[Git][security-tracker-team/security-tracker][master] dla: take gross
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abe63800 by Adrian Bunk at 2024-03-21T01:45:10+02:00 dla: take gross - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -90,7 +90,7 @@ frr NOTE: 20240206: Continuing fixing the remaining issues (abhijith) NOTE: 20240301: continue work (abhijith) -- -gross +gross (Adrian Bunk) NOTE: 20240320: Added by Front-Desk (ta) -- gtkwave (Adrian Bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe638004afe3a23a8613225d08075369f944f0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe638004afe3a23a8613225d08075369f944f0e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-28231
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18da47a2 by Salvatore Bonaccorso at 2024-03-20T23:06:47+01:00 Add Debian bug reference for CVE-2024-28231 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,7 +59,7 @@ CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...) NOT-FOR-US: libIEC61850 CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) - - fastdds + - fastdds (bug #1067393) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0) CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18da47a24aa96784fc540377d827928981a80121 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18da47a24aa96784fc540377d827928981a80121 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: add firefox-esr
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: c2f1556b by Thorsten Alteholz at 2024-03-20T23:21:47+01:00 add firefox-esr - - - - - 8f1996c9 by Thorsten Alteholz at 2024-03-20T23:26:46+01:00 add gross - - - - - b5211001 by Thorsten Alteholz at 2024-03-20T23:29:16+01:00 add freeimage - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -75,6 +75,13 @@ edk2 expat (tobi) NOTE: 20240306: Added by Front-Desk (opal) -- +firefox-esr + NOTE: 20240320: Added by Front-Desk (ta) +-- +freeimage + NOTE: 20240320: Added by Front-Desk (ta) + NOTE: 20240320: lots of postponed issue could be fixed as well +-- freeipa (Chris Lamb) NOTE: 20240307: Added by Front-Desk (opal) -- @@ -83,6 +90,9 @@ frr NOTE: 20240206: Continuing fixing the remaining issues (abhijith) NOTE: 20240301: continue work (abhijith) -- +gross + NOTE: 20240320: Added by Front-Desk (ta) +-- gtkwave (Adrian Bunk) NOTE: 20240116: Added by Front-Desk (lamby) NOTE: 20240116: For CVE-2023-32650 etc. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/18da47a24aa96784fc540377d827928981a80121...b521100130154d77583ed4c80c8aadfb1aa095af -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/18da47a24aa96784fc540377d827928981a80121...b521100130154d77583ed4c80c8aadfb1aa095af You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr issues via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 893b2831 by Salvatore Bonaccorso at 2024-03-20T07:18:30+01:00 Track fixed version for firefox-esr issues via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -171,7 +171,7 @@ CVE-2024-27439 (An error in the evaluation of the fetch metadata headers could a CVE-2024-24683 (Improper Input Validation vulnerability in Apache Hop Engine.This issu ...) NOT-FOR-US: Apache Hop Engine CVE-2024-2616 (To harden ICU against exploitation, the behavior for out-of-memory con ...) - - firefox-esr + - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2616 @@ -180,7 +180,7 @@ CVE-2024-2615 (Memory safety bugs present in Firefox 123. Some of these bugs sho NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2615 CVE-2024-2614 (Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thun ...) - firefox 124.0-1 - - firefox-esr + - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2614 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2614 @@ -190,21 +190,21 @@ CVE-2024-2613 (Data was not properly sanitized when decoding a QUIC ACK frame; t NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2613 CVE-2024-2612 (If an attacker could find a way to trigger a particular code path in ` ...) - firefox 124.0-1 - - firefox-esr + - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2612 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612 CVE-2024-2611 (A missing delay on when pointer lock was used could have allowed a mal ...) - firefox 124.0-1 - - firefox-esr + - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2611 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611 CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce values. T ...) - firefox 124.0-1 - - firefox-esr + - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2610 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610 @@ -214,14 +214,14 @@ CVE-2024-2609 (The permission prompt input delay could have expired while the wi NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609 CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...) - firefox 124.0-1 - - firefox-esr + - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2608 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2608 CVE-2024-2607 (Return registers were overwritten which could have allowed an attacker ...) - firefox 124.0-1 - - firefox-esr + - firefox-esr 115.9.0esr-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2607 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2607 @@ -13344,7 +13344,7 @@ CVE-2024-0744 (In some circumstances, JIT compiled code could have dereferenced CVE-2024-0743 (An unchecked return value in TLS handshake code could have caused a po ...) {DLA-3757-1} - firefox 122.0-1 - - firefox-esr + - firefox-esr 115.9.0esr-1 - nss 2:3.96.1-1 - thunderbird 1:115.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-01/#CVE-2024-0743 @@ -30075,7 +30075,7 @@ CVE-2023-39333 CVE-2023-5388 (NSS was susceptible to a timing side-channel attack when performing RS ...) {DLA-3757-1} - firefox 124.0-1 - - firefox-esr + - firefox-esr 115.9.0esr-1 - nss 2:3.98-1 (bug #1056284) [bookworm] - nss (Minor issue) [bullseye] -
