51790 (Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote ...) - piwigo CVE-2023-49569 (A path traversal vulnerability was discovered in go-git versions prior ...) - - golang-github-go-git-go-git (bug #1060701) + - golang-github-go-git-go-git 5.11.0-1 (bug #1060701) [bookworm] - golang-github-go-git-go-git (Minor issue) NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88 CVE-2023-49568 (A denial of service (DoS) vulnerability was discovered in go-git versi ...) - - golang-github-go-git-go-git (bug #1060701) + - golang-github-go-git-go-git 5.11.0-1 (bug #1060701) [bookworm] - golang-github-go-git-go-git (Minor issue) NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r CVE-2023-49262 (The authentication mechanism can be bypassed by overflowing the value ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c942c9eb7a51740a22762d33c40fb2adb24b7118 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c942c9eb7a51740a22762d33c40fb2adb24b7118 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2024-29415
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f75fd0dd by Salvatore Bonaccorso at 2024-05-29T20:40:59+02:00 Update notes for CVE-2024-29415 The fix landed for now only in experimental, so move the fixing version there. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -339,7 +339,8 @@ CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 al CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...) - ruby-kaminari (Doesn't affect Kaminari as shipped by Debian) CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...) - - node-ip 2.0.1+~1.1.3-2 (bug #1072121) + [experimental] - node-ip 2.0.1+~1.1.3-2 + - node-ip (bug #1072121) [bookworm] - node-ip (Minor issue) [bullseye] - node-ip (Minor issue) NOTE: https://github.com/indutny/node-ip/issues/150 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f75fd0dd2b46f9c4e032c67e31c50b7f91a4f31e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f75fd0dd2b46f9c4e032c67e31c50b7f91a4f31e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-52881/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c5c8c2b by Salvatore Bonaccorso at 2024-05-29T16:48:52+02:00 Add CVE-2023-52881/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2023-52881 [tcp: do not accept ACK of bytes we never sent] + - linux 6.6.8-1 + [bookworm] - linux 6.1.69-1 + [bullseye] - linux 5.10.205-1 + [buster] - linux 4.19.304-1 + NOTE: https://git.kernel.org/linus/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27 (6.7-rc5) CVE-2024-5437 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) NOT-FOR-US: SourceCodester Simple Online Bidding System CVE-2024-5204 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to authent ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c5c8c2b5b43aca66856537f04a2066b42ea769f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c5c8c2b5b43aca66856537f04a2066b42ea769f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Note potential behaviour change for CVE-2024-3202{0,4}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b7a41f22 by Salvatore Bonaccorso at 2024-05-29T15:50:02+02:00 Note potential behaviour change for CVE-2024-3202{0,4} - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6821,10 +6821,12 @@ CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44 NOTE: https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj NOTE: https://github.com/git/git/commit/1204e1a824c34071019fe106348eaa6d88f9528d NOTE: https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703 + NOTE: Regression: https://lore.kernel.org/git/924426.1716570...@dash.ant.isi.edu/T/#u CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - git 1:2.45.1-1 (bug #1071160) NOTE: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 NOTE: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8 + NOTE: Regression: https://lore.kernel.org/git/924426.1716570...@dash.ant.isi.edu/T/#u CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - git 1:2.45.1-1 (bug #1071160) NOTE: https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7a41f2245112ccee083837fa0ad69f2a1398108 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7a41f2245112ccee083837fa0ad69f2a1398108 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fe2fc4ce by Salvatore Bonaccorso at 2024-05-29T11:22:14+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-5437 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Online Bidding System CVE-2024-5204 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to authent ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5150 (The Login with phone number plugin for WordPress is vulnerable to auth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5086 (The Essential Addons for Elementor PRO \u2013 Best Elementor Templates ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4611 (The AppPresser plugin for WordPress is vulnerable to improper missing ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4419 (The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3937 (The Playlist for Youtube WordPress plugin through 1.32 does not saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3921 (The Gianism WordPress plugin through 5.1.0 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3050 (The Site Reviews WordPress plugin before 7.0.0 retrieves client IP add ...) TODO: check CVE-2024-36112 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) @@ -21,11 +21,11 @@ CVE-2024-36112 (Nautobot is a Network Source of Truth and Network Automation Pla CVE-2024-35548 (A SQL injection vulnerability in Mybatis plus versions below 3.5.6 all ...) TODO: check CVE-2024-35511 (phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injec ...) - TODO: check + NOT-FOR-US: phpgurukul Men Salon Management System CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In affec ...) - TODO: check + NOT-FOR-US: Umbraco Commerce CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In affec ...) - TODO: check + NOT-FOR-US: Umbraco Commerce CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...) TODO: check CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encryption of ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe2fc4cef2dd35ca89a21ea3609ccdf814e597c4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe2fc4cef2dd35ca89a21ea3609ccdf814e597c4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fa11a25 by security tracker role at 2024-05-29T08:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,49 @@ -CVE-2024-36015 [ppdev: Add an error check in register_device] +CVE-2024-5437 (A vulnerability was found in SourceCodester Simple Online Bidding Syst ...) + TODO: check +CVE-2024-5204 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to authent ...) + TODO: check +CVE-2024-5150 (The Login with phone number plugin for WordPress is vulnerable to auth ...) + TODO: check +CVE-2024-5086 (The Essential Addons for Elementor PRO \u2013 Best Elementor Templates ...) + TODO: check +CVE-2024-4611 (The AppPresser plugin for WordPress is vulnerable to improper missing ...) + TODO: check +CVE-2024-4419 (The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2024-3937 (The Playlist for Youtube WordPress plugin through 1.32 does not saniti ...) + TODO: check +CVE-2024-3921 (The Gianism WordPress plugin through 5.1.0 does not sanitise and escap ...) + TODO: check +CVE-2024-3050 (The Site Reviews WordPress plugin before 7.0.0 retrieves client IP add ...) + TODO: check +CVE-2024-36112 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) + TODO: check +CVE-2024-35548 (A SQL injection vulnerability in Mybatis plus versions below 3.5.6 all ...) + TODO: check +CVE-2024-35511 (phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In affec ...) + TODO: check +CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In affec ...) + TODO: check +CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...) + TODO: check +CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encryption of ...) + TODO: check +CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of ...) + TODO: check +CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...) + TODO: check +CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to Prototyp ...) + TODO: check +CVE-2024-0434 (The WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTr ...) + TODO: check +CVE-2023-6743 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-36015 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux NOTE: https://git.kernel.org/linus/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e (6.10-rc1) -CVE-2024-36014 [drm/arm/malidp: fix a possible null pointer dereference] +CVE-2024-36014 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web authentication crede ...) @@ -7111,7 +7153,8 @@ CVE-2024-4853 (Memory handling issue in editcap could cause denial of service vi NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19724 CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a toolse ...) NOT-FOR-US: Red Hat OpenStack Platform -CVE-2024-4810 (In register_device, the return value of ida_simple_get is unchecked, i ...) +CVE-2024-4810 + REJECTED TODO: check CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut NG/MF that ...) NOT-FOR-US: PaperCut NG/MF @@ -17316,11 +17359,13 @@ CVE-2024-3651 [potential DoS via resource consumption via specially crafted inpu NOTE: https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274779 NOTE: Fixed by: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 (v3.7) -CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) +CVE-2024-24863 + REJECTED - linux NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8750 -CVE-2024-24862 (In function pci1_spi_probe, there is a potential null pointer that ...) +CVE-2024-24862 + REJECTED - linux 6.8.9-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) @@ -58220,7 +58265,7 @@ CVE-2023-36701 (Microsoft Resilient File System (ReFS) Elevation of
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36015/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1910496 by Salvatore Bonaccorso at 2024-05-29T09:59:23+02:00 Add CVE-2024-36015/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2024-36015 [ppdev: Add an error check in register_device] + - linux + NOTE: https://git.kernel.org/linus/fbf740aeb86a4fe82ad158d26d711f2f3be79b3e (6.10-rc1) CVE-2024-36014 [drm/arm/malidp: fix a possible null pointer dereference] - linux NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1910496155aea46caaf4d58da1fc4be05fdbee2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1910496155aea46caaf4d58da1fc4be05fdbee2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36014/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e02e4ed5 by Salvatore Bonaccorso at 2024-05-29T08:25:40+02:00 Add CVE-2024-36014/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2024-36014 [drm/arm/malidp: fix a possible null pointer dereference] + - linux + NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web authentication crede ...) NOT-FOR-US: Campbell Scientific CSI Web Server CVE-2024-5433 (The Campbell Scientific CSI Web Server supports a command that will re ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e02e4ed56d115e05c3cbb0d83033bd71d0fdbcdf -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e02e4ed56d115e05c3cbb0d83033bd71d0fdbcdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-3205
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea51b757 by Salvatore Bonaccorso at 2024-05-28T23:01:02+02:00 Remove notes from CVE-2024-3205 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21302,10 +21302,6 @@ CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has NOT-FOR-US: ermig1979 Simd CVE-2024-3205 REJECTED - NOTE: Non issue reported for libyaml: - NOTE: https://github.com/yaml/libyaml/issues/258#issuecomment-2058613931 - NOTE: https://vuldb.com/?submit.304561 - NOTE: https://github.com/yaml/libyaml/issues/289 CVE-2024-3204 (A vulnerability has been found in c-blosc2 up to 2.13.2 and classified ...) - c-blosc2 2.13.1+ds-3 NOTE: https://github.com/Blosc/c-blosc2/commit/892f6d9c8ffc6e3c4d571df8fc02114f88c69b52 (v2.14.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea51b757a013c75e3ae0e8fa7b1dca398943212c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea51b757a013c75e3ae0e8fa7b1dca398943212c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3657/389-ds-base
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 03284306 by Salvatore Bonaccorso at 2024-05-28T22:42:14+02:00 Add CVE-2024-3657/389-ds-base - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,9 @@ CVE-2024-4429 (Cross-Site Request Forgery vulnerabilityhas been discovered in Op CVE-2024-3969 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...) NOT-FOR-US: OpenText iManager CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query can po ...) - TODO: check + - 389-ds-base + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274401 + TODO: check provided details CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched automatic ...) - gnome-shell NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03284306e27f50d0150be67583e40b75f3867135 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03284306e27f50d0150be67583e40b75f3867135 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36472/gnome-shell
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4de3989f by Salvatore Bonaccorso at 2024-05-28T22:40:05+02:00 Add CVE-2024-36472/gnome-shell - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,7 +21,8 @@ CVE-2024-3969 (XML External Entity injection vulnerability foundin OpenText\u212 CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query can po ...) TODO: check CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched automatic ...) - TODO: check + - gnome-shell + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...) TODO: check CVE-2024-36109 (CoCalc is web-based software that enables collaboration in research, t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4de3989f3523db601fbb25eb6edfd40575e141dc -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4de3989f3523db601fbb25eb6edfd40575e141dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0bb978b1 by Salvatore Bonaccorso at 2024-05-28T22:38:55+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,65 +39,65 @@ CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester Lab CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL ...) TODO: check CVE-2024-35510 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-35403 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35401 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a com ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35400 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35399 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35398 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35397 (TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a co ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35344 (Certain Anpviz products contain a hardcoded cryptographic key stored i ...) - TODO: check + NOT-FOR-US: Anpviz CVE-2024-35343 (Certain Anpviz products allow unauthenticated users to download arbitr ...) - TODO: check + NOT-FOR-US: Anpviz CVE-2024-35342 (Certain Anpviz products allow unauthenticated users to modify or disab ...) - TODO: check + NOT-FOR-US: Anpviz CVE-2024-35341 (Certain Anpviz products allow unauthenticated users to download the ru ...) - TODO: check + NOT-FOR-US: Anpviz CVE-2024-35324 (Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via ...) - TODO: check + NOT-FOR-US: Douchat CVE-2024-34854 (F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transc ...) - TODO: check + NOT-FOR-US: F-logic DataCube3 CVE-2024-34852 (F-logic DataCube3 v1.0 is affected by command injection due to imprope ...) - TODO: check + NOT-FOR-US: F-logic DataCube3 CVE-2024-33849 (ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-code ...) - TODO: check + NOT-FOR-US: ci solution CI-Out-of-Office Manager CVE-2024-33808 (A SQL injection vulnerability in /model/get_timetable.php in campcodes ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33807 (A SQL injection vulnerability in /model/get_teacher_timetable.php in c ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33806 (A SQL injection vulnerability in /model/get_grade.php in campcodes Com ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33805 (A SQL injection vulnerability in /model/get_student.php in campcodes C ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33804 (A SQL injection vulnerability in /model/get_subject.php in campcodes C ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33803 (A SQL injection vulnerability in /model/get_exam.php in campcodes Comp ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33802 (A SQL injection vulnerability in /model/get_student_subject.php in cam ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33801 (A SQL injection vulnerability in /model/get_subject_routing.php in cam ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33800 (A SQL injection vulnerability in /model/get_student1.php in campcodes ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33799 (A SQL injection vulnerability in /model/get_teacher.php in campcodes C ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-33450 (SQL Injection in Finereport v.8.0 allows a remote attacker to obtain s ...) - TODO: check + NOT-FOR-US: Finereport CVE-2024-33402 (A SQL injection vulnerability in /model/approve_petty_cash.php in camp ...) - TODO: check + NOT-FOR-US: campcodes Complete Web-Based School Management System CVE-2024-30212 (If a SCSI READ(10) command is