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ed0711b by Salvatore Bonaccorso at 2024-03-20T13:29:08+01:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -15,6 +15,8 @@ If needed, specify the release by adding a slash after the name of the source pa cacti (carnil) Sylvain Beucler is working on an update and proposing debdiff -- +chromium (dilinger) +-- cryptojs -- dav1d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ed0711be5bab8de51edf6ff542c9f7207fd0413 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ed0711be5bab8de51edf6ff542c9f7207fd0413 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: acc3beb3 by Salvatore Bonaccorso at 2024-03-20T13:26:03+01:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2024-2631 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-2630 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-2629 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-2628 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-2627 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-2626 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-2625 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-2682 (A vulnerability classified as problematic has been found in Campcodes ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2681 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc3beb3ecab233afeb1a18b4cd381c10f64a5d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc3beb3ecab233afeb1a18b4cd381c10f64a5d8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3aece1f by Salvatore Bonaccorso at 2024-03-20T09:18:16+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-2682 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2681 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2680 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2679 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2678 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2677 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2676 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2675 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2674 (A vulnerability classified as critical was found in Campcodes Online J ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2673 (A vulnerability classified as critical has been found in Campcodes Onl ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2672 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2671 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2670 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2669 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2668 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2649 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) TODO: check CVE-2024-2648 (A vulnerability, which was classified as problematic, was found in Net ...) @@ -67,7 +67,7 @@ CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...) TODO: check CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) - TODO: check + NOT-FOR-US: DOraCMS CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) TODO: check CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) @@ -117,9 +117,9 @@ CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 CVE-2024-28389 (SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before a ...) TODO: check CVE-2024-28283 (There is stack-based buffer overflow vulnerability in pc_change_act fu ...) - TODO: check + NOT-FOR-US: KnowBand spinwheel CVE-2024-28092 (UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a r ...) - TODO: check + NOT-FOR-US: UBEE DDW365 XCNDDW365 CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the '/members/m ...) TODO: check CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3aece1f9f09478eac5aab649b69913869c08d3f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3aece1f9f09478eac5aab649b69913869c08d3f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 04f33a93 by Salvatore Bonaccorso at 2024-03-20T09:38:44+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,33 +29,33 @@ CVE-2024-2669 (A vulnerability was found in Campcodes Online Job Finder System 1 CVE-2024-2668 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2649 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2648 (A vulnerability, which was classified as problematic, was found in Net ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2647 (A vulnerability, which was classified as critical, has been found in N ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2646 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2645 (A vulnerability classified as problematic has been found in Netentsec ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2644 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) - TODO: check + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway CVE-2024-2642 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...) - TODO: check + NOT-FOR-US: Ruijie CVE-2024-2641 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...) - TODO: check + NOT-FOR-US: Ruijie CVE-2024-2538 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2474 (The Standout Color Boxes and Buttons plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2460 (The GamiPress \u2013 Button plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2459 (The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2387 (The Advanced Form Integration \u2013 Connect WooCommerce and Contact F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2384 (The WooCommerce POS plugin for WordPress is vulnerable to information ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2304 (The Animated Headline plugin for WordPress is vulnerable to Stored Cro ...) TODO: check CVE-2024-2255 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) @@ -115,13 +115,13 @@ CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 CVE-2024-28562 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) TODO: check CVE-2024-28389 (SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before a ...) - TODO: check + NOT-FOR-US: KnowBand spinwheel CVE-2024-28283 (There is stack-based buffer overflow vulnerability in pc_change_act fu ...) NOT-FOR-US: KnowBand spinwheel CVE-2024-28092 (UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a r ...) NOT-FOR-US: UBEE DDW365 XCNDDW365 CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the '/members/m ...) - TODO: check + NOT-FOR-US: Koha Library Management System CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2 ...) TODO: check CVE-2024-22085 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04f33a930d90f454ddc16323b967584af32a063c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04f33a930d90f454ddc16323b967584af32a063c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0d7d465 by security tracker role at 2024-03-20T08:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,183 @@ +CVE-2024-2682 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-2681 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2680 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2679 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2678 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) + TODO: check +CVE-2024-2677 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) + TODO: check +CVE-2024-2676 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-2675 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-2674 (A vulnerability classified as critical was found in Campcodes Online J ...) + TODO: check +CVE-2024-2673 (A vulnerability classified as critical has been found in Campcodes Onl ...) + TODO: check +CVE-2024-2672 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2671 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2670 (A vulnerability was found in Campcodes Online Job Finder System 1.0. I ...) + TODO: check +CVE-2024-2669 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) + TODO: check +CVE-2024-2668 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) + TODO: check +CVE-2024-2649 (A vulnerability has been found in Netentsec NS-ASG Application Securit ...) + TODO: check +CVE-2024-2648 (A vulnerability, which was classified as problematic, was found in Net ...) + TODO: check +CVE-2024-2647 (A vulnerability, which was classified as critical, has been found in N ...) + TODO: check +CVE-2024-2646 (A vulnerability classified as critical was found in Netentsec NS-ASG A ...) + TODO: check +CVE-2024-2645 (A vulnerability classified as problematic has been found in Netentsec ...) + TODO: check +CVE-2024-2644 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + TODO: check +CVE-2024-2642 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...) + TODO: check +CVE-2024-2641 (A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It h ...) + TODO: check +CVE-2024-2538 (The Permalink Manager Lite plugin for WordPress is vulnerable to unaut ...) + TODO: check +CVE-2024-2474 (The Standout Color Boxes and Buttons plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-2460 (The GamiPress \u2013 Button plugin for WordPress is vulnerable to Stor ...) + TODO: check +CVE-2024-2459 (The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2024-2387 (The Advanced Form Integration \u2013 Connect WooCommerce and Contact F ...) + TODO: check +CVE-2024-2384 (The WooCommerce POS plugin for WordPress is vulnerable to information ...) + TODO: check +CVE-2024-2304 (The Animated Headline plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-2255 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) + TODO: check +CVE-2024-2197 (Chirp Access improperly stores credentials within its source code, pot ...) + TODO: check +CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) + TODO: check +CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...) + TODO: check +CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) + TODO: check +CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) + TODO: check +CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check +CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check +CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check +CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check +CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] ovn,newlib spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cce79747 by Moritz Mühlenhoff at 2024-03-20T15:31:07+01:00 ovn,newlib spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -76,3 +76,7 @@ CVE-2023-6237 [bookworm] - openssl 3.0.13-1~deb12u1 CVE-2024-0727 [bookworm] - openssl 3.0.13-1~deb12u1 +CVE-2024-2182 + [bookworm] - ovn 23.03.1-1~deb12u2 +CVE-2021-3420 + [bookworm] - newlib 3.3.0-2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce7974790d02a09f866e22392a3e46025b2198c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cce7974790d02a09f866e22392a3e46025b2198c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] amavis spu