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36107/minio, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee53cefa by Salvatore Bonaccorso at 2024-05-28T22:31:08+02:00 Add CVE-2024-36107/minio, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,7 +27,7 @@ CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Mult CVE-2024-36109 (CoCalc is web-based software that enables collaboration in research, t ...) TODO: check CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU Affero G ...) - TODO: check + - minio (bug #859207) CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit function of For ...) TODO: check CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee53cefa5bb5b65601466b21a79c4c555635a0d4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee53cefa5bb5b65601466b21a79c4c555635a0d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6185ad6 by Salvatore Bonaccorso at 2024-05-28T22:30:28+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,23 +1,23 @@ CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web authentication crede ...) - TODO: check + NOT-FOR-US: Campbell Scientific CSI Web Server CVE-2024-5433 (The Campbell Scientific CSI Web Server supports a command that will re ...) - TODO: check + NOT-FOR-US: Campbell Scientific CSI Web Server CVE-2024-5428 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Online Bidding System CVE-2024-5415 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) - TODO: check + NOT-FOR-US: PhpMyBackupPro CVE-2024-5414 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) - TODO: check + NOT-FOR-US: PhpMyBackupPro CVE-2024-5413 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) - TODO: check + NOT-FOR-US: PhpMyBackupPro CVE-2024-5411 (Missing input validation and OS command integration of the input in th ...) - TODO: check + NOT-FOR-US: ORing IAP-420 web-interface CVE-2024-5410 (Missing input validation in the ORing IAP-420 web-interface allows sto ...) - TODO: check + NOT-FOR-US: ORing IAP-420 web-interface CVE-2024-4429 (Cross-Site Request Forgery vulnerabilityhas been discovered in OpenTex ...) - TODO: check + NOT-FOR-US: OpenText iManager CVE-2024-3969 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...) - TODO: check + NOT-FOR-US: OpenText iManager CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query can po ...) TODO: check CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched automatic ...) @@ -31,11 +31,11 @@ CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU Af CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit function of For ...) TODO: check CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) - TODO: check + NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) - TODO: check + NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) - TODO: check + NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL ...) TODO: check CVE-2024-35510 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6185ad688cf2d794fc5e71c44b3d565884b8f6e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6185ad688cf2d794fc5e71c44b3d565884b8f6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ee1f63f5 by Salvatore Bonaccorso at 2024-05-28T22:21:55+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -103,7 +103,7 @@ CVE-2024-2451 (Improper fingerprint validation in the TeamViewer Client (Full & CVE-2024-2199 (A denial of service vulnerability was found in 389-ds-base ldap server ...) TODO: check CVE-2024-29072 (A privilege escalation vulnerability exists in the Foxit Reader 2024.2 ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2024-28061 (An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of ...) TODO: check CVE-2024-28060 (An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijackin ...) @@ -189,7 +189,7 @@ CVE-2023-43843 (Incorrect access control in the account management function of w CVE-2023-43842 (Incorrect access control in the account management function of web int ...) TODO: check CVE-2023-37411 (IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scri ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-35953 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...) TODO: check CVE-2023-35952 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee1f63f56291cae52eaf9f2880ee00f622981b72 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee1f63f56291cae52eaf9f2880ee00f622981b72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for freerdp2 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c14515c7 by Salvatore Bonaccorso at 2024-05-28T22:17:48+02:00 Add Debian bug reference for freerdp2 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14254,7 +14254,7 @@ CVE-2024-32679 (Missing Authorization vulnerability in Shared Files PRO Shared F NOT-FOR-US: WordPress plugin CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - - freerdp2 + - freerdp2 (bug #1072112) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m @@ -14262,14 +14262,14 @@ CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol. NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/1b2b1c4ac14ac43f4e475488763d8659bd934eb6 (2.0.0-beta1+android10) CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - - freerdp2 + - freerdp2 (bug #1072112) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 (3.5.1) CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - - freerdp2 + - freerdp2 (bug #1072112) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w @@ -14277,7 +14277,7 @@ CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol. NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/c697941de2b7062821e004411ec18ea71e50a30d (1.2.0-beta1+android7) CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...) - freerdp3 3.5.1+dfsg1-1 (bug #1069752) - - freerdp2 + - freerdp2 (bug #1072112) [bookworm] - freerdp2 (Minor issue) [bullseye] - freerdp2 (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c14515c79a9ded2a350487c24a3553875a8b7b9a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c14515c79a9ded2a350487c24a3553875a8b7b9a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-4741
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b4885b05 by Salvatore Bonaccorso at 2024-05-28T22:14:50+02:00 Add Debian bug reference for CVE-2024-4741 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -201,7 +201,7 @@ CVE-2023-35950 (Multiple stack-based buffer overflow vulnerabilities exist in th CVE-2023-35949 (Multiple stack-based buffer overflow vulnerabilities exist in the read ...) TODO: check CVE-2024-4741 [Use After Free with SSL_free_buffers] - - openssl + - openssl (bug #1072113) [bookworm] - openssl (Minor issue, fix along with next update round) [bullseye] - openssl (Minor issue, fix along with next update round) NOTE: https://www.openssl.org/news/secadv/20240528.txt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4885b05afde21045b9f349e24947d618ddef55f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4885b05afde21045b9f349e24947d618ddef55f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3cfed740 by security tracker role at 2024-05-28T20:12:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,205 @@ +CVE-2024-5434 (The Campbell Scientific CSI Web Server stores web authentication crede ...) + TODO: check +CVE-2024-5433 (The Campbell Scientific CSI Web Server supports a command that will re ...) + TODO: check +CVE-2024-5428 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-5415 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) + TODO: check +CVE-2024-5414 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) + TODO: check +CVE-2024-5413 (A vulnerability have been discovered in PhpMyBackupPro affecting versi ...) + TODO: check +CVE-2024-5411 (Missing input validation and OS command integration of the input in th ...) + TODO: check +CVE-2024-5410 (Missing input validation in the ORing IAP-420 web-interface allows sto ...) + TODO: check +CVE-2024-4429 (Cross-Site Request Forgery vulnerabilityhas been discovered in OpenTex ...) + TODO: check +CVE-2024-3969 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...) + TODO: check +CVE-2024-3657 (A flaw was found in 389-ds-base. A specially-crafted LDAP query can po ...) + TODO: check +CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched automatic ...) + TODO: check +CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...) + TODO: check +CVE-2024-36109 (CoCalc is web-based software that enables collaboration in research, t ...) + TODO: check +CVE-2024-36107 (MinIO is a High Performance Object Storage released under GNU Affero G ...) + TODO: check +CVE-2024-35621 (A cross-site scripting (XSS) vulnerability in the Edit function of For ...) + TODO: check +CVE-2024-35583 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) + TODO: check +CVE-2024-35582 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) + TODO: check +CVE-2024-35581 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) + TODO: check +CVE-2024-35563 (CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL ...) + TODO: check +CVE-2024-35510 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...) + TODO: check +CVE-2024-35403 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) + TODO: check +CVE-2024-35401 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a com ...) + TODO: check +CVE-2024-35400 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) + TODO: check +CVE-2024-35399 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) + TODO: check +CVE-2024-35398 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a sta ...) + TODO: check +CVE-2024-35397 (TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a co ...) + TODO: check +CVE-2024-35344 (Certain Anpviz products contain a hardcoded cryptographic key stored i ...) + TODO: check +CVE-2024-35343 (Certain Anpviz products allow unauthenticated users to download arbitr ...) + TODO: check +CVE-2024-35342 (Certain Anpviz products allow unauthenticated users to modify or disab ...) + TODO: check +CVE-2024-35341 (Certain Anpviz products allow unauthenticated users to download the ru ...) + TODO: check +CVE-2024-35324 (Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via ...) + TODO: check +CVE-2024-34854 (F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transc ...) + TODO: check +CVE-2024-34852 (F-logic DataCube3 v1.0 is affected by command injection due to imprope ...) + TODO: check +CVE-2024-33849 (ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-code ...) + TODO: check +CVE-2024-33808 (A SQL injection vulnerability in /model/get_timetable.php in campcodes ...) + TODO: check +CVE-2024-33807 (A SQL injection vulnerability in /model/get_teacher_timetable.php in c ...) + TODO: check +CVE-2024-33806 (A SQL injection vulnerability in /model/get_grade.php in campcodes Com ...) + TODO: check +CVE-2024-33805 (A SQL injection vulnerability in /model/get_student.php in campcodes C ...) + TODO: check +CVE-2024-33804 (A SQL injection vulnerability in /model/get_subject.php in campcodes C ...) + TODO: check +CVE-2024-33803 (A SQL injection vulnerability in /model/get_exam.php in campcodes Comp ...) +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 527e2919 by Salvatore Bonaccorso at 2024-05-28T22:07:23+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -275856,7 +275856,7 @@ CVE-2020-26314 CVE-2020-26313 REJECTED CVE-2020-26312 (Dotmesh is a git-like command-line interface for capturing, organizing ...) - TODO: check + NOT-FOR-US: Dotmesh CVE-2020-26311 RESERVED CVE-2020-26310 @@ -293892,7 +293892,7 @@ CVE-2020-18307 CVE-2020-18306 RESERVED CVE-2020-18305 (Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered t ...) - TODO: check + NOT-FOR-US: Extreme Networks EXOS CVE-2020-18304 RESERVED CVE-2020-18303 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527e29198aa3ad7d9a43c2c29d1772509aa88fef -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/527e29198aa3ad7d9a43c2c29d1772509aa88fef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from rejected Linux CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06aa3a97 by Salvatore Bonaccorso at 2024-05-28T21:13:37+02:00 Remove notes from rejected Linux CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1234,10 +1234,8 @@ CVE-2021-47488 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/04f8ef5643bcd8bcde25dfdebef998aea480b2ba (5.15) -CVE-2021-47487 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux 5.15.3-1 - [bullseye] - linux 5.10.84-1 - NOTE: https://git.kernel.org/linus/5afa7898ab7a0ec9c28556a91df714bf3c2f725e (5.15) +CVE-2021-47487 + REJECTED CVE-2021-47486 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 5.15.3-1 [bullseye] - linux 5.10.84-1 @@ -2467,10 +2465,8 @@ CVE-2023-52736 (In the Linux kernel, the following vulnerability has been resolv CVE-2023-52735 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.1.15-1 NOTE: https://git.kernel.org/linus/5b4a79ba65a1ab479903fff2e604865d229b70a9 (6.2-rc7) -CVE-2023-52734 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.1.15-1 - [bullseye] - linux 5.10.178-1 - NOTE: https://git.kernel.org/linus/de5ca4c3852f896cacac2bf259597aab5e17d9e3 (6.2-rc7) +CVE-2023-52734 + REJECTED CVE-2023-52733 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 @@ -2804,11 +2800,8 @@ CVE-2021-47378 (In the Linux kernel, the following vulnerability has been resolv - linux 5.14.9-1 [bullseye] - linux 5.10.70-1 NOTE: https://git.kernel.org/linus/9817d763dbe15327b9b3ff4404fa6f27f927e744 (5.15-rc2) -CVE-2021-47377 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux 5.14.9-1 - [bullseye] - linux 5.10.70-1 - [buster] - linux 4.19.232-1 - NOTE: https://git.kernel.org/linus/8480ed9c2bbd56fc86524998e5f2e3e22f5038f6 (5.15-rc2) +CVE-2021-47377 + REJECTED CVE-2021-47376 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.14.9-1 [bullseye] - linux 5.10.70-1 @@ -4850,10 +4843,8 @@ CVE-2024-35803 (In the Linux kernel, the following vulnerability has been resolv - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 NOTE: https://git.kernel.org/linus/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02 (6.9-rc1) -CVE-2024-35802 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.85-1 - NOTE: https://git.kernel.org/linus/1c811d403afd73f04bde82b83b24c754011bd0e8 (6.9-rc1) +CVE-2024-35802 + REJECTED CVE-2024-35801 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06aa3a97551c5a275388fe8791dad0768c65ceb6 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06aa3a97551c5a275388fe8791dad0768c65ceb6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove additional space for entry in CVE-2024-26256
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 89d05ed0 by Salvatore Bonaccorso at 2024-05-28T21:01:10+02:00 Remove additional space for entry in CVE-2024-26256 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18711,7 +18711,7 @@ CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26256 (libarchive Remote Code Execution Vulnerability) - libarchive (bug #1072107) - [bullseye] - libarchive (Vulnerable code introduced in 3.6.0) + [bullseye] - libarchive (Vulnerable code introduced in 3.6.0) [buster] - libarchive (Vulnerable code introduced in 3.6.0) NOTE: https://github.com/advisories/GHSA-2jc9-36w4-pmqw NOTE: https://github.com/libarchive/libarchive/pull/2135 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d05ed0fd09d2fe4dffb396d31ddc073b228ceb -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d05ed0fd09d2fe4dffb396d31ddc073b228ceb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-4741: Refer to commits from advisory
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cdaa268e by Salvatore Bonaccorso at 2024-05-28T20:45:27+02:00 CVE-2024-4741: Refer to commits from advisory - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4,8 +4,8 @@ CVE-2024-4741 [Use After Free with SSL_free_buffers] [bullseye] - openssl (Minor issue, fix along with next update round) NOTE: https://www.openssl.org/news/secadv/20240528.txt NOTE: https://github.com/openssl/openssl/commit/c1bd38a003fa19fd0d8ade85e1bbc20d8ae59dab (master) - NOTE: https://github.com/openssl/openssl/commit/d095674320c84b8ed1250715b1dd5ce05f9f267b (openssl-3.2) - NOTE: https://github.com/openssl/openssl/commit/d095674320c84b8ed1250715b1dd5ce05f9f267b (openssl-3.0) + NOTE: https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac (openssl-3.2) + NOTE: https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d (openssl-3.0) CVE-2024-36428 (OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.) NOT-FOR-US: OrangeHRM CVE-2024-36426 (In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdaa268e18b2a86bd57bff28fb5578bccd16 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdaa268e18b2a86bd57bff28fb5578bccd16 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-26256/libarchive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c962d2c8 by Salvatore Bonaccorso at 2024-05-28T20:26:15+02:00 Add Debian bug reference for CVE-2024-26256/libarchive - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18710,7 +18710,7 @@ CVE-2024-26275 (A vulnerability has been identified in Parasolid V35.1 (All vers CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26256 (libarchive Remote Code Execution Vulnerability) - - libarchive + - libarchive (bug #1072107) [bullseye] - libarchive (Vulnerable code introduced in 3.6.0) [buster] - libarchive (Vulnerable code introduced in 3.6.0) NOTE: https://github.com/advisories/GHSA-2jc9-36w4-pmqw View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c962d2c8fbb97a59f68fcab8102d92ba02b5cb2b -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c962d2c8fbb97a59f68fcab8102d92ba02b5cb2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-6349 and CVE-2023-44488
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfddebb7 by Salvatore Bonaccorso at 2024-05-28T14:06:11+02:00 Update information for CVE-2023-6349 and CVE-2023-44488 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77,8 +77,12 @@ CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Comman NOT-FOR-US: Grup Arge Energy and Control Systems Smartpower CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) - libvpx 1.13.1-2 + [bookworm] - libvpx 1.12.0-1+deb12u2 + [bullseye] - libvpx 1.9.0-1+deb11u2 + [buster] - libvpx 1.7.0-3+deb10u2 NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642 NOTE: Fixed by: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) + NOTE: Same upstream commit as CVE-2023-44488 CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) NOTE: Disputed GNOME Shell issue CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) @@ -59551,6 +59555,7 @@ CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a cras NOTE: https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f (main) NOTE: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) NOTE: http://www.openwall.com/lists/oss-security/2023/09/30/4 + NOTE: Same commit as CVE-2023-6349 CVE-2022-4956 (A vulnerability classified as critical has been found in Caphyon Advan ...) NOT-FOR-US: Caphyon Advanced Installer CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfddebb7351411a90392860e8dcf667f15b95d22 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfddebb7351411a90392860e8dcf667f15b95d22 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-26256
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3ebbec8 by Salvatore Bonaccorso at 2024-05-28T13:53:57+02:00 Update status for CVE-2024-26256 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18663,11 +18663,12 @@ CVE-2024-26257 (Microsoft Excel Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2024-26256 (libarchive Remote Code Execution Vulnerability) - libarchive + [bullseye] - libarchive (Vulnerable code introduced in 3.6.0) [buster] - libarchive (Vulnerable code introduced in 3.6.0) NOTE: https://github.com/advisories/GHSA-2jc9-36w4-pmqw NOTE: https://github.com/libarchive/libarchive/pull/2135 - NOTE: https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237 (v3.7.4) - NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/01a2d329dfc71741892e2b590cf9fb25092474a0 (v.3.6.0) + NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/01a2d329dfc71741892e2b590cf9fb25092474a0 (v3.6.0) + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237 (v3.7.4) CVE-2024-26255 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2024-26254 (Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3ebbec843fca5002baa00adef95fd36afacb9e0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3ebbec843fca5002baa00adef95fd36afacb9e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5aeb324b by security tracker role at 2024-05-28T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2024-36428 (OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.) + TODO: check +CVE-2024-36426 (In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session ...) + TODO: check +CVE-2024-32944 (Path traversal vulnerability exists in UTAU versions prior to v0.4.19. ...) + TODO: check +CVE-2024-29078 (Incorrect permission assignment for critical resource issue exists in ...) + TODO: check +CVE-2024-28886 (OS command injection vulnerability exists in UTAU versions prior to v0 ...) + TODO: check +CVE-2024-28880 (Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier a ...) + TODO: check +CVE-2023-52712 (Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The firs ...) + TODO: check +CVE-2023-52711 (Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The firs ...) + TODO: check +CVE-2023-52710 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communicati ...) + TODO: check +CVE-2023-52548 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Co ...) + TODO: check +CVE-2023-52547 (Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption i ...) + TODO: check +CVE-2022-48681 (Some Huawei smart speakers have a memory overflow vulnerability. Succe ...) + TODO: check CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) NOT-FOR-US: RhinOS CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aeb324b056f16341b59a6716864a89c01590979 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aeb324b056f16341b59a6716864a89c01590979 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference commit from github mirror for CVE-2023-6349/libvpx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9cd1ffa by Salvatore Bonaccorso at 2024-05-27T22:53:47+02:00 Reference commit from github mirror for CVE-2023-6349/libvpx - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,7 +49,7 @@ CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) - libvpx 1.13.1-2 NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642 - NOTE: https://chromium.googlesource.com/webm/libvpx/+/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) + NOTE: Fixed by: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) TODO: check CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9cd1ffa9842382959a39721e79e2196b8919b73 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9cd1ffa9842382959a39721e79e2196b8919b73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-6349/libvpx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8751b782 by Salvatore Bonaccorso at 2024-05-27T22:39:55+02:00 Add CVE-2023-6349/libvpx - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,7 +47,9 @@ CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulne CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) - TODO: check + - libvpx 1.13.1-2 + NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642 + NOTE: https://chromium.googlesource.com/webm/libvpx/+/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) TODO: check CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8751b782ff8ca6e23bad23a8bc31e8e84bd41fe0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8751b782ff8ca6e23bad23a8bc31e8e84bd41fe0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e46e56a2 by Salvatore Bonaccorso at 2024-05-27T22:36:45+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code injection thro ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) - TODO: check + NOT-FOR-US: WinNMP CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) - TODO: check + NOT-FOR-US: WinNMP CVE-2024-3381 REJECTED CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6.0.3. ...) @@ -15,19 +15,19 @@ CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6 CVE-2024-36105 (dbt enables data analysts and engineers to transform their data using ...) TODO: check CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-35238 (Minder by Stacklok is an open source software supply chain security pl ...) - TODO: check + NOT-FOR-US: Minder by Stacklok CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js that ve ...) - TODO: check + NOT-FOR-US: MIT IdentiBot CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...) TODO: check CVE-2024-35231 (rack-contrib provides contributed rack middleware and utilities for Ra ...) TODO: check CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...) - TODO: check + NOT-FOR-US: ZKsync Era CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries (SDK gener ...) TODO: check CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the desig ...) @@ -35,7 +35,7 @@ CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the CVE-2024-35181 (Meshery is an open source, cloud native manager that enables the desig ...) TODO: check CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, ...) - TODO: check + NOT-FOR-US: Avocent DSR2030 Appliance firmware CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows l ...) TODO: check CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...) @@ -43,7 +43,7 @@ CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relati CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...) TODO: check CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulnerable ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46e56a25c12b44222a7ee274f4c363ca88b3733 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46e56a25c12b44222a7ee274f4c363ca88b3733 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60065691 by security tracker role at 2024-05-27T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) + TODO: check +CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) + TODO: check +CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code injection thro ...) + TODO: check +CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) + TODO: check +CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) + TODO: check +CVE-2024-3381 + REJECTED +CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6.0.3. ...) + TODO: check +CVE-2024-36105 (dbt enables data analysts and engineers to transform their data using ...) + TODO: check +CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) + TODO: check +CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) + TODO: check +CVE-2024-35238 (Minder by Stacklok is an open source software supply chain security pl ...) + TODO: check +CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js that ve ...) + TODO: check +CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...) + TODO: check +CVE-2024-35231 (rack-contrib provides contributed rack middleware and utilities for Ra ...) + TODO: check +CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...) + TODO: check +CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries (SDK gener ...) + TODO: check +CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the desig ...) + TODO: check +CVE-2024-35181 (Meshery is an open source, cloud native manager that enables the desig ...) + TODO: check +CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, ...) + TODO: check +CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows l ...) + TODO: check +CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...) + TODO: check +CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...) + TODO: check +CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulnerable ...) + TODO: check +CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) + TODO: check +CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) + TODO: check +CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) + TODO: check CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) NOT-FOR-US: ASKEY CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) @@ -1527,6 +1581,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Galler CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...) NOT-FOR-US: WinRAR CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...) + {DLA-3822-1} - python-pymysql (bug #1071628) NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp NOTE: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c (v1.1.1) @@ -17012,7 +17067,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vul CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...) - {DSA-5679-1} + {DSA-5679-1 DLA-3823-1} - less 590-2.1 (bug #1068938) NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5 NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 @@ -20962,7 +21017,8 @@ CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated a TODO: check upstream report status, seems not filled as issue CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) NOT-FOR-US: ermig1979
[Git][security-tracker-team/security-tracker][master] Remove notes from rejected CVEs which were duplicates
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80b3452c by Salvatore Bonaccorso at 2024-05-27T21:34:28+02:00 Remove notes from rejected CVEs which were duplicates - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72808,10 +72808,8 @@ CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorr NOT-FOR-US: Shopware CVE-2023-33567 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-33566 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...) @@ -73168,7 +73166,6 @@ CVE-2023-34012 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pr NOT-FOR-US: WordPress plugin CVE-2023-33565 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEx ...) NOT-FOR-US: WordPress plugin CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80b3452c11a11495ca412bc7b4e8cbeb741d9d07 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80b3452c11a11495ca412bc7b4e8cbeb741d9d07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-33427
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a9fedad by Salvatore Bonaccorso at 2024-05-27T21:32:51+02:00 Remove notes from CVE-2024-33427 Further investigation showed that this was not a security issue for squid. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -230,11 +230,6 @@ CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4 NOT-FOR-US: AVTECH Room Alert CVE-2024-33427 REJECTED - - squid (unimportant) - - squid3 (unimportant) - NOTE: https://github.com/squid-cache/squid/pull/1763 - NOTE: https://github.com/squid-cache/squid/commit/1891ce596237b45e0a675f75c49a5f6a840d - NOTE: OOB read in config file parsing, doesn't cross any reasonable security boundary CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) - liboqs NOTE: https://github.com/liang-junkai/Fault-injection-of-ML-DSA View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9fedad946f8706599700577c5d6876adcaa1ae -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9fedad946f8706599700577c5d6876adcaa1ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-1135/gunicorn via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31dbe789 by Salvatore Bonaccorso at 2024-05-27T20:23:55+02:00 Track fixed version for CVE-2024-1135/gunicorn via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16490,7 +16490,7 @@ CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the h2oai/h CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the grad ...) NOT-FOR-US: Gradio CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...) - - gunicorn (bug #1069126) + - gunicorn 22.0.0-1 (bug #1069126) [bookworm] - gunicorn (Minor issue) [bullseye] - gunicorn (Minor issue) [buster] - gunicorn (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dbe78998411673120f9945931ce15c4ca4acc5 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dbe78998411673120f9945931ce15c4ca4acc5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update version number to 5.9.6-1 for CVE-2022-4967
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d01c980 by Salvatore Bonaccorso at 2024-05-27T17:54:50+02:00 Update version number to 5.9.6-1 for CVE-2022-4967 The change is only contained in 5.9.6-1 and 5.6.4-1 did not carry the patch separately. Bump thus the version to the 5.9.6 based one. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7161,7 +7161,7 @@ CVE-2023-49781 (NocoDB is software for building databases as spreadsheets. Prior CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAP ...) NOT-FOR-US: Nordic Semiconductor nRF Sniffer for Bluetooth CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...) - - strongswan 5.9.4-1 + - strongswan 5.9.6-1 [bullseye] - strongswan (Introduced in 5.9.2) [buster] - strongswan (Introduced in 5.9.2) NOTE: https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d01c9809671926a1e572f0114bea08d303acd6f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d01c9809671926a1e572f0114bea08d303acd6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update references for CVE-2024-2486{2,3}/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27cbdd4c by Salvatore Bonaccorso at 2024-05-27T17:43:17+02:00 Update references for CVE-2024-2486{2,3}/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16985,9 +16985,15 @@ CVE-2024-3651 [potential DoS via resource consumption via specially crafted inpu CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) - linux NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8750 CVE-2024-24862 (In function pci1_spi_probe, there is a potential null pointer that ...) - - linux + - linux 6.8.9-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1f886a7bfb3faf4c1021e73f045538008ce7634e (6.9-rc3) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8748 + NOTE: Duplicate of CVE-2024-35883. CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27cbdd4c2ccee194f310e09f2ed7b5601ac0f717 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27cbdd4c2ccee194f310e09f2ed7b5601ac0f717 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ebb9273 by security tracker role at 2024-05-27T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,87 @@ +CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) + TODO: check +CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) + TODO: check +CVE-2024-5399 (Openfind Mail2000 does not properly filter parameters of specific API. ...) + TODO: check +CVE-2024-5397 (A vulnerability classified as critical was found in itsourcecode Onlin ...) + TODO: check +CVE-2024-5396 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-5395 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5394 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5393 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5392 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5391 (A vulnerability has been found in itsourcecode Online Student Enrollme ...) + TODO: check +CVE-2024-5390 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-5385 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-5384 (A vulnerability classified as critical was found in SourceCodester Fac ...) + TODO: check +CVE-2024-5383 (A vulnerability classified as problematic has been found in lakernote ...) + TODO: check +CVE-2024-5381 (A vulnerability classified as critical was found in itsourcecode Stude ...) + TODO: check +CVE-2024-5380 (A vulnerability classified as problematic has been found in jsy-1 shor ...) + TODO: check +CVE-2024-5379 (A vulnerability was found in JFinalCMS up to 20240111. It has been rat ...) + TODO: check +CVE-2024-5378 (A vulnerability was found in SourceCodester School Intramurals Student ...) + TODO: check +CVE-2024-5377 (A vulnerability was found in SourceCodester Vehicle Management System ...) + TODO: check +CVE-2024-5376 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-5035 (The affected device expose a network service called "rftest" that is v ...) + TODO: check +CVE-2024-4535 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) + TODO: check +CVE-2024-4534 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) + TODO: check +CVE-2024-4533 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not san ...) + TODO: check +CVE-2024-4532 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4531 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4530 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4529 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4286 (Mintplex-Labs' anything-llm application is vulnerable to improper neut ...) + TODO: check +CVE-2024-3939 (The Ditty WordPress plugin before 3.1.36 does not sanitise and escape ...) + TODO: check +CVE-2024-3933 (In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, w ...) + TODO: check +CVE-2024-36384 (Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is rel ...) + TODO: check +CVE-2024-36056 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-36055 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-36054 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-35297 (Cross-site scripting vulnerability exists in WP Booking versions prior ...) + TODO: check +CVE-2024-35291 (Cross-site scripting vulnerability exists in Splunk Config Explorer ve ...) + TODO: check +CVE-2024-34454 (Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SS ...) + TODO: check +CVE-2024-30658 + REJECTED +CVE-2024-30657 + REJECTED +CVE-2024-27314 (Zoho ManageEngineServiceDesk Plus versions below14730,ServiceDesk Plus ...) + TODO: check +CVE-2024-26289 (Deserialization of Untrusted Data vulnerability in PMB Services PMB al ...) + TODO: check CVE-2024-5375 (A vulnerability has been found in