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b36b6e18 by Moritz Mühlenhoff at 2024-03-20T15:33:18+01:00 amavis spu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -80,3 +80,5 @@ CVE-2024-2182 [bookworm] - ovn 23.03.1-1~deb12u2 CVE-2021-3420 [bookworm] - newlib 3.3.0-2 +CVE-2024-28054 + [bookworm] - amavisd-new 1:2.13.0-3+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b36b6e180d02899561132ef6e736ef8556fd5c47 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b36b6e180d02899561132ef6e736ef8556fd5c47 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4340c100 by Salvatore Bonaccorso at 2024-03-20T14:50:15+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -176,59 +176,59 @@ CVE-2024-24336 (A multiple Cross-site scripting (XSS) vulnerability in the '/mem CVE-2024-22258 (Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2 ...) TODO: check CVE-2024-22085 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22084 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22083 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22082 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22081 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22080 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22079 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22078 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-22077 (An issue was discovered in Elspec G5 digital fault recorder versions 1 ...) - TODO: check + NOT-FOR-US: Elspec G5 digital fault recorder CVE-2024-1995 (The Smart Custom Fields plugin for WordPress is vulnerable to unauthor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1983 (The Simple Ajax Chat WordPress plugin before 20240223 does not preven ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1844 (The RevivePress \u2013 Keep your Old Content Evergreen plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1799 (The GamiPress \u2013 The #1 gamification plugin to reward points, achi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1787 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1785 (The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1711 (The Create by Mediavine plugin for WordPress is vulnerable to SQL Inje ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1477 (The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1473 (The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1379 (The Website Article Monetization By MageNet plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1325 (The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1205 (The Management App for WooCommerce \u2013 Order notifications, Order m ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1181 (The Coming Soon, Under Construction & Maintenance Mode By Dazzler plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1119 (The Order Tip for WooCommerce plugin for WordPress is vulnerable to un ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0856 (The Appointment Booking Calendar WordPress plugin before 1.3.83 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0337 (The Travelpayouts: All Travel Brands in One Place WordPress plugin thr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7246 (The System Dashboard WordPress plugin before 2.8.10 does not sanitize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50811 (An issue discovered in SELESTA Visual Access Manager 4.38.6 allows att ...) - TODO: check + NOT-FOR-US: SELESTA Visual Access Manager CVE-2024-2639 (A vulnerability was found in Bdtask Wholesale Inventory Management Sys ...) NOT-FOR-US: Bdtask Wholesale Inventory Management System CVE-2024-2636 (An Unrestricted Upload of File vulnerability has been
[Git][security-tracker-team/security-tracker][master] Add set of new freeimage issues (just initial tracking)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b8893cb by Salvatore Bonaccorso at 2024-03-20T14:49:43+01:00 Add set of new freeimage issues (just initial tracking) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -97,51 +97,74 @@ CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) NOT-FOR-US: DOraCMS CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28568 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28565 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - TODO: check + - freeimage + NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f7ea1ba by Salvatore Bonaccorso at 2024-03-20T14:49:07+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -85,15 +85,15 @@ CVE-2024-2387 (The Advanced Form Integration \u2013 Connect WooCommerce and Cont CVE-2024-2384 (The WooCommerce POS plugin for WordPress is vulnerable to information ...) NOT-FOR-US: WordPress plugin CVE-2024-2304 (The Animated Headline plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2255 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2197 (Chirp Access improperly stores credentials within its source code, pot ...) - TODO: check + NOT-FOR-US: Chirp Access CVE-2024-2129 (The WPBITS Addons For Elementor Page Builder plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2124 (The Translate WordPress and go Multilingual \u2013 Weglot plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows ...) NOT-FOR-US: DOraCMS CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7ea1bacac85fc83c0d279e5027e2f2a96f904b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7ea1bacac85fc83c0d279e5027e2f2a96f904b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync Linux CVEs with kernel-sec status
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0838824 by Salvatore Bonaccorso at 2024-03-20T20:32:55+01:00 Sync Linux CVEs with kernel-sec status - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3473,9 +3473,8 @@ CVE-2024-2173 (Out of bounds memory access in V8 in Google Chrome prior to 122.0 - chromium 122.0.6261.111-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) -CVE-2024-26628 (In the Linux kernel, the following vulnerability has been resolved: d ...) - - linux 6.7.7-1 - NOTE: https://git.kernel.org/linus/47bf0f83fc86df1bf42b385a91aadb910137c5c9 (6.8-rc1) +CVE-2024-26628 + REJECTED CVE-2024-26627 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 6.7.7-1 [buster] - linux (Vulnerable code not present) @@ -3507,8 +3506,6 @@ CVE-2023-52606 (In the Linux kernel, the following vulnerability has been resolv NOTE: https://git.kernel.org/linus/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (6.8-rc1) CVE-2023-52605 REJECTED - - linux 6.7.7-1 - NOTE: https://git.kernel.org/linus/72d9b9747e78979510e9aafdd32eb99c7aa30dd1 (6.8-rc1) CVE-2023-52604 (In the Linux kernel, the following vulnerability has