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d3184040 by Salvatore Bonaccorso at 2024-05-27T10:09:25+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,11 +29,11 @@ CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCo CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5358 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 and ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5272 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) - mattermost-server (bug #823556) CVE-2024-5270 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and ...) @@ -91,7 +91,7 @@ CVE-2024-4858 (The Testimonial Carousel For Elementor plugin for WordPress is vu CVE-2024-4045 (The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, ...) NOT-FOR-US: WordPress plugin CVE-2024-36079 (An issue was discovered in Vaultize 21.07.27. When uploading files, th ...) - TODO: check + NOT-FOR-US: Vaultize CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sq ...) NOT-FOR-US: Mocodo Mocodo Online CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Exec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3184040736d09d03f3fbee22ce6e74096497343 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3184040736d09d03f3fbee22ce6e74096497343 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae7b7e68 by Salvatore Bonaccorso at 2024-05-27T08:49:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-5375 (A vulnerability has been found in Kashipara College Management System ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5374 (A vulnerability, which was classified as problematic, was found in Kas ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5373 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5372 (A vulnerability classified as problematic was found in Kashipara Colle ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5371 (A vulnerability classified as problematic has been found in Kashipara ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5370 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5369 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5368 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5367 (A vulnerability was found in Kashipara College Management System 1.0 a ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5366 (A vulnerability has been found in SourceCodester Best House Rental Man ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5365 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5364 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5363 (A vulnerability classified as critical was found in SourceCodester Bes ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Hospital Management System CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) TODO: check CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae7b7e687b6251981c280dc7b8dcfa2e32759020 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae7b7e687b6251981c280dc7b8dcfa2e32759020 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some CVEs for mattermost-server, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 459bd79c by Salvatore Bonaccorso at 2024-05-27T07:40:47+02:00 Process some CVEs for mattermost-server, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,23 +35,23 @@ CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 CVE-2024-5358 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 and ...) TODO: check CVE-2024-5272 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-5270 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-36255 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-36241 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-34152 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-34029 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-32045 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-31859 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-29215 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8. ...) - TODO: check + - mattermost-server (bug #823556) CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/459bd79c1a74939df70bd0822558edfa7c54984c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/459bd79c1a74939df70bd0822558edfa7c54984c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 307c33fb by security tracker role at 2024-05-26T20:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-5375 (A vulnerability has been found in Kashipara College Management System ...) + TODO: check +CVE-2024-5374 (A vulnerability, which was classified as problematic, was found in Kas ...) + TODO: check +CVE-2024-5373 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-5372 (A vulnerability classified as problematic was found in Kashipara Colle ...) + TODO: check +CVE-2024-5371 (A vulnerability classified as problematic has been found in Kashipara ...) + TODO: check +CVE-2024-5370 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5369 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5368 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-5367 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-5366 (A vulnerability has been found in SourceCodester Best House Rental Man ...) + TODO: check +CVE-2024-5365 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-5364 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-5363 (A vulnerability classified as critical was found in SourceCodester Bes ...) + TODO: check +CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) + TODO: check +CVE-2024-5358 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 and ...) + TODO: check +CVE-2024-5272 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) + TODO: check +CVE-2024-5270 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and ...) + TODO: check +CVE-2024-36255 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-36241 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-34152 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-34029 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-32045 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) + TODO: check +CVE-2024-31859 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 ...) + TODO: check +CVE-2024-29215 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1, 8. ...) + TODO: check CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307c33fbacebd310f4b02a4c3f1c1a4693485a76 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307c33fbacebd310f4b02a4c3f1c1a4693485a76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for QAbstractOAuth issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b4c16cb by Salvatore Bonaccorso at 2024-05-26T21:11:25+02:00 Add Debian bug reference for QAbstractOAuth issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4193,10 +4193,10 @@ CVE-2024-36050 (Nix through 2.22.1 mishandles certain usage of hash caches, whic NOTE: https://github.com/NixOS/ofborg/issues/68#issuecomment-2082789441 TODO: check details and verify if same code (and only then) is present in guix CVE-2024-36048 (QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x b ...) - - qtnetworkauth-everywhere-src + - qtnetworkauth-everywhere-src (bug #1071974) [bookworm] - qtnetworkauth-everywhere-src (Minor issue) [bullseye] - qtnetworkauth-everywhere-src (Minor issue) - - qt6-networkauth + - qt6-networkauth (bug #1071973) [bookworm] - qt6-networkauth (Minor issue) NOTE: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 NOTE: https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560368 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b4c16cb0175832aa6842c6d6bf39486478a7e1e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b4c16cb0175832aa6842c6d6bf39486478a7e1e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-4603/openssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51c8e3bf by Salvatore Bonaccorso at 2024-05-26T21:05:47+02:00 Add Debian bug reference for CVE-2024-4603/openssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7423,7 +7423,7 @@ CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes Ultim CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote Code Execu ...) NOT-FOR-US: WordPress plugin CVE-2024-4603 (Issue summary: Checking excessively long DSA keys or parameters may be ...) - - openssl + - openssl (bug #1071972) [bookworm] - openssl (Minor issue, fix along with next update round) [bullseye] - openssl (Vulnerable code not present) [buster] - openssl (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c8e3bf52d1b38570a43f7f6ce8f737f03fc192 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51c8e3bf52d1b38570a43f7f6ce8f737f03fc192 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-3708/lighttpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 17b2ea62 by Salvatore Bonaccorso at 2024-05-26T20:58:12+02:00 Update status for CVE-2024-3708/lighttpd The CNA will publish details only on July 9th, 2024 but the pre-announce in [1] declares it to be an issue fixed in 2018 siently by the maintainer in 1.4.51 upstream. The first version in unstable containing the fix was 1.4.52-1, so mark it as the fixed version. [1] https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -732,8 +732,8 @@ CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise an CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) NOT-FOR-US: WordPress plugin CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) - - lighttpd - TODO: check, maybe fixed in 1.4.51, details will be only pubished on July 9th, 2024 + - lighttpd 1.4.52-1 + TODO: check details (will be only pubished on July 9th, 2024), but said to be an issue fixed by maintainer in 2018 in version 1.4.51 CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b2ea62b125b0fedfb07428bddf308cdff31160 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17b2ea62b125b0fedfb07428bddf308cdff31160 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-29895/cacti
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b37447a9 by Salvatore Bonaccorso at 2024-05-26T20:45:55+02:00 Update status for CVE-2024-29895/cacti - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6971,11 +6971,10 @@ CVE-2024-30258 (FastDDS is a C++ implementation of the DDS (Data Distribution Se NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh NOTE: https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b CVE-2024-29895 (Cacti provides an operational monitoring and fault management framewor ...) - - cacti + - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m NOTE: Fixed by: https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d NOTE: But fix reverted again: https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc - TODO: check, might affect only 1.3.x CVE-2024-29894 (Cacti provides an operational monitoring and fault management framewor ...) - cacti 1.2.27+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37447a9e09cd04673b0cb08aedc50d9f55f5fae -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b37447a9e09cd04673b0cb08aedc50d9f55f5fae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 411767f9 by Salvatore Bonaccorso at 2024-05-26T13:31:23+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5355 (A vulnerability, which was classified as critical, has been found in a ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5354 (A vulnerability classified as problematic was found in anji-plus AJ-Re ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5353 (A vulnerability classified as critical has been found in anji-plus AJ- ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5352 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5351 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5350 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) - TODO: check + NOT-FOR-US: anji-plus AJ-Report CVE-2024-5340 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/411767f9e83873d0a41bfec6bc46d28bbd73242a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/411767f9e83873d0a41bfec6bc46d28bbd73242a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5465e8ce by security tracker role at 2024-05-26T08:12:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-5357 (A vulnerability has been found in PHPGurukul Zoo Management System 2.1 ...) + TODO: check +CVE-2024-5356 (A vulnerability, which was classified as critical, was found in anji-p ...) + TODO: check +CVE-2024-5355 (A vulnerability, which was classified as critical, has been found in a ...) + TODO: check +CVE-2024-5354 (A vulnerability classified as problematic was found in anji-plus AJ-Re ...) + TODO: check +CVE-2024-5353 (A vulnerability classified as critical has been found in anji-plus AJ- ...) + TODO: check +CVE-2024-5352 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) + TODO: check +CVE-2024-5351 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) + TODO: check +CVE-2024-5350 (A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has b ...) + TODO: check +CVE-2024-5340 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) + TODO: check CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) @@ -6130,7 +6148,7 @@ CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password Protect CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of social tech ...) NOT-FOR-US: WordPress plugin CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in affected Lib ...) - {DSA-5690-1} + {DSA-5690-1 DLA-3821-1} - libreoffice 4:24.2.3~rc1-2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/ NOTE: https://git.libreoffice.org/core/+/8b2402b16df185119c91222b33ff1b8d55e0afe4%5E%21 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5465e8ce11c9b15e2c655d37ae6870ed79e9fb8a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5465e8ce11c9b15e2c655d37ae6870ed79e9fb8a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for linux update via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 10a958cd by Salvatore Bonaccorso at 2024-05-26T09:06:08+02:00 Track fixed version for linux update via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -752,15 +752,15 @@ CVE-2023-46807 (An SQL Injection vulnerability in web component of EPMM before 1 CVE-2023-46806 (An SQL Injection vulnerability in a web component of EPMM versions bef ...) NOT-FOR-US: Ivanti CVE-2024-36013 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9) CVE-2024-36012 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9) CVE-2024-36011 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 [bookworm] - linux (Vulnerable code not present) [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) @@ -3669,7 +3669,7 @@ CVE-2024-35950 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/3eadd887dbac1df8f25f701e5d404d1b90fd0fea (6.9-rc4) CVE-2024-35949 (In the Linux kernel, the following vulnerability has been resolved: b ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/e03418abde871314e1a3a550f4c8afb7b89cb273 (6.9) CVE-2024-35948 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux @@ -3739,7 +3739,7 @@ CVE-2024-36070 (tine before 2023.11.8, when an LDAP backend is used, allows anon CVE-2024-36053 (In the mintupload package through 4.2.0 for Linux Mint, service-name m ...) NOT-FOR-US: mintupload CVE-2024-35947 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c (6.9-rc7) CVE-2024-35946 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.8.9-1 @@ -5499,7 +5499,7 @@ CVE-2023-27504 (Improper conditions check in some Intel(R) BIOS Guard firmware m CVE-2023-22662 (Improper input validation of EpsdSrMgmtConfig in UEFI firmware for som ...) NOT-FOR-US: Intel CVE-2024-21823 (Hardware logic with insecure de-synchronization in Intel(R) DSA and In ...) - - linux + - linux 6.8.11-1 [buster] - linux (Vulnerable code not present) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html CVE-2023-47855 (Improper input validation in some Intel(R) TDX module software before ...) @@ -6999,18 +6999,18 @@ CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/Sni CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...) TODO: check CVE-2024-27401 (In the Linux kernel, the following vulnerability has been resolved: f ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/38762a0763c10c24a4915feee722d7aa6e73eb98 (6.9-rc7) CVE-2024-27400 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux + - linux 6.8.11-1 [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7) CVE-2024-27399 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/adf0398cee86643b8eacde95f17d073d022f782c (6.9) CVE-2024-27398 (In the Linux kernel, the following vulnerability has been resolved: B ...) - - linux + - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) CVE-2023-52656 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.7.12-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a958cdb9d222388bd2682639df16f27ac4dfec -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10a958cdb9d222388bd2682639df16f27ac4dfec You're receiving this email because of your account on
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-33427/squid
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0befe408 by Salvatore Bonaccorso at 2024-05-26T07:51:57+02:00 Add CVE-2024-33427/squid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -73,7 +73,10 @@ CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 a CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...) NOT-FOR-US: AVTECH Room Alert CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...) - TODO: check + - squid + - squid3 + NOTE: https://github.com/squid-cache/squid/pull/1763 + NOTE: https://github.com/squid-cache/squid/commit/1891ce596237b45e0a675f75c49a5f6a840d CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) TODO: check CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0befe408dbcd83114efd2ca35546b87d7759ae41 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0befe408dbcd83114efd2ca35546b87d7759ae41 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0857c4db by Salvatore Bonaccorso at 2024-05-26T07:49:30+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-5337 (A vulnerability was found in Ruijie RG-UAC up to 20240516 and classifi ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-5336 (A vulnerability has been found in Ruijie RG-UAC up to 20240516 and cla ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-30056 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) TODO: check CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0857c4dbd1226fd9d2551f57ba84518ebddeb51c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0857c4dbd1226fd9d2551f57ba84518ebddeb51c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 887ef5c3 by security tracker role at 2024-05-25T20:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-5339 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) + TODO: check +CVE-2024-5338 (A vulnerability was found in Ruijie RG-UAC up to 20240516. It has been ...) + TODO: check +CVE-2024-5337 (A vulnerability was found in Ruijie RG-UAC up to 20240516 and classifi ...) + TODO: check +CVE-2024-5336 (A vulnerability has been found in Ruijie RG-UAC up to 20240516 and cla ...) + TODO: check +CVE-2024-30056 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + TODO: check CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...) @@ -90853,6 +90863,7 @@ CVE-2023-27351 (This vulnerability allows remote attackers to bypass authenticat CVE-2023-27350 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: PaperCut CVE-2023-27349 (BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Co ...) + {DLA-3820-1} - bluez 5.68-1 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-386/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f54299a850676d92c3dafd83e9174fcfe420ccc9 (5.67) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/887ef5c334c9ca7ccc7e0e2d24133cd8ec7c1ba8 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/887ef5c334c9ca7ccc7e0e2d24133cd8ec7c1ba8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-25581/dnsdist
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4242cbf1 by Salvatore Bonaccorso at 2024-05-25T21:24:00+02:00 Track fixed version for CVE-2024-25581/dnsdist - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7010,7 +7010,7 @@ CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3) CVE-2024-25581 (When incoming DNS over HTTPS support is enabled using the nghttp2 prov ...) - - dnsdist (bug #1071750) + - dnsdist 1.9.4-1 (bug #1071750) [bookworm] - dnsdist (Vulnerable code not present) [bullseye] - dnsdist (Vulnerable code not present) [buster] - dnsdist (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4242cbf1b289ca347bf43f20634ca52d441ac3d0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4242cbf1b289ca347bf43f20634ca52d441ac3d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track sendmail for proposed update via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 743091ab by Salvatore Bonaccorso at 2024-05-25T21:03:01+02:00 Track sendmail for proposed update via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -182,3 +182,5 @@ CVE-2024-26328 [bookworm] - qemu 1:7.2+dfsg-7+deb12u6 CVE-2023-4237 [bookworm] - ansible 7.7.0+dfsg-3+deb12u1 +CVE-2023-51765 + [bookworm] - sendmail 8.17.1.9-2+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743091ab65ee36822750f292100eb54d87ba1b34 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743091ab65ee36822750f292100eb54d87ba1b34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for ansible via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52f13b23 by Salvatore Bonaccorso at 2024-05-25T20:52:45+02:00 Track proposed update for ansible via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -180,3 +180,5 @@ CVE-2024-26327 [bookworm] - qemu 1:7.2+dfsg-7+deb12u6 CVE-2024-26328 [bookworm] - qemu 1:7.2+dfsg-7+deb12u6 +CVE-2023-4237 + [bookworm] - ansible 7.7.0+dfsg-3+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f13b23fac813a6e147b05e36a16145bda582db -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f13b23fac813a6e147b05e36a16145bda582db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Revert "Remove notes from CVE-2023-52656"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 733067fc by Salvatore Bonaccorso at 2024-05-25T20:39:01+02:00 Revert Remove notes from CVE-2023-52656 This reverts commit abb9601745fbbae5fb06e1c2ff9c79d8851e5b4c. CVE was restored again by the Linux Kernel CNA. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6999,8 +6999,11 @@ CVE-2024-27399 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-27398 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) -CVE-2023-52656 - REJECTED +CVE-2023-52656 (In the Linux kernel, the following vulnerability has been resolved: i ...) + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + [bullseye] - linux 5.10.216-1 + NOTE: https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1) CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/733067fc5c8c55bcecf6cf04960895444cad70f1 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/733067fc5c8c55bcecf6cf04960895444cad70f1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-31208/matrix-synapse via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 936939f8 by Salvatore Bonaccorso at 2024-05-25T16:45:24+02:00 Track fixed version for CVE-2024-31208/matrix-synapse via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13796,7 +13796,7 @@ CVE-2024-32258 (The network server of fceux 2.7.0 has a path traversal vulnerabi CVE-2024-31804 (An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.2 ...) NOT-FOR-US: Terratec CVE-2024-31208 (Synapse is an open-source Matrix homeserver. A remote Matrix user with ...) - - matrix-synapse (bug #1069763) + - matrix-synapse 1.103.0-2 (bug #1069763) NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v NOTE: https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a (v1.105.1) CVE-2024-30800 (PX4 Autopilot v.1.14 allows an attacker to fly the drone into no-fly z ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/936939f8e86d0d76f6773de892a976b9ab648b68 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/936939f8e86d0d76f6773de892a976b9ab648b68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add some notes for frr and git
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 97886111 by Salvatore Bonaccorso at 2024-05-25T16:21:18+02:00 Add some notes for frr and git - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -19,9 +19,11 @@ dnsdist (jmm) dnsmasq -- frr - Tobias Frost (tobi) proposed to work on preparing an update + Tobias Frost (tobi) proposed to work on preparing an update, but discussion + with Debian maintainer for status on bullseye + updates -- git + Maintainer is queried to prepare an update -- gpac/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/978861114bc80d7d0b5af7e171769aabedff7388 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/978861114bc80d7d0b5af7e171769aabedff7388 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Deassociate CVE-2024-24795 from fossil
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb3757d3 by Salvatore Bonaccorso at 2024-05-25T16:15:03+02:00 Deassociate CVE-2024-24795 from fossil CVE-2024-24795 is for apache2. - - - - - a63a6d31 by Salvatore Bonaccorso at 2024-05-25T16:19:20+02:00 Several Linux CVEs rejected - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: = data/CVE/list = @@ -2385,9 +2385,8 @@ CVE-2021-47413 (In the Linux kernel, the following vulnerability has been resolv CVE-2021-47412 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 5.14.12-1 NOTE: https://git.kernel.org/linus/a647a524a46736786c95cdb553a070322ca096e3 (5.15-rc3) -CVE-2021-47411 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 5.14.12-1 - NOTE: https://git.kernel.org/linus/8bab4c09f24ec8d4a7a78ab343620f89d3a24804 (5.15-rc3) +CVE-2021-47411 + REJECTED CVE-2021-47410 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.14.12-1 NOTE: https://git.kernel.org/linus/197ae17722e989942b36e33e044787877f158574 (5.15-rc3) @@ -3819,10 +3818,8 @@ CVE-2024-35925 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-35924 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.8.9-1 NOTE: https://git.kernel.org/linus/b3db266fb031fba88c423d4bb8983a73a3db6527 (6.9-rc1) -CVE-2024-35923 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 6.8.9-1 - [bookworm] - linux 6.1.90-1 - NOTE: https://git.kernel.org/linus/e21e1c45e1fe2e31732f40256b49c04e76a17cee (6.9-rc1) +CVE-2024-35923 + REJECTED CVE-2024-35922 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.8.9-1 [bookworm] - linux 6.1.90-1 @@ -4492,12 +4489,8 @@ CVE-2024-35821 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/723012cab779eee8228376754e22c6594229bf8f (6.9-rc1) -CVE-2024-35820 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 6.7.12-1 - [bookworm] - linux (Vulnerable code not present) - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) - NOTE: https://git.kernel.org/linus/1a8ec63b2b6c91caec87d4e132b1f71b5df342be (6.9-rc1) +CVE-2024-35820 + REJECTED CVE-2024-35819 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.12-1 [bookworm] - linux 6.1.85-1 @@ -4847,58 +4840,28 @@ CVE-2024-27431 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.216-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2487007aa3b9fafbd2cb14068f49791ce1d7ede5 (6.8) -CVE-2024-27430 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/958d6145a6d9ba9e075c921aead8753fb91c9101 (6.8) +CVE-2024-27430 + REJECTED CVE-2024-27429 REJECTED -CVE-2024-27428 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/119cae5ea3f9e35cdada8e572cc067f072fa825a (6.8) -CVE-2024-27427 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/60a7a152abd494ed4f69098cf0f322e6bb140612 (6.8) -CVE-2024-27426 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/e799299aafed417cc1f32adccb2a0e5268b3f6d5 (6.8) -CVE-2024-27425 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/806f462ba9029d41aadf8ec93f2f99c5305deada (6.8) -CVE-2024-27424 (In the Linux kernel, the following vulnerability has been resolved: n ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.82-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/43547d8699439a67b78d6bb39015113f7aa360fd (6.8) -CVE-2024-27423 (In the Linux kernel, the
[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2024-4453
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94659a5e by Salvatore Bonaccorso at 2024-05-25T13:23:36+02:00 Add reference for CVE-2024-4453 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -790,6 +790,7 @@ CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Priv CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) - gst-plugins-base1.0 1.24.3-1 - gst-plugins-base0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2024-0002.html NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483 NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 NOTE: Backport: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6768 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94659a5e05fcdb35d7d1a489143f73d80289472e -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94659a5e05fcdb35d7d1a489143f73d80289472e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc349f36 by Salvatore Bonaccorso at 2024-05-25T13:19:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5218 (The Reviews and Rating \u2013 Google Reviews plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4858 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4045 (The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36079 (An issue was discovered in Vaultize 21.07.27. When uploading files, th ...) TODO: check CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sq ...) - TODO: check + NOT-FOR-US: Mocodo Mocodo Online CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Exec ...) - TODO: check + NOT-FOR-US: Mocodo Mocodo Online CVE-2024-35232 (github.com/huandu/facebook is a Go package that fully supports the Fac ...) TODO: check CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc349f36758c15aa52bacaa92002aa16332dc801 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc349f36758c15aa52bacaa92002aa16332dc801 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54a17456 by security tracker role at 2024-05-25T08:11:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,21 @@ +CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-5218 (The Reviews and Rating \u2013 Google Reviews plugin for WordPress is v ...) + TODO: check +CVE-2024-4858 (The Testimonial Carousel For Elementor plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-4045 (The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, ...) + TODO: check +CVE-2024-36079 (An issue was discovered in Vaultize 21.07.27. When uploading files, th ...) + TODO: check +CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sq ...) + TODO: check +CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Exec ...) + TODO: check +CVE-2024-35232 (github.com/huandu/facebook is a Go package that fully supports the Fac ...) + TODO: check CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab (Vulnerable code introduced later) CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) @@ -19901,7 +19919,7 @@ CVE-2024-26745 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/09a3c1e46142199adcee372a420b024b4fc61051 (6.8-rc7) CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Server allo ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.59-1 (bug #1068412) - uwsgi (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/5 @@ -19913,13 +19931,13 @@ CVE-2024-24795 (HTTP Response splitting in multiple modules in Apache HTTP Serve NOTE: packages which are provided by src:apache2 itself. NOTE: https://github.com/unbit/uwsgi/issues/2635 CVE-2023-38709 (Faulty input validation in the core of Apache allows malicious or expl ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-38709 NOTE: https://github.com/apache/httpd/commit/ac20389f3c816d990aba21720f1492b69ac5cb44 CVE-2024-27316 (HTTP/2 incoming headers exceeding the limit are temporarily buffered i ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.59-1 (bug #1068412) NOTE: https://www.kb.cert.org/vuls/id/421644 NOTE: https://www.openwall.com/lists/oss-security/2024/04/04/4 @@ -55873,7 +55891,7 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802 @@ -78703,7 +78721,7 @@ CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template En CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) NOT-FOR-US: Alf.io CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...) - {DSA-5662-1} + {DSA-5662-1 DLA-3818-1} - apache2 2.4.58-1 NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 @@ -347017,6 +347035,7 @@ CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.4 CVE-2019-17568 REJECTED CVE-2019-17567 (Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configu ...) + {DLA-3818-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.48-2 [stretch] - apache2 (Intrusive and risky backport) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54a1745646757b78eb1007dd43941003ea258867 -- This project does not include diff previews in email notifications. View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52656
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: abb96017 by Salvatore Bonaccorso at 2024-05-25T09:44:37+02:00 Remove notes from CVE-2023-52656 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7017,11 +7017,8 @@ CVE-2024-27399 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-27398 (In the Linux kernel, the following vulnerability has been resolved: B ...) - linux NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) -CVE-2023-52656 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 6.7.12-1 - [bookworm] - linux 6.1.85-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1) +CVE-2023-52656 + REJECTED CVE-2023-52655 (In the Linux kernel, the following vulnerability has been resolved: u ...) - linux 6.6.8-1 [bookworm] - linux 6.1.69-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb9601745fbbae5fb06e1c2ff9c79d8851e5b4c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb9601745fbbae5fb06e1c2ff9c79d8851e5b4c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5515d4d by Salvatore Bonaccorso at 2024-05-25T08:53:53+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,45 +5,45 @@ CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 a CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) - dolibarr CVE-2024-5312 (PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /ph ...) - TODO: check + NOT-FOR-US: PHP Server Monitor CVE-2024-5310 (A vulnerability classified as problematic has been found in JFinalCMS ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2024-4455 (The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4037 (The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36049 (Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials ...) - TODO: check + NOT-FOR-US: Aptos Wisal payroll accounting CVE-2024-35618 (PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereferen ...) - TODO: check + NOT-FOR-US: PingCAP TiDB CVE-2024-35595 (An arbitrary file upload vulnerability in the File Preview function of ...) - TODO: check + NOT-FOR-US: Xintongda OA CVE-2024-35593 (An arbitrary file upload vulnerability in the File preview function of ...) - TODO: check + NOT-FOR-US: Raingad IM CVE-2024-35592 (An arbitrary file upload vulnerability in the Upload function of Box-I ...) - TODO: check + NOT-FOR-US: Box-IM CVE-2024-35591 (An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers ...) - TODO: check + NOT-FOR-US: O2OA CVE-2024-35396 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35395 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35388 (TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a st ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35387 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35340 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-35339 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-34995 (svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion v ...) - TODO: check + NOT-FOR-US: svnWebUI CVE-2024-33809 (PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulner ...) - TODO: check + NOT-FOR-US: PingCAP TiDB CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows ...) - TODO: check + NOT-FOR-US: AVTECH Room Alert CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...) - TODO: check + NOT-FOR-US: AVTECH Room Alert CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...) TODO: check CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) @@ -51,13 +51,13 @@ CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote atta CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) TODO: check CVE-2023-49575 (A vulnerability has been discovered in VX Search Enterprise affecting ...) - TODO: check + NOT-FOR-US: VX Search Enterprise CVE-2023-49574 (A vulnerability has been discovered in VX Search Enterprise affecting ...) - TODO: check + NOT-FOR-US: VX Search Enterprise CVE-2023-49573 (A vulnerability has been discovered in VX Search Enterprise affecting ...) - TODO: check + NOT-FOR-US: VX Search Enterprise CVE-2023-49572 (A vulnerability has been discovered in VX Search Enterprise affecting ...) - TODO: check + NOT-FOR-US: VX Search Enterprise CVE-2023-47710 (IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2023-46442 (An infinite loop in the retrieveActiveBody function of Soot before v4. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5515d4d1e24a730967061403378de2b411bd97a -- This project does not include diff previews in email notifications. View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Add two new issues in dolibarr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b3aea02d by Salvatore Bonaccorso at 2024-05-25T08:50:36+02:00 Add two new issues in dolibarr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab (Vulnerable code introduced later) CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) - TODO: check + - dolibarr CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) - TODO: check + - dolibarr CVE-2024-5312 (PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /ph ...) TODO: check CVE-2024-5310 (A vulnerability classified as problematic has been found in JFinalCMS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3aea02d134fd7ee5a0fa8a128f81e6f76defc18 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3aea02d134fd7ee5a0fa8a128f81e6f76defc18 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-5318/gitlab