been resolved: F ...) - linux 6.7.7-1 NOTE: https://git.kernel.org/linus/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68 (6.8-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f083882411152bab006271a28582fc6c8deced84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f083882411152bab006271a28582fc6c8deced84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Cleanup two CVEs retired by their CNAs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36744ca6 by Salvatore Bonaccorso at 2024-03-20T20:37:45+01:00 Cleanup two CVEs retired by their CNAs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9430,7 +9430,6 @@ CVE-2024-1309 (Uncontrolled Resource Consumption vulnerability in Honeywell Niag NOT-FOR-US: Honeywell CVE-2024-1216 REJECTED - NOT-FOR-US: Twister Antivirus CVE-2024-1163 (Uncontrolled Resource Consumption in GitHub repository mbloch/mapshape ...) NOT-FOR-US: mapshaper CVE-2024-1160 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) @@ -15674,7 +15673,6 @@ CVE-2024-0411 (A vulnerability was found in DeShang DSMall up to 6.1.0. It has b NOT-FOR-US: DeShang DSMall CVE-2024-0227 REJECTED - NOT-FOR-US: Devise-Two-Factor CVE-2023-7071 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...) NOT-FOR-US: WordPress plugin CVE-2023-7070 (The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36744ca6baa95af33415835b663a32f7713dc590 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36744ca6baa95af33415835b663a32f7713dc590 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2021-20251/samba note: AD DC functionality EOL'ed in buster too
Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker Commits: 0161ad5c by Santiago Ruano Rincón at 2024-03-20T16:54:06-03:00 CVE-2021-20251/samba note: AD DC functionality EOLed in buster too - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -234862,6 +234862,7 @@ CVE-2021-20251 (A flaw was found in samba. A race condition in the password lock [experimental] - samba 2:4.17.1+dfsg-1 - samba 2:4.17.2+dfsg-3 [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14611 NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2708 CVE-2021-20250 (A flaw was found in wildfly. The JBoss EJB client has publicly accessi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0161ad5c2009ee044a9e6bad0a4f68073102d0d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0161ad5c2009ee044a9e6bad0a4f68073102d0d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e10c034 by security tracker role at 2024-03-20T20:12:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,28 +1,142 @@ -CVE-2024-2631 +CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...) + TODO: check +CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) + TODO: check +CVE-2024-2715 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) + TODO: check +CVE-2024-2714 (A vulnerability has been found in Campcodes Complete Online DJ Booking ...) + TODO: check +CVE-2024-2713 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-2712 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-2711 (A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rate ...) + TODO: check +CVE-2024-2710 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been decl ...) + TODO: check +CVE-2024-2709 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been clas ...) + TODO: check +CVE-2024-2708 (A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as ...) + TODO: check +CVE-2024-2707 (A vulnerability has been found in Tenda AC10U 15.03.06.49 and classifi ...) + TODO: check +CVE-2024-2706 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-2705 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-2704 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...) + TODO: check +CVE-2024-2703 (A vulnerability classified as critical has been found in Tenda AC10U 1 ...) + TODO: check +CVE-2024-2702 (Missing Authorization vulnerability in Olive Themes Olive One Click De ...) + TODO: check +CVE-2024-2690 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) + TODO: check +CVE-2024-2687 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) + TODO: check +CVE-2024-2686 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) + TODO: check +CVE-2024-2685 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-2684 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) + TODO: check +CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) + TODO: check +CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) + TODO: check +CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) + TODO: check +CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...) + TODO: check +CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) + TODO: check +CVE-2024-28395 (SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and befo ...) + TODO: check +CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and befor ...) + TODO: check +CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...) + TODO: check +CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + TODO: check +CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...) + TODO: check +CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip ...) + TODO: check +CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to versions 14 ...) + TODO: check +CVE-2024-24813 (Frappe is a full-stack web application framework. Prior to versions 14 ...) + TODO: check +CVE-2024-23821 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-23819 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-23818 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-23721 (A Directory Traversal issue was discovered in process_post on Draytek ...) + TODO: check +CVE-2024-23643 (GeoServer is an open source software server written in Java that allow ...) + TODO: check +CVE-2024-23642 (GeoServer is an open source software server written in Java that allow ...)
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-2370 (duplicate of CVE-2018-5341)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1e67788 by Salvatore Bonaccorso at 2024-03-20T21:14:01+01:00 Remove notes from CVE-2024-2370 (duplicate of CVE-2018-5341) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2659,7 +2659,6 @@ CVE-2023-49453 (Reflected cross-site scripting (XSS) vulnerability in Racktables - racktables (bug #629531) CVE-2024-2370 REJECTED - NOT-FOR-US: ManageEngine CVE-2024-2357 (The Libreswan Project was notified of an issue causing libreswan to re ...) - libreswan 4.14-1 (bug #1066059) [bookworm] - libreswan (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1e67788e1db1936caf5e561614fd3d779ddfe78 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1e67788e1db1936caf5e561614fd3d779ddfe78 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-47691 (withdrawn)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd03ecd0 by Salvatore Bonaccorso at 2024-03-20T21:16:26+01:00 Remove notes from CVE-2023-47691 (withdrawn) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3240,7 +3240,6 @@ CVE-2023-48725 (A stack-based buffer overflow vulnerability exists in the JSON P NOT-FOR-US: Netgear CVE-2023-47691 REJECTED - NOT-FOR-US: WordPress plugin CVE-2023-42662 (JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, ...) NOT-FOR-US: JFrog Artifactory CVE-2023-42661 (JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary F ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd03ecd0ee8bb715e207aef2a4d03b7f16193f43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd03ecd0ee8bb715e207aef2a4d03b7f16193f43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a1bad7b by Salvatore Bonaccorso at 2024-03-20T21:30:30+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,63 +1,63 @@ CVE-2024-2721 (Deserialization of Untrusted Data vulnerability in Social Media Share ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2716 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2715 (A vulnerability was found in Campcodes Complete Online DJ Booking Syst ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2714 (A vulnerability has been found in Campcodes Complete Online DJ Booking ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2713 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2712 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online DJ Booking System CVE-2024-2711 (A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rate ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2710 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been decl ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2709 (A vulnerability was found in Tenda AC10U 15.03.06.49. It has been clas ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2708 (A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2707 (A vulnerability has been found in Tenda AC10U 15.03.06.49 and classifi ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2706 (A vulnerability, which was classified as critical, was found in Tenda ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2705 (A vulnerability, which was classified as critical, has been found in T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2704 (A vulnerability classified as critical was found in Tenda AC10U 15.03. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2703 (A vulnerability classified as critical has been found in Tenda AC10U 1 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-2702 (Missing Authorization vulnerability in Olive Themes Olive One Click De ...) - TODO: check + NOT-FOR-US: Olive Themes Olive One Click Demo Import CVE-2024-2690 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) - TODO: check + NOT-FOR-US: SourceCodester Online Discussion Forum Site CVE-2024-2687 (A vulnerability was found in Campcodes Online Job Finder System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2686 (A vulnerability has been found in Campcodes Online Job Finder System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2685 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2684 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) - TODO: check + NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) TODO: check CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) TODO: check CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...) - TODO: check + NOT-FOR-US: Unit4 Financials by Coda CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28395 (SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and befo ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and befor ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...) - TODO: check + NOT-FOR-US: libIEC61850 CVE-2024-28231 (eprosima Fast DDS is a
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28231/fastdds
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77646c84 by Salvatore Bonaccorso at 2024-03-20T21:33:52+01:00 Add CVE-2024-28231/fastdds - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59,7 +59,9 @@ CVE-2024-28392 (SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and CVE-2024-28286 (In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was de ...) NOT-FOR-US: libIEC61850 CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) - TODO: check + - fastdds + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w + NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0) CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...) TODO: check CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77646c846e1ec03cebb8fa9173026d180ac5cdbc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77646c846e1ec03cebb8fa9173026d180ac5cdbc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] php-dompdf-svg-lib / pdns-rec DSAs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 021197fb by Moritz Mühlenhoff at 2024-03-20T20:00:13+01:00 php-dompdf-svg-lib / pdns-rec DSAs - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -7399,7 +7399,6 @@ CVE-2024-25249 (An issue in He3 App for macOS version 2.0.17, allows remote atta NOT-FOR-US: He3 App for macOS CVE-2024-25117 (php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering ...) - php-dompdf-svg-lib 0.5.2-1 (bug #1064781) - [bookworm] - php-dompdf-svg-lib (Minor issue) NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273 NOTE: https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa (0.5.2) NOTE: https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42 (0.5.2) = data/DSA/list = @@ -1,3 +1,8 @@ +[20 Mar 2024] DSA-5626-2 pdns-recursor - regression update + [bookworm] - pdns-recursor 4.8.7-1 +[20 Mar 2024] DSA-5642-1 php-dompdf-svg-lib - security update + {CVE-2023-50251 CVE-2023-50252 CVE-2024-25117} + [bookworm] - php-dompdf-svg-lib 0.5.0-3+deb12u1 [19 Mar 2024] DSA-5641-1 fontforge - security update {CVE-2024-25081 CVE-2024-25082} [bullseye] - fontforge 1:20201107~dfsg-4+deb11u1 = data/dsa-needed.txt = @@ -58,9 +58,6 @@ opennds/stable -- php-cas/oldstable -- -php-dompdf-svg-lib/stable (jmm) - William Desportes is proposing an update needing review (6883e24c-b53d-4dcd-ad27-b944dbd68...@wdes.fr) --- php-horde-mime-viewer/oldstable -- php-horde-turba/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/021197fbb14b781d914a7eea0c02e06f984a10b1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/021197fbb14b781d914a7eea0c02e06f984a10b1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 13912e40 by Salvatore Bonaccorso at 2024-03-20T21:46:21+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43,11 +43,11 @@ CVE-2024-2684 (A vulnerability, which was classified as problematic, has been fo CVE-2024-2683 (A vulnerability classified as problematic was found in Campcodes Onlin ...) NOT-FOR-US: Campcodes Online Job Finder System CVE-2024-2291 (In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.1 ...) - TODO: check + NOT-FOR-US: Progress MOVEit Transfer CVE-2024-29419 (There is a Cross-site scripting (XSS) vulnerability in the Wireless se ...) NOT-FOR-US: TOTOLINK CVE-2024-28868 (Umbraco is an ASP.NET content management system. Umbraco 10 prior to 1 ...) - TODO: check + NOT-FOR-US: Umbraco CVE-2024-28735 (An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 ...) NOT-FOR-US: Unit4 Financials by Coda CVE-2024-28396 (An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a r ...) @@ -63,55 +63,55 @@ CVE-2024-28231 (eprosima Fast DDS is a C++ implementation of the Data Distributi NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w NOTE: https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b (v2.14.0) CVE-2024-28179 (Jupyter Server Proxy allows users to run arbitrary external processes ...) - TODO: check + NOT-FOR-US: Jupyter Server Proxy CVE-2024-27286 (Zulip is an open-source team collaboration. When a user moves a Zulip ...) - TODO: check + NOT-FOR-US: Zulip CVE-2024-27105 (Frappe is a full-stack web application framework. Prior to versions 14 ...) NOT-FOR-US: Frappe Framework CVE-2024-24813 (Frappe is a full-stack web application framework. Prior to versions 14 ...) NOT-FOR-US: Frappe Framework CVE-2024-23821 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23819 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23818 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23721 (A Directory Traversal issue was discovered in process_post on Draytek ...) - TODO: check + NOT-FOR-US: Draytek Vigor3910 devices CVE-2024-23643 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23642 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23640 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-23634 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2024-1992 REJECTED CVE-2024-1856 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2024-1811 (A potential vulnerability has been identified in OpenText ArcSight Pla ...) - TODO: check + NOT-FOR-US: OpenText CVE-2024-1801 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q1 (18.0. ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2024-1800 (In Progress\xae Telerik\xae Report Server versions prior to 2024 Q1 (1 ...) - TODO: check + NOT-FOR-US: Progress Telerik Reporting CVE-2023-52229 (Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-51445 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-51444 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-50967 (latchset jose through version 11 allows attackers to cause a denial of ...) TODO: check CVE-2023-45177 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-41877 (GeoServer is an open source software server written in Java that allow ...) - TODO: check + NOT-FOR-US: GeoServer CVE-2023-41038 (Firebird is a relational database. Versions 4.0.0 through 4.0.3 and ve ...) TODO: check CVE-2023-35888 (IBM Security Verify Governance 10.0.2 could allow a remote attacker to ...) - TODO: check +