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47bf90c0 by Salvatore Bonaccorso at 2024-05-25T08:49:08+02:00 Add CVE-2024-5318/gitlab - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - TODO: check + - gitlab (Vulnerable code introduced later) CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) TODO: check CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47bf90c09e0754f1b4c9397f6af849a14c99e724 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47bf90c09e0754f1b4c9397f6af849a14c99e724 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a5dde93 by Salvatore Bonaccorso at 2024-05-25T07:23:57+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,7 +59,7 @@ CVE-2023-49573 (A vulnerability has been discovered in VX Search Enterprise affe CVE-2023-49572 (A vulnerability has been discovered in VX Search Enterprise affecting ...) TODO: check CVE-2023-47710 (IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-46442 (An infinite loop in the retrieveActiveBody function of Soot before v4. ...) TODO: check CVE-2023-52880 (In the Linux kernel, the following vulnerability has been resolved: t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a5dde93bae0364d58effb26556a3cd5af94c7e4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a5dde93bae0364d58effb26556a3cd5af94c7e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a200b01 by security tracker role at 2024-05-24T20:12:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,359 +1,423 @@ -CVE-2023-52880 [tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc] +CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) + TODO: check +CVE-2024-5314 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) + TODO: check +CVE-2024-5312 (PHP Server Monitor, version 3.2.0, is vulnerable to an XSS via the /ph ...) + TODO: check +CVE-2024-5310 (A vulnerability classified as problematic has been found in JFinalCMS ...) + TODO: check +CVE-2024-4455 (The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4037 (The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrar ...) + TODO: check +CVE-2024-36049 (Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials ...) + TODO: check +CVE-2024-35618 (PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereferen ...) + TODO: check +CVE-2024-35595 (An arbitrary file upload vulnerability in the File Preview function of ...) + TODO: check +CVE-2024-35593 (An arbitrary file upload vulnerability in the File preview function of ...) + TODO: check +CVE-2024-35592 (An arbitrary file upload vulnerability in the Upload function of Box-I ...) + TODO: check +CVE-2024-35591 (An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers ...) + TODO: check +CVE-2024-35396 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) + TODO: check +CVE-2024-35395 (TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a har ...) + TODO: check +CVE-2024-35388 (TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a st ...) + TODO: check +CVE-2024-35387 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) + TODO: check +CVE-2024-35340 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) + TODO: check +CVE-2024-35339 (Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command inject ...) + TODO: check +CVE-2024-34995 (svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion v ...) + TODO: check +CVE-2024-33809 (PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulner ...) + TODO: check +CVE-2024-33471 (An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows ...) + TODO: check +CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 all ...) + TODO: check +CVE-2024-33427 (Buffer Overflow vulnerability in Squid version before v.6.10 allows a ...) + TODO: check +CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) + TODO: check +CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) + TODO: check +CVE-2023-49575 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49574 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49573 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-49572 (A vulnerability has been discovered in VX Search Enterprise affecting ...) + TODO: check +CVE-2023-47710 (IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site ...) + TODO: check +CVE-2023-46442 (An infinite loop in the retrieveActiveBody function of Soot before v4. ...) + TODO: check +CVE-2023-52880 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.6.8-1 [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/67c37756898a5a6b2941a13ae7260c89b54e0d88 (6.6-rc1) -CVE-2021-47572 [net: nexthop: fix null pointer dereference when IPv6 is not enabled] +CVE-2021-47572 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 5.15.15-1 [bullseye] - linux 5.10.84-1 [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1c743127cc54b112b155f434756bd4b5fa565a99 (5.16-rc3) -CVE-2021-47571 [staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()] +CVE-2021-47571 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.15-1 [bullseye] - linux 5.10.84-1
[Git][security-tracker-team/security-tracker][master] Drop notes from rejected Linux CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1295d62d by Salvatore Bonaccorso at 2024-05-24T17:47:21+02:00 Drop notes from rejected Linux CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1668,25 +1668,19 @@ CVE-2023-52825 (In the Linux kernel, the following vulnerability has been resolv - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/709c348261618da7ed89d6c303e2ceb9e453ba74 (6.7-rc1) -CVE-2023-52824 (In the Linux kernel, the following vulnerability has been resolved: k ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/ca0776571d3163bd03b3e8c9e3da936abfaecbf6 (6.7-rc1) +CVE-2023-52824 + REJECTED CVE-2023-52823 REJECTED -CVE-2023-52822 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/06ab64a0d836ac430c5f94669710a78aa43942cb (6.7-rc1) +CVE-2023-52822 + REJECTED CVE-2023-52821 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 [bullseye] - linux 5.10.205-1 NOTE: https://git.kernel.org/linus/924e5814d1f84e6fa5cb19c6eceb69f066225229 (6.7-rc1) -CVE-2023-52820 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/f37d63e219c39199a59b8b8a211412ff27192830 (6.7-rc1) +CVE-2023-52820 + REJECTED CVE-2023-52819 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 @@ -2017,10 +2011,8 @@ CVE-2023-52759 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux 5.10.205-1 [buster] - linux 4.19.304-1 NOTE: https://git.kernel.org/linus/4c6a08125f2249531ec01783a5f4317d7342add5 (6.7-rc1) -CVE-2023-52758 (In the Linux kernel, the following vulnerability has been resolved: i ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d (6.7-rc1) +CVE-2023-52758 + REJECTED CVE-2023-52757 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1295d62d4515dd21aa67e8ed9c5535bafb732cb2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1295d62d4515dd21aa67e8ed9c5535bafb732cb2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-52880/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c4f0f24f by Salvatore Bonaccorso at 2024-05-24T17:45:24+02:00 Add CVE-2023-52880/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2023-52880 [tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc] + - linux 6.6.8-1 + [bookworm] - linux 6.1.85-1 + [bullseye] - linux 5.10.216-1 + NOTE: https://git.kernel.org/linus/67c37756898a5a6b2941a13ae7260c89b54e0d88 (6.6-rc1) CVE-2021-47572 [net: nexthop: fix null pointer dereference when IPv6 is not enabled] - linux 5.15.15-1 [bullseye] - linux 5.10.84-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f0f24f3c093ed5648103fb75fa43b1ba68475d -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f0f24f3c093ed5648103fb75fa43b1ba68475d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c8b2075c by Salvatore Bonaccorso at 2024-05-24T17:33:15+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,358 @@ +CVE-2021-47572 [net: nexthop: fix null pointer dereference when IPv6 is not enabled] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1c743127cc54b112b155f434756bd4b5fa565a99 (5.16-rc3) +CVE-2021-47571 [staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/b535917c51acc97fb0761b1edec85f1f3d02bda4 (5.16-rc3) +CVE-2021-47570 [staging: r8188eu: fix a memory leak in rtw_wx_read32()] + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/be4ea8f383551b9dae11b8dfff1f38b3b5436e9a (5.16-rc3) +CVE-2021-47569 [io_uring: fail cancellation for EXITING tasks] + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/617a89484debcd4e7999796d693cf0b77d2519de (5.16-rc3) +CVE-2021-47568 [ksmbd: fix memleak in get_file_stream_info()] + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/178ca6f85aa3231094467691f5ea1ff2f398aa8d (5.16-rc3) +CVE-2021-47567 [powerpc/32: Fix hardlockup on vmap stack overflow] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5bb60ea611db1e04814426ed4bd1c95d1487678e (5.16-rc3) +CVE-2021-47566 [proc/vmcore: fix clearing user buffer by properly using clear_user()] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/c1e63117711977cc4295b2ce73de29dd17066c82 (5.16-rc2) +CVE-2021-47565 [scsi: mpt3sas: Fix kernel panic during drive powercycle test] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/0ee4ba13e09c9d9c1cb6abb59da8295d9952328b (5.16-rc3) +CVE-2021-47564 [net: marvell: prestera: fix double free issue on err path] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e8d032507cb7912baf1d3e0af54516f823befefd (5.16-rc3) +CVE-2021-47563 [ice: avoid bpf_prog refcount underflow] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f65ee535df775a13a1046c0a0b2d72db342f8a5b (5.16-rc3) +CVE-2021-47562 [ice: fix vsi->txq_map sizing] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/792b2086584f25d84081a526beee80d103c2a913 (5.16-rc3) +CVE-2021-47561 [i2c: virtio: disable timeout handling] + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/84e1d0bf1d7121759622dabf8fbef4c99ad597c5 (5.16-rc3) +CVE-2021-47560 [mlxsw: spectrum: Protect driver from buggy firmware] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047 (5.16-rc3) +CVE-2021-47559 [net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/587acad41f1bc48e16f42bb2aca63bf323380be8 (5.16-rc3) +CVE-2021-47558 [net: stmmac: Disable Tx queues when reconfiguring the interface] + - linux 5.15.15-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b270bfe697367776eca2e6759a71d700fb8d82a2 (5.16-rc3) +CVE-2021-47557 [net/sched: sch_ets: don't peek at classes beyond 'nbands'] + - linux 5.15.15-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/de6d25924c2a8c2988c6a385990cafbe742061bf (5.16-rc3) +CVE-2021-47556 [ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()] + - linux
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52823
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b9d5c2a0 by Salvatore Bonaccorso at 2024-05-24T17:17:20+02:00 Remove notes from CVE-2023-52823 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1312,10 +1312,8 @@ CVE-2023-52824 (In the Linux kernel, the following vulnerability has been resolv - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 NOTE: https://git.kernel.org/linus/ca0776571d3163bd03b3e8c9e3da936abfaecbf6 (6.7-rc1) -CVE-2023-52823 (In the Linux kernel, the following vulnerability has been resolved: k ...) - - linux 6.6.8-1 - [bookworm] - linux 6.1.64-1 - NOTE: https://git.kernel.org/linus/569c8d82f95eb5993c84fb61a649a9c4ddd208b3 (6.7-rc1) +CVE-2023-52823 + REJECTED CVE-2023-52822 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d5c2a0b6274435794fda7d9d6eb149c8b95d5c -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d5c2a0b6274435794fda7d9d6eb149c8b95d5c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-5274 in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95446059 by Salvatore Bonaccorso at 2024-05-24T17:13:38+02:00 Track fixed version for CVE-2024-5274 in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -87,7 +87,7 @@ CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticat CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...) NOT-FOR-US: zzdevelop lenosp CVE-2024-5274 - - chromium + - chromium 125.0.6422.112-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95446059e99bf8c6a1240ec05161403933dc4402 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95446059e99bf8c6a1240ec05161403933dc4402 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb4a9746 by security tracker role at 2024-05-24T08:11:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2024-5299 (D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code E ...) + TODO: check +CVE-2024-5298 (D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method ...) + TODO: check +CVE-2024-5297 (D-Link D-View executeWmicCmd Command Injection Remote Code Execution V ...) + TODO: check +CVE-2024-5296 (D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypas ...) + TODO: check +CVE-2024-5295 (D-Link G416 flupl self Command Injection Remote Code Execution Vulnera ...) + TODO: check +CVE-2024-5294 (D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Ser ...) + TODO: check +CVE-2024-5293 (D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code E ...) + TODO: check +CVE-2024-5292 (D-Link Network Assistant Uncontrolled Search Path Element Local Privil ...) + TODO: check +CVE-2024-5291 (D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code ...) + TODO: check +CVE-2024-5279 (A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been de ...) + TODO: check +CVE-2024-5247 (NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted F ...) + TODO: check +CVE-2024-5246 (NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution ...) + TODO: check +CVE-2024-5245 (NETGEAR ProSAFE Network Management System Default Credentials Local Pr ...) + TODO: check +CVE-2024-5244 (TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerabili ...) + TODO: check +CVE-2024-5243 (TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerabilit ...) + TODO: check +CVE-2024-5242 (TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution ...) + TODO: check +CVE-2024-5228 (TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer O ...) + TODO: check +CVE-2024-5227 (TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Ex ...) + TODO: check +CVE-2024-5205 (The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-5142 (Stored Cross-Site Scripting vulnerability in Social Module in M-Files ...) + TODO: check +CVE-2024-5060 (The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Ele ...) + TODO: check +CVE-2024-4544 (The Pie Register - Social Sites Login (Add on) plugin for WordPress is ...) + TODO: check +CVE-2024-4485 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-4484 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...) + TODO: check +CVE-2024-4409 (The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Reques ...) + TODO: check +CVE-2024-4366 (The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is ...) + TODO: check +CVE-2024-3718 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-3557 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) + TODO: check +CVE-2024-36361 (Pug through 3.0.2 allows JavaScript code execution if an application a ...) + TODO: check +CVE-2024-2784 (The The Plus Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2618 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-1376 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...) + TODO: check +CVE-2024-1332 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress i ...) + TODO: check +CVE-2024-1134 (The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-0893 (The Schema App Structured Data plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-0867 (The Email Log plugin for WordPress is vulnerable to Unauthenticated Ho ...) + TODO: check +CVE-2023-7259 (** DISPUTED ** A vulnerability was found in zzdevelop lenosp up to 202 ...) + TODO: check CVE-2024-5274 - chromium [bullseye] - chromium (see #1061268) @@ -90230,8 +90304,8 @@ CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System NOT-FOR-US: SourceCodester Simple Payroll System CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload Contac ...) NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form -CVE-2023- - RESERVED +CVE-2023- (A
[Git][security-tracker-team/security-tracker][master] Add new round of chromium update required
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0218f529 by Salvatore Bonaccorso at 2024-05-24T07:34:05+02:00 Add new round of chromium update required - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-5274 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) NOT-FOR-US: Thales Luna EFT CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- cacti -- +chromium (dilinger) +-- dnsdist (jmm) -- dnsmasq View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0218f529b75e5bba4a9474d5633aca3a220fe7fa -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0218f529b75e5bba4a9474d5633aca3a220fe7fa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-52793
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f4f2aed7 by Salvatore Bonaccorso at 2024-05-24T06:45:39+02:00 Remove notes from CVE-2023-52793 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1377,12 +1377,8 @@ CVE-2023-52794 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7 (6.7-rc1) -CVE-2023-52793 (In the Linux kernel, the following vulnerability has been resolved: s ...) - - linux 6.6.8-1 - [bookworm] - linux (Vulnerable code not present) - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) - NOTE: https://git.kernel.org/linus/9220c3ef6fefbf18f24aeedb1142a642b3de0596 (6.7-rc1) +CVE-2023-52793 + REJECTED CVE-2023-52792 (In the Linux kernel, the following vulnerability has been resolved: c ...) - linux 6.6.8-1 [bookworm] - linux 6.1.64-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f2aed7ac2e1cd4bf2118046551f0aa5a0abbcc -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4f2aed7ac2e1cd4bf2118046551f0aa5a0abbcc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add gst-plugins-base1.0 to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3dbcdf94 by Salvatore Bonaccorso at 2024-05-23T23:19:53+02:00 Add gst-plugins-base1.0 to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -25,6 +25,8 @@ git -- gpac/oldstable -- +gst-plugins-base1.0 (carnil) +-- h2o (jmm) -- libreswan (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dbcdf942be6382a97ae3df453e473b5f44bb5c6 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dbcdf942be6382a97ae3df453e473b5f44bb5c6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2024-4453
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7d9585a by Salvatore Bonaccorso at 2024-05-23T23:18:52+02:00 Update information for CVE-2024-4453 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -253,10 +253,12 @@ CVE-2024-4563 (The Progress MOVEit Automation configuration export function prio CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) NOT-FOR-US: WithSecure Elements Endpoint Protection CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) - - gst-plugins-base1.0 + - gst-plugins-base1.0 1.24.3-1 - gst-plugins-base0.10 NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483 - NOTE: Fixed by: https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 + NOTE: Backport: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/6768 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e33578a3c2b85a68962003bd053abda9409e73a2 (1.24.3) CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7d9585a4f396b6e19be0064cfccd8d212403672 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7d9585a4f396b6e19be0064cfccd8d212403672 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3708/lighttpd
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f7d537a by Salvatore Bonaccorso at 2024-05-23T22:51:32+02:00 Add CVE-2024-3708/lighttpd - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -165,7 +165,8 @@ CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise an CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) NOT-FOR-US: WordPress plugin CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) - TODO: check + - lighttpd + TODO: check, maybe fixed in 1.4.51, details will be only pubished on July 9th, 2024 CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f7d537a1de2da348450218e59b57179909d7449 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f7d537a1de2da348450218e59b57179909d7449 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two new issues for gitoxide, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c097e27 by Salvatore Bonaccorso at 2024-05-23T22:50:59+02:00 Add two new issues for gitoxide, itped - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,9 +39,9 @@ CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distribut CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...) TODO: check CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...) - TODO: check + - rust-gitoxide (bug #1043208) CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) - TODO: check + - rust-gitoxide (bug #1043208) CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: J2EEFAST CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c097e273b026ca8fd6fc2d3398019cca7639216 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c097e273b026ca8fd6fc2d3398019cca7639216 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a697d4d by Salvatore Bonaccorso at 2024-05-23T22:50:16+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,15 +23,15 @@ CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cros CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3997 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35570 (An arbitrary file upload vulnerability in the component \controller\Im ...) - TODO: check + NOT-FOR-US: inxedu CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...) TODO: check CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...) @@ -43,57 +43,57 @@ CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetch CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) TODO: check CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35086 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35085 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35084 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35083 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35082 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-35081 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file delet ...) - TODO: check + NOT-FOR-US: LuckyFrameWeb CVE-2024-35080 (An arbitrary file upload vulnerability in the gok4 method of inxedu v2 ...) - TODO: check + NOT-FOR-US: inxedu CVE-2024-35079 (An arbitrary file upload vulnerability in the uploadAudio method of in ...) - TODO: check + NOT-FOR-US: inxedu CVE-2024-34936 (A SQL injection vulnerability in /view/event1.php in Campcodes Complet ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34935 (A SQL injection vulnerability in /view/conversation_history_admin.php ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34934 (A SQL injection vulnerability in /view/emarks_range_grade_update_form. ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34933 (A SQL injection vulnerability in /model/update_grade.php in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34932 (A SQL injection vulnerability in /model/update_exam.php in Campcodes C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34931 (A SQL injection vulnerability in /model/update_subject.php in Campcode ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34930 (A SQL injection vulnerability in /model/all_events1.php in Campcodes C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34929 (A SQL injection vulnerability in /view/find_friends.php in Campcodes C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_routing.php in ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-34927 (A SQL injection vulnerability in /model/update_classroom.php in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4453/gst-plugins-base*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 635a6b40 by Salvatore Bonaccorso at 2024-05-23T22:38:39+02:00 Add CVE-2024-4453/gst-plugins-base* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -252,7 +252,10 @@ CVE-2024-4563 (The Progress MOVEit Automation configuration export function prio CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) NOT-FOR-US: WithSecure Elements Endpoint Protection CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) - TODO: check + - gst-plugins-base1.0 + - gst-plugins-base0.10 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/3483 + NOTE: Fixed by: https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/635a6b400f6557215328d1353de59b18abd58043 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/635a6b400f6557215328d1353de59b18abd58043 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7487454e by Salvatore Bonaccorso at 2024-05-23T22:33:44+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) - TODO: check + NOT-FOR-US: Thales Luna EFT CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) TODO: check CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...) @@ -11,17 +11,17 @@ CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio co CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...) TODO: check CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...) - TODO: check + NOT-FOR-US: HP CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5084 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4779 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) TODO: check CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7487454e30ef95a97c527d8cc49ecb61d5ebced6 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7487454e30ef95a97c527d8cc49ecb61d5ebced6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: def2256a by security tracker role at 2024-05-23T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,113 @@ +CVE-2024-5264 (Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows ...) + TODO: check +CVE-2024-5258 (An authorization vulnerability exists within GitLab from versions 16.1 ...) + TODO: check +CVE-2024-5202 (Arbitrary File Readin OpenText Dimensions RM allowsauthenticated users ...) + TODO: check +CVE-2024-5201 (Privilege Escalationin OpenText Dimensions RM allows an authenticated ...) + TODO: check +CVE-2024-5168 (Improper access control vulnerability in Prodys' Quantum Audio codec a ...) + TODO: check +CVE-2024-5165 (In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several in ...) + TODO: check +CVE-2024-5143 (A user with device administrative privileges can change existing SMTP ...) + TODO: check +CVE-2024-5085 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) + TODO: check +CVE-2024-5084 (The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is ...) + TODO: check +CVE-2024-4779 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-4575 (The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-4471 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress ...) + TODO: check +CVE-2024-4378 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4365 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2024-3997 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-35570 (An arbitrary file upload vulnerability in the component \controller\Im ...) + TODO: check +CVE-2024-35375 (There is an arbitrary file upload vulnerability on the media add .php ...) + TODO: check +CVE-2024-35224 (OpenProject is the leading open source project management software. Op ...) + TODO: check +CVE-2024-35223 (Dapr is a portable, event-driven, runtime for building distributed app ...) + TODO: check +CVE-2024-35222 (Tauri is a framework for building binaries for all major desktop platf ...) + TODO: check +CVE-2024-35197 (gitoxide is a pure Rust implementation of Git. On Windows, fetching re ...) + TODO: check +CVE-2024-35186 (gitoxide is a pure Rust implementation of Git. During checkout, `gix-w ...) + TODO: check +CVE-2024-35091 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35090 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35086 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35085 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35084 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35083 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35082 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-35081 (LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file delet ...) + TODO: check +CVE-2024-35080 (An arbitrary file upload vulnerability in the gok4 method of inxedu v2 ...) + TODO: check +CVE-2024-35079 (An arbitrary file upload vulnerability in the uploadAudio method of in ...) + TODO: check +CVE-2024-34936 (A SQL injection vulnerability in /view/event1.php in Campcodes Complet ...) + TODO: check +CVE-2024-34935 (A SQL injection vulnerability in /view/conversation_history_admin.php ...) + TODO: check +CVE-2024-34934 (A SQL injection vulnerability in /view/emarks_range_grade_update_form. ...) + TODO: check +CVE-2024-34933 (A SQL injection vulnerability in /model/update_grade.php in Campcodes ...) + TODO: check +CVE-2024-34932 (A SQL injection vulnerability in /model/update_exam.php in Campcodes C ...) + TODO: check +CVE-2024-34931 (A SQL injection vulnerability in /model/update_subject.php in Campcode ...) + TODO: check +CVE-2024-34930 (A SQL injection vulnerability in /model/all_events1.php in Campcodes C ...) + TODO: check +CVE-2024-34929 (A SQL injection vulnerability in /view/find_friends.php in Campcodes C ...) + TODO: check +CVE-2024-34928 (A SQL injection vulnerability in /model/update_subject_routing.php in ...) +
[Git][security-tracker-team/security-tracker][master] Sync Linux CVE rejections with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0280e776 by Salvatore Bonaccorso at 2024-05-23T16:03:16+02:00 Sync Linux CVE rejections with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2424,10 +2424,8 @@ CVE-2021-47325 (In the Linux kernel, the following vulnerability has been resolv - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 NOTE: https://git.kernel.org/linus/7c8f176d6a3fa18aa0f8875da6f7c672ed2a8554 (5.14-rc1) -CVE-2021-47326 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux 5.14.6-1 - [bullseye] - linux 5.10.70-1 - NOTE: https://git.kernel.org/linus/2beb4a53fc3f1081cedc1c1a198c7f56cc4fc60c (5.14-rc1) +CVE-2021-47326 + REJECTED CVE-2021-47327 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 @@ -3277,9 +3275,8 @@ CVE-2024-35907 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f7442a634ac06b953fc1f7418f307b25acd4cfbc (6.9-rc2) -CVE-2024-35906 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux 6.8.9-1 - NOTE: https://git.kernel.org/linus/f341055b10bd8be55c3c995dff5f770b236b8ca9 (6.9-rc1) +CVE-2024-35906 + REJECTED CVE-2024-35905 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.8.9-1 [bookworm] - linux 6.1.85-1 @@ -3412,9 +3409,8 @@ CVE-2024-35882 (In the Linux kernel, the following vulnerability has been resolv [bullseye] - linux (Vulnerable code not present) [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/05258a0a69b3c5d2c003f818702c0a52b6fea861 (6.9-rc3) -CVE-2024-35881 (In the Linux kernel, the following vulnerability has been resolved: R ...) - - linux 6.8.9-1 - NOTE: https://git.kernel.org/linus/3a6a32b31a111f6e66526fb2d3cb13a876465076 (6.9-rc1) +CVE-2024-35881 + REJECTED CVE-2024-35880 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 6.8.9-1 [bookworm] - linux (Vulnerable code not present) @@ -3435,11 +3431,8 @@ CVE-2024-35877 (In the Linux kernel, the following vulnerability has been resolv [bookworm] - linux 6.1.85-1 [bullseye] - linux 5.10.216-1 NOTE: https://git.kernel.org/linus/04c35ab3bdae7fefbd7c7a7355f29fa03a035221 (6.9-rc3) -CVE-2024-35876 (In the Linux kernel, the following vulnerability has been resolved: x ...) - - linux 6.8.9-1 - [bookworm] - linux 6.1.85-1 - [bullseye] - linux 5.10.216-1 - NOTE: https://git.kernel.org/linus/3ddf944b32f88741c303f0b21459dbb3872b8bc5 (6.9-rc3) +CVE-2024-35876 + REJECTED CVE-2024-35875 (In the Linux kernel, the following vulnerability has been resolved: x ...) - linux 6.8.9-1 [bookworm] - linux 6.1.85-1 @@ -22642,12 +22635,8 @@ CVE-2024-2883 (Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 a - chromium 123.0.6312.86-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-26650 (In the Linux kernel, the following vulnerability has been resolved: p ...) - - linux 6.6.15-1 - [bookworm] - linux 6.1.76-1 - [bullseye] - linux (Vulnerable code not present) - [buster] - linux (Vulnerable code not present) - NOTE: https://git.kernel.org/linus/5913320eb0b3ec88158cfcb0fa5e996bf4ef681b (6.8-rc2) +CVE-2024-26650 + REJECTED CVE-2024-26649 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.6.15-1 [bookworm] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0280e7766c9d98d6e2ff0561dfc2b8814aae4f01 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0280e7766c9d98d6e2ff0561dfc2b8814aae4f01 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 09303ea8 by Salvatore Bonaccorso at 2024-05-23T10:53:23+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,67 +1,67 @@ CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...) - TODO: check + NOT-FOR-US: Huashi Private Cloud CDN Live Streaming Acceleration Server CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5239 (A vulnerability has been found in Campcodes Complete Web-Based School ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5238 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5237 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5236 (A vulnerability classified as critical was found in Campcodes Complete ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5235 (A vulnerability classified as critical has been found in Campcodes Com ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5234 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5233 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5232 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5231 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-5230 (A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and ...) - TODO: check + NOT-FOR-US: EnvaySoft FleetCart CVE-2024-5177 (The Hash Elements plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4978 (Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious bin ...) - TODO: check + NOT-FOR-US: Justice AV Solutions Viewer Setup CVE-2024-4895 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4783 (The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4706 (The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4662 (The Oxygen Builder plugin for WordPress is vulnerable to Remote Code E ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...) TODO: check CVE-2024-4388 (This does not validate a path generated with user input when download ...) TODO: check CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3920 (The Flattr WordPress plugin through 1.2.2 does not sanitise and escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3918 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f3b5d6a by security tracker role at 2024-05-23T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,12 +1,106 @@ -CVE-2024-36013 [Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()] +CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...) + TODO: check +CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5239 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-5238 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-5237 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-5236 (A vulnerability classified as critical was found in Campcodes Complete ...) + TODO: check +CVE-2024-5235 (A vulnerability classified as critical has been found in Campcodes Com ...) + TODO: check +CVE-2024-5234 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5233 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5232 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5231 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-5230 (A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and ...) + TODO: check +CVE-2024-5177 (The Hash Elements plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-4978 (Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious bin ...) + TODO: check +CVE-2024-4895 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...) + TODO: check +CVE-2024-4783 (The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4706 (The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for Wor ...) + TODO: check +CVE-2024-4662 (The Oxygen Builder plugin for WordPress is vulnerable to Remote Code E ...) + TODO: check +CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...) + TODO: check +CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...) + TODO: check +CVE-2024-4388 (This does not validate a path generated with user input when download ...) + TODO: check +CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...) + TODO: check +CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3920 (The Flattr WordPress plugin through 1.2.2 does not sanitise and escape ...) + TODO: check +CVE-2024-3918 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) + TODO: check +CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...) + TODO: check +CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...) + TODO: check +CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) + TODO: check +CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) + TODO: check +CVE-2024-3594 (The IDonate WordPress plugin through 1.9.0 does not sanitise and esca ...) + TODO: check +CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugi ...) + TODO: check +CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not sanitise a ...) + TODO: check +CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...) + TODO: check +CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for Microsoft Wi ...) + TODO: check +CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users to read b ...) + TODO: check +CVE-2024-29851 (Veeam Backup Enterprise Manager allows high-privileged users to steal ...) + TODO: check +CVE-2024-29850 (Veeam Backup Enterprise Manager allows account takeover via NTLM relay ...) + TODO: check +CVE-2024-29849 (Veeam Backup Enterprise
[Git][security-tracker-team/security-tracker][master] Add three new Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4dfb9e97 by Salvatore Bonaccorso at 2024-05-23T09:29:13+02:00 Add three new Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2024-36013 [Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()] + - linux + NOTE: https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9) +CVE-2024-36012 [Bluetooth: msft: fix slab-use-after-free in msft_do_close()] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9) +CVE-2024-36011 [Bluetooth: HCI: Fix potential null-ptr-deref] + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d2706004a1b8b526592e823d7e52551b518a7941 (6.9) CVE-2024-1947 - gitlab NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfb9e970152c57c5b74b8043047e1d90842010f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dfb9e970152c57c5b74b8043047e1d90842010f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new gitlab issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e04de21 by Salvatore Bonaccorso at 2024-05-23T08:39:25+02:00 Add new gitlab issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,18 @@ +CVE-2024-1947 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ +CVE-2023-6502 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ +CVE-2023-7045 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ +CVE-2024-2874 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ +CVE-2024-4835 + - gitlab + NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/ CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...) NOT-FOR-US: Arris VAP2500 CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e04de211693b610f329e2b47e1a9a5eddba1706 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e04de211693b610f329e2b47e1a9a5eddba1706 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ce7c83bd by Salvatore Bonaccorso at 2024-05-22T22:49:20+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,65 +33,65 @@ CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attacker CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) NOT-FOR-US: WordPress plugin CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) - TODO: check + NOT-FOR-US: Qlik Sense Enterprise for Windows CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...) TODO: check CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35559 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35558 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35557 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35556 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-3 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35554 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35553 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35552 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35551 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35550 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35475 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Op ...) TODO: check CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.) TODO: check CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/arti ...) - TODO: check + NOT-FOR-US: Ecshop CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV export.) - TODO: check + NOT-FOR-US: Ghost CMS CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software Corp SEG ...) - TODO: check + NOT-FOR-US: Insyde CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 ...) - TODO: check + NOT-FOR-US: Nicomsoft WinI2C/DDC CVE-2024-33226 (An issue in the component Access64.sys of Wistron Corporation TBT Forc ...) - TODO: check + NOT-FOR-US: Wistron Corporation TBT Force Power Control CVE-2024-33225 (An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp R ...) - TODO: check + NOT-FOR-US: Realtek Semiconductor Corp Realtek High Definition Audio Function Driver CVE-2024-33224 (An issue in the component rtkio64.sys of Realtek Semiconductor Corp Re ...) - TODO: check + NOT-FOR-US: Realtek Semiconductor Corp Realtek lO Driver CVE-2024-33223 (An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33222 (An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS AT ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33221 (An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS B ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33220 (An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33219 (An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABE ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-33218 (An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS US ...) - TODO: check + NOT-FOR-US: ASUSTeK CVE-2024-31904 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...)
[Git][security-tracker-team/security-tracker][master] 2 commits: Revert "Reference fix for CVE-2024-4068/node-braces"
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92ff20ed by Salvatore Bonaccorso at 2024-05-22T22:40:14+02:00 Revert Reference fix for CVE-2024-4068/node-braces This reverts commit ceeb6abf3bc08c2c81e86de151967575d3014f5a. For now revert this reference. It is not fully clear following upstream issue #35. - - - - - 28e43f48 by Salvatore Bonaccorso at 2024-05-22T22:44:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,37 +1,37 @@ CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...) - TODO: check + NOT-FOR-US: Arris VAP2500 CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...) - TODO: check + NOT-FOR-US: Arris VAP2500 CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...) - TODO: check + NOT-FOR-US: Arris VAP2500 CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...) - TODO: check + NOT-FOR-US: Ritlabs TinyWeb Server CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...) TODO: check CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4896 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4563 (The Progress MOVEit Automation configuration export function prior to ...) - TODO: check + NOT-FOR-US: Progress MOVEit CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) - TODO: check + NOT-FOR-US: WithSecure Elements Endpoint Protection CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) TODO: check CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) - TODO: check + NOT-FOR-US: parisneo/lollms-webui CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...) - TODO: check + NOT-FOR-US: lunary-ai/lunary CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) TODO: check CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) @@ -6062,7 +6062,6 @@ CVE-2024-4068 (The NPM package `braces`, versions prior to 3.0.3, fails to limit [bullseye] - node-braces (Minor issue) [buster] - node-braces (Minor issue) NOTE: https://github.com/micromatch/braces/issues/35 - NOTE: Fixed by: https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3 (3.0.3) CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) - node-micromatch (bug #1071631) [bookworm] - node-micromatch (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3cd6eea96a9394cdebf3d0676b09441fb9b757b...28e43f48d5033bc8741d5dc9fe7e923925be27b4 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3cd6eea96a9394cdebf3d0676b09441fb9b757b...28e43f48d5033bc8741d5dc9fe7e923925be27b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3cd6eea by Salvatore Bonaccorso at 2024-05-22T22:30:19+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -93,13 +93,13 @@ CVE-2024-33219 (An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASU CVE-2024-33218 (An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS US ...) TODO: check CVE-2024-31904 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31895 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31894 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31893 (IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an a ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31617 (OpenLiteSpeed before 1.8.1 mishandles chunked encoding.) TODO: check CVE-2024-2036 (The ApplyOnline \u2013 Application Form Builder and Manager plugin for ...) @@ -109,7 +109,7 @@ CVE-2024-29421 (xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Ove CVE-2024-29392 (Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via Cl ...) TODO: check CVE-2024-27264 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-25738 (A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/Fix ...) TODO: check CVE-2024-25737 (A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3cd6eea96a9394cdebf3d0676b09441fb9b757b -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3cd6eea96a9394cdebf3d0676b09441fb9b757b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-4642
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 753ce9f1 by Salvatore Bonaccorso at 2024-05-22T22:26:31+02:00 Remove notes from CVE-2024-4642 CVE got rejected byt the assigning CNA (but without specific reason mentioned). - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4917,7 +4917,6 @@ CVE-2024-4733 (The ShiftController Employee Shift Scheduling plugin is vulnerabl NOT-FOR-US: WordPress plugin CVE-2024-4642 REJECTED - NOT-FOR-US: wandb CVE-2024-4635 (The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-4634 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753ce9f1aa7db7499b940476bf6e37b20cdbd0e5 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753ce9f1aa7db7499b940476bf6e37b20cdbd0e5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2024-4068/node-braces
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ceeb6abf by Salvatore Bonaccorso at 2024-05-22T22:24:10+02:00 Reference fix for CVE-2024-4068/node-braces Note this is in upstream 3.0.3. Checking 3.0.3+~3.0.4-1 though the code is not inclued. What is 3.0.3+~3.0.4 refering to? This needs double-checking to see if the issue was fixed in the last upload to unstable. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6063,6 +6063,7 @@ CVE-2024-4068 (The NPM package `braces`, versions prior to 3.0.3, fails to limit [bullseye] - node-braces (Minor issue) [buster] - node-braces (Minor issue) NOTE: https://github.com/micromatch/braces/issues/35 + NOTE: Fixed by: https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3 (3.0.3) CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) - node-micromatch (bug #1071631) [bookworm] - node-micromatch (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceeb6abf3bc08c2c81e86de151967575d3014f5a -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceeb6abf3bc08c2c81e86de151967575d3014f5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3dd5fc42 by security tracker role at 2024-05-22T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,138 @@ -CVE-2024-36010 [igb: Fix string truncation warnings in igb_set_fw_version] +CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...) + TODO: check +CVE-2024-5195 (A vulnerability was found in Arris VAP2500 08.50. It has been rated as ...) + TODO: check +CVE-2024-5194 (A vulnerability was found in Arris VAP2500 08.50. It has been declared ...) + TODO: check +CVE-2024-5193 (A vulnerability was found in Ritlabs TinyWeb Server 1.94. It has been ...) + TODO: check +CVE-2024-5166 (An Insecure Direct Object Reference in Google Cloud's Looker allowed m ...) + TODO: check +CVE-2024-5031 (The Memberpress plugin for WordPress is vulnerable to Blind Server-Sid ...) + TODO: check +CVE-2024-5025 (The Memberpress plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2024-4896 (The WPB Elementor Addons plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-4563 (The Progress MOVEit Automation configuration export function prior to ...) + TODO: check +CVE-2024-4454 (WithSecure Elements Endpoint Protection Link Following Local Privilege ...) + TODO: check +CVE-2024-4453 (GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution ...) + TODO: check +CVE-2024-4362 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4267 (A remote code execution (RCE) vulnerability exists in the parisneo/lol ...) + TODO: check +CVE-2024-4262 (The Piotnet Addons For Elementor plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4261 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...) + TODO: check +CVE-2024-4153 (A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to ...) + TODO: check +CVE-2024-3926 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) + TODO: check +CVE-2024-3495 (The Country State City Dropdown CF7 plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-36077 (Qlik Sense Enterprise for Windows before 14.187.4 allows a remote atta ...) + TODO: check +CVE-2024-35627 (tileserver-gl up to v4.4.10 was discovered to contain a cross-site scr ...) + TODO: check +CVE-2024-35561 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35560 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35559 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35558 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35557 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35556 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-3 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35554 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35553 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35552 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35551 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35550 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35475 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Op ...) + TODO: check +CVE-2024-35409 (WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.) + TODO: check +CVE-2024-35362 (Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/arti ...) + TODO: check +CVE-2024-34448 (Ghost before 5.82.0 allows CSV Injection during a member CSV export.) + TODO: check +CVE-2024-33228 (An issue in the component segwindrvx64.sys of Insyde Software Corp SEG ...) + TODO: check +CVE-2024-33227 (An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 ...) + TODO: check +CVE-2024-33226 (An issue in the component Access64.sys of Wistron Corporation TBT Forc ...) + TODO: check +CVE-2024-33225 (An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp R ...) + TODO: check +CVE-2024-33224 (An issue in the component
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-36010/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 56d06d90 by Salvatore Bonaccorso at 2024-05-22T16:15:50+02:00 Add CVE-2024-36010/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-36010 [igb: Fix string truncation warnings in igb_set_fw_version] + - linux 6.8.9-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c56d055893cbe97848611855d1c97d0ab171eccc (6.8-rc5) CVE-2024- [Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes] - roundcube 1.6.7+dfsg-1 (bug #1071474) NOTE: https://github.com/roundcube/roundcubemail/commit/ba252dc5e2946506cb8d0b50b2b7bf95ab51876f View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56d06d909d0f477fed3534b2df72e836f1e37652 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56d06d909d0f477fed3534b2df72e836f1e37652 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits