[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 851f485b by Salvatore Bonaccorso at 2024-05-15T22:30:17+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,19 +17,19 @@ CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been declared CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) NOT-FOR-US: Telerik Report Server CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Loc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices can expo ...) - TODO: check + NOT-FOR-US: alpitronic Hypercharger EV charging devices CVE-2024-4357 (An information disclosure vulnerability exists in Progress Telerik Rep ...) - TODO: check + NOT-FOR-US: Progress Telerik Report Server CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) - TODO: check + NOT-FOR-US: Telerik CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) - TODO: check + NOT-FOR-US: Telerik CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...) TODO: check CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) @@ -37,7 +37,7 @@ CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iMana CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) TODO: check CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI for Win ...) - TODO: check + NOT-FOR-US: Telerik CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in OpenText ...) TODO: check CVE-2024-3487 (Broken Authentication vulnerability discovered in OpenText\u2122 iMana ...) @@ -51,105 +51,105 @@ CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This c CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) TODO: check CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) Transform ...) - TODO: check + NOT-FOR-US: Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints CVE-2024-3318 (A file path traversal vulnerability was identified in the DelimitedFil ...) - TODO: check + NOT-FOR-US: DelimitedFileConnector Cloud Connector CVE-2024-3317 (An improper access control was identified in the Identity Security Clo ...) - TODO: check + NOT-FOR-US: Identity Security Cloud (ISC) message server API CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal Installer i ...) TODO: check CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...) - TODO: check + NOT-FOR-US: Stalwart Mail Server CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv- ...) - TODO: check + NOT-FOR-US: VITEC AvediaServer CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injection via ...) - TODO: check + NOT-FOR-US: Code-projects Budget Management CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...) - TODO: check + NOT-FOR-US: Code-projects Budget Management CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...) TODO: check CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...) - TODO: check + NOT-FOR-US: KYKMS CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...) - TODO: check + NOT-FOR-US: dootask CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) - TODO: check + NOT-FOR-US: Adobe CVE-2024-34097 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 91f0bb6d by Salvatore Bonaccorso at 2024-05-15T22:19:47+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-4910 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4909 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4908 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4907 (A vulnerability has been found in Campcodes Complete Web-Based School ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4906 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4905 (A vulnerability classified as critical has been found in Kashipara Col ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4904 (A vulnerability was found in Byzoro Smart S200 Management Platform up ...) - TODO: check + NOT-FOR-US: Byzoro Smart S200 Management Platform CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been declared as c ...) - TODO: check + NOT-FOR-US: Tongda OA CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) - TODO: check + NOT-FOR-US: Telerik Report Server CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored Cross-S ...) TODO: check CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Loc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91f0bb6d4c4900c9eac453f64db264eb7cc35e87 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91f0bb6d4c4900c9eac453f64db264eb7cc35e87 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 112e76f2 by security tracker role at 2024-05-15T20:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,175 @@ +CVE-2024-4910 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4909 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4908 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4907 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4906 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4905 (A vulnerability classified as critical has been found in Kashipara Col ...) + TODO: check +CVE-2024-4904 (A vulnerability was found in Byzoro Smart S200 Management Platform up ...) + TODO: check +CVE-2024-4903 (A vulnerability was found in Tongda OA 2017. It has been declared as c ...) + TODO: check +CVE-2024-4837 (In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or ea ...) + TODO: check +CVE-2024-4702 (The Mega Elements plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2024-4670 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Loc ...) + TODO: check +CVE-2024-4622 (If misconfigured, alpitronic Hypercharger EV charging devices can expo ...) + TODO: check +CVE-2024-4357 (An information disclosure vulnerability exists in Progress Telerik Rep ...) + TODO: check +CVE-2024-4202 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) + TODO: check +CVE-2024-4200 (In Progress\xae Telerik\xae Reporting versions prior to 2024 Q2 (18.1. ...) + TODO: check +CVE-2024-4010 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...) + TODO: check +CVE-2024-3970 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...) + TODO: check +CVE-2024-3968 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3967 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3892 (A local code execution vulnerability is possible in Telerik UI for Win ...) + TODO: check +CVE-2024-3488 (File Upload vulnerability in unauthenticated session found in OpenText ...) + TODO: check +CVE-2024-3487 (Broken Authentication vulnerability discovered in OpenText\u2122 iMana ...) + TODO: check +CVE-2024-3486 (XML External Entity injection vulnerability foundin OpenText\u2122 iMa ...) + TODO: check +CVE-2024-3485 (Server Side Request Forgery vulnerabilityhas been discovered in OpenTe ...) + TODO: check +CVE-2024-3484 (Path Traversal foundin OpenText\u2122 iManager 3.2.6.0200. This can le ...) + TODO: check +CVE-2024-3483 (Remote Code Execution has been discovered in OpenText\u2122 iManager 3 ...) + TODO: check +CVE-2024-3319 (An issue was identified in the Identity Security Cloud (ISC) Transform ...) + TODO: check +CVE-2024-3318 (A file path traversal vulnerability was identified in the DelimitedFil ...) + TODO: check +CVE-2024-3317 (An improper access control was identified in the Identity Security Clo ...) + TODO: check +CVE-2024-3182 (Install-type password disclosure vulnerability inUniversal Installer i ...) + TODO: check +CVE-2024-35179 (Stalwart Mail Server is an open-source mail server. Prior to version 0 ...) + TODO: check +CVE-2024-35102 (Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv- ...) + TODO: check +CVE-2024-34955 (Code-projects Budget Management 1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2024-34954 (Code-projects Budget Management 1.0 is vulnerable to Cross Site Script ...) + TODO: check +CVE-2024-34913 (An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and b ...) + TODO: check +CVE-2024-34909 (An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allow ...) + TODO: check +CVE-2024-34906 (An arbitrary file upload vulnerability in dootask v0.30.13 allows atta ...) + TODO: check +CVE-2024-34101 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: ...) + TODO: check +CVE-2024-34100 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check +CVE-2024-34099 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check +CVE-2024-34098 (Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are aff ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for ghostscript update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31850af3 by Salvatore Bonaccorso at 2024-05-15T21:59:47+02:00 Reserve DSA number for ghostscript update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[15 May 2024] DSA-5692-1 ghostscript - security update + {CVE-2023-52722 CVE-2024-29510 CVE-2024-33869 CVE-2024-33870 CVE-2024-33871} + [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u7 + [bookworm] - ghostscript 10.0.0~dfsg-11+deb12u4 [15 May 2024] DSA-5691-1 firefox-esr - security update {CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4770 CVE-2024-4777} [bullseye] - firefox-esr 115.11.0esr-1~deb11u1 = data/dsa-needed.txt = @@ -19,8 +19,6 @@ dnsmasq frr Tobias Frost (tobi) proposed to work on preparing an update -- -ghostscript (carnil) --- gpac/oldstable -- h2o (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31850af38997b7d01a9aed61cc45eeafa79b141b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31850af38997b7d01a9aed61cc45eeafa79b141b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: tracker_service: Simplify DSA URL excluding date
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2132454 by Salvatore Bonaccorso at 2024-05-15T17:12:04+02:00 tracker_service: Simplify DSA URL excluding date Now that DSA pages on https://www.debian.org/security redirect to the DSA announce in the mailinglist archive there is as well support to redirect the respective DSA without needing the year. Both https://www.debian.org/security/${year}/${dsa} and https://www.debian.org/security/${dsa} get redirected to the DSA announce. So we can simplify the url building to just replace the correct DSA identifier. Link: https://lists.debian.org/debian-security/2024/01/msg1.html Signed-off-by: Salvatore Bonaccorso car...@debian.org - - - - - cb7c4988 by Salvatore Bonaccorso at 2024-05-15T17:20:55+02:00 tracker_service: Simplify DLA URL excluding date Now that DLA pages on https://www.debian.org/lts/security redirect to the DLA announce in the mailinglist archive there is as well support to redirect the respective DLA without needing the year. Both https://www.debian.org/lts/security/${year}/${dsa} and https://www.debian.org/lts/security/${dsa} get redirected to the DLA announce. So we can simplify the url building to just replace the correct DLA identifier. Link: https://lists.debian.org/debian-security/2024/01/msg1.html Signed-off-by: Salvatore Bonaccorso car...@debian.org - - - - - 73aa615f by Salvatore Bonaccorso at 2024-05-15T15:31:33+00:00 Merge branch simplify-dsa-source-references into master Draft: Simplify dsa source references See merge request security-tracker-team/security-tracker!158 - - - - - 1 changed file: - bin/tracker_service.py Changes: = bin/tracker_service.py = @@ -1556,12 +1556,7 @@ Debian bug number.'''), link = "dsa-%d" % int(number) else: link = dsa.lower() -# We must determine the year because there is no generic URL. -for (date,) in self.db.cursor().execute( -"SELECT release_date FROM bugs WHERE name = ?", (dsa,)): -(y, m, d) = date.split('-') -return url.absolute("https://www.debian.org/security/%d/%s; -% (int(y), link)) +return url.absolute("https://www.debian.org/security/%s; % link) return None def url_dla(self, url, dla, re_dla=re.compile(r'^DLA-(\d+)(-\d+)?$')): @@ -1572,12 +1567,8 @@ Debian bug number.'''), link = "dla-%d" % int(number) else: link = dla.lower() -# We must determine the year because there is no generic URL. -for (date,) in self.db.cursor().execute( -"SELECT release_date FROM bugs WHERE name = ?", (dla,)): -(y, m, d) = date.split('-') -return url.absolute("https://www.debian.org/lts/security/%d/%s; -% (int(y), link)) +return url.absolute("https://www.debian.org/lts/security/%s; +% link) return None def url_debian_bug(self, url, debian): View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2af90a2aea68ad81cb62f2162b67e2c6153eb9f5...73aa615fe7cb30efb792a17c0f8663184e52773a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2af90a2aea68ad81cb62f2162b67e2c6153eb9f5...73aa615fe7cb30efb792a17c0f8663184e52773a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for fastdds issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3e2fc376 by Salvatore Bonaccorso at 2024-05-15T13:02:52+02:00 Track fixed version for fastdds issues fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -895,10 +895,10 @@ CVE-2024-30268 (Cacti provides an operational monitoring and fault management fr NOTE: https://github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e TODO: check, might be only affecting 1.3.y CVE-2024-30259 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) - - fastdds + - fastdds 2.14.1+ds-1 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662 CVE-2024-30258 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) - - fastdds + - fastdds 2.14.1+ds-1 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh NOTE: https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b CVE-2024-29895 (Cacti provides an operational monitoring and fault management framewor ...) @@ -11180,12 +11180,12 @@ CVE-2024-31986 (XWiki Platform is a generic wiki platform. Starting in version 3 CVE-2024-31985 (XWiki Platform is a generic wiki platform. Starting in version 3.1 and ...) NOT-FOR-US: XWiki CVE-2024-30917 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) - - fastdds + - fastdds 2.14.1+ds-1 [bookworm] - fastdds (Minor issue) [bullseye] - fastdds (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/issues/4609 CVE-2024-30916 (An issue was discovered in eProsima FastDDS v.2.14.0 and before, allow ...) - - fastdds + - fastdds 2.14.1+ds-1 [bookworm] - fastdds (Minor issue) [bullseye] - fastdds (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/issues/4609 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e2fc3765f23fc752c58d31b2100f31e4c14101e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e2fc3765f23fc752c58d31b2100f31e4c14101e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-34462/sogo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 642f96a5 by Salvatore Bonaccorso at 2024-05-15T12:24:38+02:00 Add Debian bug reference for CVE-2024-34462/sogo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2878,7 +2878,7 @@ CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.) CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cook ...) NOT-FOR-US: ThinkPHP CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.) - - sogo + - sogo (bug #1071163) NOTE: https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920 CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...) NOT-FOR-US: SimpleNetwork View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/642f96a5ed1e9c43176a2a58d4772293c69c1d2c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/642f96a5ed1e9c43176a2a58d4772293c69c1d2c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug referenc for CVE-2024-34459/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11cab422 by Salvatore Bonaccorso at 2024-05-15T12:04:46+02:00 Add Debian bug referenc for CVE-2024-34459/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -817,7 +817,7 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...) NOT-FOR-US: WordPress plugin CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) - - libxml2 + - libxml2 (bug #1071162) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11cab4221a39b07a7b8b9124ffa2b4b3c6ebe203 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11cab4221a39b07a7b8b9124ffa2b4b3c6ebe203 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add second commit for CVE-2024-34459/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 37a62378 by Salvatore Bonaccorso at 2024-05-15T12:00:32+02:00 Add second commit for CVE-2024-34459/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -820,6 +820,7 @@ CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 - libxml2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (v2.12.7) CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) NOT-FOR-US: WordPress plugin CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37a62378290b31d249fe93fdf34cc848d68f976d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37a62378290b31d249fe93fdf34cc848d68f976d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference to upstream commit for CVE-2024-34459/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c91e9eac by Salvatore Bonaccorso at 2024-05-15T11:54:25+02:00 Add reference to upstream commit for CVE-2024-34459/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -819,6 +819,7 @@ CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) - libxml2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (v2.11.8) CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) NOT-FOR-US: WordPress plugin CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c91e9eac8be6d41878f579c35100173396473b9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c91e9eac8be6d41878f579c35100173396473b9f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for git issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 56933cc9 by Salvatore Bonaccorso at 2024-05-15T11:51:04+02:00 Add Debian bug reference for git issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -240,7 +240,7 @@ CVE-2024-32636 (A vulnerability has been identified in Parasolid V35.1 (All vers CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid ...) - - git + - git (bug #1071160) NOTE: https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7 CVE-2024-32355 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) @@ -280,19 +280,19 @@ CVE-2024-32057 (A vulnerability has been identified in PS/IGES Parasolid Transla CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) NOT-FOR-US: Siemens CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - - git + - git (bug #1071160) NOTE: https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - - git + - git (bug #1071160) NOTE: https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj NOTE: https://github.com/git/git/commit/1204e1a824c34071019fe106348eaa6d88f9528d NOTE: https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703 CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - - git + - git (bug #1071160) NOTE: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 NOTE: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8 CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - - git + - git (bug #1071160) NOTE: https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv NOTE: https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d CVE-2024-31980 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56933cc9e7774737e7a98bcacd393f40d209cecf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56933cc9e7774737e7a98bcacd393f40d209cecf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-26306/iperf3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 72f17ba4 by Salvatore Bonaccorso at 2024-05-15T11:26:07+02:00 Add CVE-2024-26306/iperf3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1004,7 +1004,7 @@ CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the p CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam Service Pr ...) NOT-FOR-US: Veeam CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...) - TODO: check + - iperf3 CVE-2023-5052 (vulnerability in Uniform Server Zero, version 10.2.5, consisting of an ...) NOT-FOR-US: Uniform Zero Server CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f17ba439d6783974270317cfad013d524231d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72f17ba439d6783974270317cfad013d524231d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28285/libcrypto++
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dba01b41 by Salvatore Bonaccorso at 2024-05-15T11:24:19+02:00 Add CVE-2024-28285/libcrypto++ - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -913,7 +913,8 @@ CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23. ...) NOT-FOR-US: GoCD CVE-2024-28285 (A Fault Injection vulnerability in the SymmetricDecrypt function in cr ...) - TODO: check + - libcrypto++ + TODO: check details CVE-2024-28279 (Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection v ...) NOT-FOR-US: Code-projects Computer Book Store CVE-2024-28277 (In Sourcecodester School Task Manager v1.0, a vulnerability was identi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba01b416667c0dd7806a9f4df88a01d3d8fca99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba01b416667c0dd7806a9f4df88a01d3d8fca99 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-29894/cacti
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f5b551eb by Salvatore Bonaccorso at 2024-05-15T11:10:32+02:00 Add CVE-2024-29894/cacti - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -906,7 +906,8 @@ CVE-2024-29895 (Cacti provides an operational monitoring and fault management fr NOTE: But fix reverted again: https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc TODO: check, might affect only 1.3.x CVE-2024-29894 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Foren ...) NOT-FOR-US: BlueRiSC WindowsSCOPE Cyber Forensics CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b551eb78aa18c2ba3378f73cd01eecbfc6293a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b551eb78aa18c2ba3378f73cd01eecbfc6293a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d7efab7 by Salvatore Bonaccorso at 2024-05-15T11:05:20+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41,69 +41,69 @@ CVE-2024-3748 (The SP Project & Document Manager WordPress plugin through 4.71 i CVE-2024-3744 (A security issue was discovered in azure-file-csi-driver where an acto ...) TODO: check CVE-2024-3634 (The month name translation benaceur WordPress plugin before 2.3.8 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3631 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3630 (The HL Twitter WordPress plugin through 2014.1.18 does not sanitise an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3629 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3548 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3407 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3406 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3405 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3189 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35175 (sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and p ...) - TODO: check + NOT-FOR-US: sshpiper CVE-2024-35109 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provi ...) TODO: check CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local attacker to ex ...) - TODO: check + NOT-FOR-US: Reportico Web CVE-2024-31483 (An authenticated sensitive information disclosure vulnerability exists ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31482 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31481 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31480 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31479 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31478 (Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31477 (Multiple authenticated command injection vulnerabilities exist in the ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31476 (Multiple authenticated command injection vulnerabilities exist in the ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31475 (There is an arbitrary file deletion vulnerability in the Central Commu ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31474 (There is an arbitrary file deletion vulnerability in the CLI service a ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31473 (There is a command injection vulnerability in the underlying deauthent ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31472 (There are command injection vulnerabilities in the underlying Soft AP ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31471 (There is a command injection vulnerability in the underlying Central C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31470 (There is a buffer overflow vulnerability in the underlying SAE (Simult ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31469 (There are buffer overflow vulnerabilities in the underlying Central Co ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31468 (There are buffer overflow vulnerabilities in the underlying Central Co ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31467 (There are buffer overflow vulnerabilities in the underlying CLI servic ...) - TODO: check + NOT-FOR-US: Aruba CVE-2024-31466 (There are buffer
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31ff945c by Salvatore Bonaccorso at 2024-05-15T10:43:35+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,43 +1,43 @@ CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL parameter, ...) - TODO: check + NOT-FOR-US: ITPison OMICARD EDM CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input parameters, a ...) - TODO: check + NOT-FOR-US: DigiWin EasyFlow .NET CVE-2024-4847 (The Alt Text AI \u2013 Automatically generate image alt text for SEO a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4734 (The Import and export users and customers plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4666 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4656 (The Import and export users and customers plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4636 (The Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4618 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4562 (In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerab ...) - TODO: check + NOT-FOR-US: WhatsUp Gold CVE-2024-4561 (In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vul ...) - TODO: check + NOT-FOR-US: WhatsUp Gold CVE-2024-4373 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4370 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4363 (The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4208 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4199 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3824 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3823 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3822 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3749 (The SP Project & Document Manager WordPress plugin through 4.71 lacks ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3748 (The SP Project & Document Manager WordPress plugin through 4.71 is mis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3744 (A security issue was discovered in azure-file-csi-driver where an acto ...) TODO: check CVE-2024-3634 (The month name translation benaceur WordPress plugin before 2.3.8 does ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31ff945cc350af64ebbd05bd10f4032968aa45a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31ff945cc350af64ebbd05bd10f4032968aa45a9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 46925bfd by security tracker role at 2024-05-15T08:12:04+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,114 @@ -CVE-2024-3044 [Graphic on-click binding allows unchecked script execution] +CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL parameter, ...) + TODO: check +CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input parameters, a ...) + TODO: check +CVE-2024-4847 (The Alt Text AI \u2013 Automatically generate image alt text for SEO a ...) + TODO: check +CVE-2024-4734 (The Import and export users and customers plugin for WordPress is vuln ...) + TODO: check +CVE-2024-4666 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...) + TODO: check +CVE-2024-4656 (The Import and export users and customers plugin for WordPress is vuln ...) + TODO: check +CVE-2024-4636 (The Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP ...) + TODO: check +CVE-2024-4618 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4562 (In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerab ...) + TODO: check +CVE-2024-4561 (In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vul ...) + TODO: check +CVE-2024-4373 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-4370 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...) + TODO: check +CVE-2024-4363 (The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress i ...) + TODO: check +CVE-2024-4208 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-4199 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-3824 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...) + TODO: check +CVE-2024-3823 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...) + TODO: check +CVE-2024-3822 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not san ...) + TODO: check +CVE-2024-3749 (The SP Project & Document Manager WordPress plugin through 4.71 lacks ...) + TODO: check +CVE-2024-3748 (The SP Project & Document Manager WordPress plugin through 4.71 is mis ...) + TODO: check +CVE-2024-3744 (A security issue was discovered in azure-file-csi-driver where an acto ...) + TODO: check +CVE-2024-3634 (The month name translation benaceur WordPress plugin before 2.3.8 does ...) + TODO: check +CVE-2024-3631 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) + TODO: check +CVE-2024-3630 (The HL Twitter WordPress plugin through 2014.1.18 does not sanitise an ...) + TODO: check +CVE-2024-3629 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...) + TODO: check +CVE-2024-3548 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) + TODO: check +CVE-2024-3407 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks ...) + TODO: check +CVE-2024-3406 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) + TODO: check +CVE-2024-3405 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check ...) + TODO: check +CVE-2024-3189 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) + TODO: check +CVE-2024-35175 (sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and p ...) + TODO: check +CVE-2024-35109 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provi ...) + TODO: check +CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local attacker to ex ...) + TODO: check +CVE-2024-31483 (An authenticated sensitive information disclosure vulnerability exists ...) + TODO: check +CVE-2024-31482 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + TODO: check +CVE-2024-31481 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31480 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31479 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...) + TODO: check +CVE-2024-31478 (Multiple unauthenticated
[Git][security-tracker-team/security-tracker][master] Process one more NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d9a382fd by Salvatore Bonaccorso at 2024-05-15T09:24:25+02:00 Process one more NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -800,7 +800,7 @@ CVE-2024-29894 (Cacti provides an operational monitoring and fault management fr CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Foren ...) NOT-FOR-US: BlueRiSC WindowsSCOPE Cyber Forensics CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23. ...) - TODO: check + NOT-FOR-US: GoCD CVE-2024-28285 (A Fault Injection vulnerability in the SymmetricDecrypt function in cr ...) TODO: check CVE-2024-28279 (Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a382fd2fe83208c219e03e9bd379adc0ef55db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a382fd2fe83208c219e03e9bd379adc0ef55db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two fastdds issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 485902de by Salvatore Bonaccorso at 2024-05-15T09:23:03+02:00 Add two fastdds issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -783,9 +783,12 @@ CVE-2024-30268 (Cacti provides an operational monitoring and fault management fr NOTE: https://github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e TODO: check, might be only affecting 1.3.y CVE-2024-30259 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) - TODO: check + - fastdds + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-qcj9-939p-p662 CVE-2024-30258 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) - TODO: check + - fastdds + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-53xw-465j-rxfh + NOTE: https://github.com/eProsima/Fast-DDS/commit/65236f93e9c4ea3ff9a49fba4dfd9e43eb94037b CVE-2024-29895 (Cacti provides an operational monitoring and fault management framewor ...) - cacti NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/485902def69179296cbd64f536842469bced309e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/485902def69179296cbd64f536842469bced309e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add three cacti issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 640aff05 by Salvatore Bonaccorso at 2024-05-15T09:22:22+02:00 Add three cacti issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -778,13 +778,20 @@ CVE-2024-31443 (Cacti provides an operational monitoring and fault management fr CVE-2024-31377 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) NOT-FOR-US: WordPress plugin CVE-2024-30268 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9m3v-whmr-pc2q + NOTE: https://github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e + TODO: check, might be only affecting 1.3.y CVE-2024-30259 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) TODO: check CVE-2024-30258 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) TODO: check CVE-2024-29895 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d + NOTE: But fix reverted again: https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc + TODO: check, might affect only 1.3.x CVE-2024-29894 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Foren ...) @@ -800,7 +807,8 @@ CVE-2024-28277 (In Sourcecodester School Task Manager v1.0, a vulnerability was CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scr ...) NOT-FOR-US: Sourcecodester School Task Manager CVE-2024-27082 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 ...) TODO: check CVE-2024-25641 (Cacti provides an operational monitoring and fault management framewor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/640aff051867ae52d516bafd3f42e136ed8b319c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/640aff051867ae52d516bafd3f42e136ed8b319c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d065bed by Salvatore Bonaccorso at 2024-05-15T09:17:59+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -198,175 +198,175 @@ CVE-2024-31485 (A vulnerability has been identified in CPCI85 Central Processing CVE-2024-31484 (A vulnerability has been identified in CPC80 Central Processing/Commun ...) NOT-FOR-US: Siemens CVE-2024-30209 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-30208 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-30207 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-30206 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-30059 (Microsoft Intune for Android Mobile Application Management Tampering V ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30054 (Microsoft Power BI Client JavaScript SDK Information Disclosure Vulner ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30053 (Azure Migrate Cross-Site Scripting Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30050 (Windows Mark of the Web Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30049 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30048 (Dynamics 365 Customer Insights Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30047 (Dynamics 365 Customer Insights Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30046 (Visual Studio Denial of Service Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30045 (.NET and Visual Studio Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30044 (Microsoft SharePoint Server Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30043 (Microsoft SharePoint Server Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30042 (Microsoft Excel Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30041 (Microsoft Bing Search Spoofing Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30040 (Windows MSHTML Platform Security Feature Bypass Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30039 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30038 (Win32k Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30037 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30036 (Windows Deployment Services Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30035 (Windows DWM Core Library Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30034 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30033 (Windows Search Service Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30032 (Windows DWM Core Library Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30031 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30030 (Win32k Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30029 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30028 (Win32k Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30027 (NTFS Elevation of Privilege Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30025 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-30024 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b30c5f57 by Salvatore Bonaccorso at 2024-05-15T08:56:24+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36,7 +36,7 @@ CVE-2024-35009 (idccms v1.35 was discovered to contain a Cross-Site Request Forg CVE-2024-34950 (D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer ...) NOT-FOR-US: D-Link CVE-2024-34914 (php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a wea ...) - TODO: check + NOT-FOR-US: php-censor CVE-2024-34773 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) NOT-FOR-US: Siemens CVE-2024-34772 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) @@ -48,9 +48,9 @@ CVE-2024-34717 (PrestaShop is an open source e-commerce web application. In Pres CVE-2024-34716 (PrestaShop is an open source e-commerce web application. A cross-site ...) NOT-FOR-US: PrestaShop CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hoppscotch ...) - TODO: check + NOT-FOR-US: Hoppscotch CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...) - TODO: check + NOT-FOR-US: cea-hpc sshproxy CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...) TODO: check CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...) @@ -66,11 +66,11 @@ CVE-2024-34256 (OFCMS V1.1.2 is vulnerable to SQL Injection via the new table fu CVE-2024-34243 (Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the user ...) NOT-FOR-US: Konga CVE-2024-34191 (htmly v2.9.6 was discovered to contain an arbitrary file deletion vuln ...) - TODO: check + NOT-FOR-US: htmly CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-34085 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33868 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is L ...) NOT-FOR-US: linqi CVE-2024-33867 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) @@ -134,41 +134,41 @@ CVE-2024-32465 (Git is a revision control system. The Git project recommends to NOTE: https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7 CVE-2024-32355 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-32354 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-32353 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-32352 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-32351 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-32350 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-32349 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an a ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-32066 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-32065 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-32064 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-32063 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-32062 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-32061 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-32060 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-32059 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-32058 (A vulnerability has been identified in PS/IGES Parasolid
[Git][security-tracker-team/security-tracker][master] Process new git CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fd9365d by Salvatore Bonaccorso at 2024-05-15T08:55:47+02:00 Process new git CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -130,7 +130,9 @@ CVE-2024-32636 (A vulnerability has been identified in Parasolid V35.1 (All vers CVE-2024-32635 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32465 (Git is a revision control system. The Git project recommends to avoid ...) - TODO: check + - git + NOTE: https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 + NOTE: https://github.com/git/git/commit/7b70e9efb18c2cc3f219af399bd384c5801ba1d7 CVE-2024-32355 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) TODO: check CVE-2024-32354 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) @@ -168,13 +170,21 @@ CVE-2024-32057 (A vulnerability has been identified in PS/IGES Parasolid Transla CVE-2024-32055 (A vulnerability has been identified in PS/IGES Parasolid Translator Co ...) TODO: check CVE-2024-32021 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - TODO: check + - git + NOTE: https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 CVE-2024-32020 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - TODO: check + - git + NOTE: https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj + NOTE: https://github.com/git/git/commit/1204e1a824c34071019fe106348eaa6d88f9528d + NOTE: https://github.com/git/git/commit/9e65df5eab274bf74c7b570107aacd1303a1e703 CVE-2024-32004 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - TODO: check + - git + NOTE: https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 + NOTE: https://github.com/git/git/commit/f4aa8c8bb11dae6e769cd930565173808cbb69c8 CVE-2024-32002 (Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2. ...) - TODO: check + - git + NOTE: https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv + NOTE: https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d CVE-2024-31980 (A vulnerability has been identified in Parasolid V35.1 (All versions < ...) TODO: check CVE-2024-31491 (A client-side enforcement of server-side security in Fortinet FortiSan ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fd9365dec3054f89b041e8b7bb4ef59bd6d0c86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fd9365dec3054f89b041e8b7bb4ef59bd6d0c86 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two mongodb CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e66c374f by Salvatore Bonaccorso at 2024-05-15T08:54:30+02:00 Process two mongodb CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22,9 +22,9 @@ CVE-2024-3676 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Prote CVE-2024-3579 (Open-source project Online Shopping System Advanced is vulnerable to R ...) NOT-FOR-US: Open-source project Online Shopping System Advanced CVE-2024-3374 (An unauthenticated user can trigger a fatal assertion in the server wh ...) - TODO: check + - mongodb CVE-2024-3372 (Improper validation of certain metadata input may result in the server ...) - TODO: check + - mongodb CVE-2024-35012 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: idccms CVE-2024-35011 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e66c374ffbd8d4c94aa7b3c79173e81a49370762 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e66c374ffbd8d4c94aa7b3c79173e81a49370762 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-4761/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b617cf6 by Salvatore Bonaccorso at 2024-05-15T07:35:14+02:00 Track fixed version for CVE-2024-4761/chromium - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -604,7 +604,7 @@ CVE-2024-0870 (The YITH WooCommerce Gift Cards plugin for WordPress is vulnerabl CVE-2023-6812 (The WP Compress \u2013 Image Optimizer [All-In-One plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-4761 (Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 all ...) - - chromium + - chromium 124.0.6367.207-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 tha ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b617cf64dd7dec0ea4441603f8c54dd73dd20b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b617cf64dd7dec0ea4441603f8c54dd73dd20b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1af38640 by Salvatore Bonaccorso at 2024-05-15T07:32:31+02:00 Track fixed version for thunderbird via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -409,7 +409,7 @@ CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs sho CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ...) - firefox 126.0-1 - firefox-esr 115.11.0esr-1 - - thunderbird + - thunderbird 1:115.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4777 @@ -434,28 +434,28 @@ CVE-2024-4771 (A memory allocation check was missing which would lead to a use-a CVE-2024-4770 (When saving a page to PDF, certain font styles could have led to a pot ...) - firefox 126.0-1 - firefox-esr 115.11.0esr-1 - - thunderbird + - thunderbird 1:115.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 CVE-2024-4769 (When importing resources using Web Workers, error messages would disti ...) - firefox 126.0-1 - firefox-esr 115.11.0esr-1 - - thunderbird + - thunderbird 1:115.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it easier ...) - firefox 126.0-1 - firefox-esr 115.11.0esr-1 - - thunderbird + - thunderbird 1:115.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768 CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is enabled, Inde ...) - firefox 126.0-1 - firefox-esr 115.11.0esr-1 - - thunderbird + - thunderbird 1:115.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4767 @@ -468,7 +468,7 @@ CVE-2024-4765 (Web application manifests were stored by using an insecure MD5 ha CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which would al ...) - firefox 126.0-1 - firefox-esr 115.11.0esr-1 - - thunderbird + - thunderbird 1:115.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4367 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4367 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4367 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af38640ff9649a8a0dc23b55a88842c02c85408 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1af38640ff9649a8a0dc23b55a88842c02c85408 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr via unstable for mfsa2024-22
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fde9a919 by Salvatore Bonaccorso at 2024-05-15T06:22:54+02:00 Track fixed version for firefox-esr via unstable for mfsa2024-22 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -408,7 +408,7 @@ CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs sho NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778 CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ...) - firefox 126.0-1 - - firefox-esr + - firefox-esr 115.11.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777 @@ -433,28 +433,28 @@ CVE-2024-4771 (A memory allocation check was missing which would lead to a use-a NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771 CVE-2024-4770 (When saving a page to PDF, certain font styles could have led to a pot ...) - firefox 126.0-1 - - firefox-esr + - firefox-esr 115.11.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 CVE-2024-4769 (When importing resources using Web Workers, error messages would disti ...) - firefox 126.0-1 - - firefox-esr + - firefox-esr 115.11.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it easier ...) - firefox 126.0-1 - - firefox-esr + - firefox-esr 115.11.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768 CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is enabled, Inde ...) - firefox 126.0-1 - - firefox-esr + - firefox-esr 115.11.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4767 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4767 @@ -467,7 +467,7 @@ CVE-2024-4765 (Web application manifests were stored by using an insecure MD5 ha NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765 CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which would al ...) - firefox 126.0-1 - - firefox-esr + - firefox-esr 115.11.0esr-1 - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4367 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4367 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fde9a919943fd2fc0a10ae8df962ea410ff02db3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fde9a919943fd2fc0a10ae8df962ea410ff02db3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox for mfsa2024-21 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c4ef70b by Salvatore Bonaccorso at 2024-05-15T06:17:37+02:00 Track fixed version for firefox for mfsa2024-21 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -404,56 +404,56 @@ CVE-2023-36640 (A use of externally-controlled format string in Fortinet FortiPr CVE-2023-35841 (Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Dri ...) TODO: check CVE-2024-4778 (Memory safety bugs present in Firefox 125. Some of these bugs showed e ...) - - firefox + - firefox 126.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4778 CVE-2024-4777 (Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thu ...) - - firefox + - firefox 126.0-1 - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4777 CVE-2024-4776 (A file dialog shown while in full-screen mode could have resulted in t ...) - - firefox + - firefox 126.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4776 CVE-2024-4775 (An iterator stop condition was missing when handling WASM code in the ...) - - firefox + - firefox 126.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4775 CVE-2024-4774 (The `ShmemCharMapHashEntry()` code was susceptible to potentially unde ...) - - firefox + - firefox 126.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4774 CVE-2024-4773 (When a network error occurred during page load, the prior content coul ...) - - firefox + - firefox 126.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4773 CVE-2024-4772 (An HTTP digest authentication nonce value was generated using `rand()` ...) - - firefox + - firefox 126.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4772 CVE-2024-4771 (A memory allocation check was missing which would lead to a use-after- ...) - - firefox + - firefox 126.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4771 CVE-2024-4770 (When saving a page to PDF, certain font styles could have led to a pot ...) - - firefox + - firefox 126.0-1 - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 CVE-2024-4769 (When importing resources using Web Workers, error messages would disti ...) - - firefox + - firefox 126.0-1 - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769 CVE-2024-4768 (A bug in popup notifications' interaction with WebAuthn made it easier ...) - - firefox + - firefox 126.0-1 - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768 CVE-2024-4767 (If the `browser.privatebrowsing.autostart` preference is enabled, Inde ...) - - firefox + - firefox 126.0-1 - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4767 @@ -466,14 +466,14 @@ CVE-2024-4765 (Web application manifests were stored by using an insecure MD5 ha - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4765 CVE-2024-4367 (A type check was missing when handling fonts in PDF.js, which would al ...) - - firefox + - firefox 126.0-1 - firefox-esr - thunderbird NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/#CVE-2024-4367 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4367 NOTE:
[Git][security-tracker-team/security-tracker][master] Reassociate several octoprint CVEs with itp'ed entry
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 70fad04c by Salvatore Bonaccorso at 2024-05-15T00:16:22+02:00 Reassociate several octoprint CVEs with itped entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -114,7 +114,7 @@ CVE-2024-33489 (A vulnerability has been identified in Solid Edge (All versions CVE-2024-33485 (SQL Injection vulnerability in CASAP Automated Enrollment System using ...) NOT-FOR-US: CASAP Automated Enrollment System CVE-2024-32977 (OctoPrint provides a web interface for controlling consumer 3D printer ...) - NOT-FOR-US: OctoPrint + - octoprint (bug #718591) CVE-2024-32742 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) NOT-FOR-US: Siemens CVE-2024-32741 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) @@ -18897,7 +18897,7 @@ CVE-2024-28249 (Cilium is a networking, observability, and security solution wit CVE-2024-28248 (Cilium is a networking, observability, and security solution with an e ...) - cilium (bug #858303) CVE-2024-28237 (OctoPrint provides a web interface for controlling consumer 3D printer ...) - NOT-FOR-US: OctoPrint + - octoprint (bug #718591) CVE-2024-26369 (An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x ...) [experimental] - fastdds 2.14.0+ds-1 - fastdds 2.14.0+ds-2 (bug #1067180) @@ -30538,7 +30538,7 @@ CVE-2024-24579 (stereoscope is a go library for processing container images and CVE-2024-24566 (Lobe Chat is a chatbot framework that supports speech synthesis, multi ...) NOT-FOR-US: Lobe Chat CVE-2024-23637 (OctoPrint is a web interface for 3D printer.s OctoPrint versions up un ...) - NOT-FOR-US: OctoPrint + - octoprint (bug #718591) CVE-2024-23508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-23507 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) @@ -51862,7 +51862,7 @@ CVE-2023-41667 (Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjamins CVE-2023-41660 (Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchr ...) NOT-FOR-US: WordPress plugin CVE-2023-41047 (OctoPrint is a web interface for 3D printers. OctoPrint versions up un ...) - NOT-FOR-US: OctoPrint + - octoprint (bug #718591) CVE-2023-3589 (A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork C ...) NOT-FOR-US: Teamwork Cloudt CVE-2023-39189 (A flaw was found in the Netfilter subsystem in the Linux kernel. The n ...) @@ -221138,9 +221138,9 @@ CVE-2021-32564 CVE-2021-32562 RESERVED CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages include t ...) - NOT-FOR-US: OctoPrint + - octoprint (bug #718591) CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...) - NOT-FOR-US: OctoPrint + - octoprint (bug #718591) CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...) NOT-FOR-US: pywin32 CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70fad04cde6bb41265b6f78bb87942dae0bdec41 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70fad04cde6bb41265b6f78bb87942dae0bdec41 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-34340/cacti
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a08b31d7 by Salvatore Bonaccorso at 2024-05-15T00:15:06+02:00 Add CVE-2024-34340/cacti - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -708,7 +708,8 @@ CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in CVE-2024-34353 (The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is a ...) TODO: check CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m CVE-2024-34231 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-34230 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a08b31d72573ebd6a9fc322f1f15287cc15293a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a08b31d72573ebd6a9fc322f1f15287cc15293a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7470201b by Salvatore Bonaccorso at 2024-05-15T00:14:29+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54,17 +54,17 @@ CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...) TODO: check CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...) - TODO: check + NOT-FOR-US: TYPO3 CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version ...) - TODO: check + NOT-FOR-US: TYPO3 CVE-2024-34356 (TYPO3 is an enterprise content management system. Starting in version ...) - TODO: check + NOT-FOR-US: TYPO3 CVE-2024-34355 (TYPO3 is an enterprise content management system. Starting in version ...) - TODO: check + NOT-FOR-US: TYPO3 CVE-2024-34256 (OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function ...) - TODO: check + NOT-FOR-US: OFCMS CVE-2024-34243 (Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the user ...) - TODO: check + NOT-FOR-US: Konga CVE-2024-34191 (htmly v2.9.6 was discovered to contain an arbitrary file deletion vuln ...) TODO: check CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) @@ -72,63 +72,63 @@ CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V23 CVE-2024-34085 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) TODO: check CVE-2024-33868 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is L ...) - TODO: check + NOT-FOR-US: linqi CVE-2024-33867 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) - TODO: check + NOT-FOR-US: linqi CVE-2024-33866 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) - TODO: check + NOT-FOR-US: linqi CVE-2024-33865 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) - TODO: check + NOT-FOR-US: linqi CVE-2024-33864 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is S ...) - TODO: check + NOT-FOR-US: linqi CVE-2024-33863 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) - TODO: check + NOT-FOR-US: linqi CVE-2024-33647 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33583 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33577 (A vulnerability has been identified in Simcenter Nastran 2306 (All ver ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33499 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33498 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33497 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33496 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33495 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33494 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33493 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33492 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33491 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33490 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33489 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-33485 (SQL Injection vulnerability in CASAP Automated Enrollment System using ...) - TODO: check + NOT-FOR-US: CASAP Automated Enrollment System CVE-2024-32977 (OctoPrint provides a web interface for controlling consumer 3D printer ...) - TODO: check + NOT-FOR-US: OctoPrint CVE-2024-32742 (A vulnerability has been
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4853/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b2ca4e5 by Salvatore Bonaccorso at 2024-05-14T23:58:44+02:00 Add CVE-2024-4853/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -488,7 +488,9 @@ CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/15047 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/15499 CVE-2024-4853 (Memory handling issue in editcap could cause denial of service via cra ...) - TODO: check + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2024-08.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19724 CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a toolse ...) NOT-FOR-US: Red Hat OpenStack Platform CVE-2024-4810 (In register_device, the return value of ida_simple_get is unchecked, i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b2ca4e5019141b7376b4e13e091099fbc919a2c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b2ca4e5019141b7376b4e13e091099fbc919a2c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1274349a by Salvatore Bonaccorso at 2024-05-14T23:58:13+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2,51 +2,51 @@ CVE-2024-3044 [Graphic on-click binding allows unchecked script execution] - libreoffice 4:24.2.3~rc1-2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/ CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...) - TODO: check + NOT-FOR-US: Red Hat Satellite CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4859 (Solidus <= 4.3.4is affected by a Stored Cross-Site Scripting vulnerabi ...) - TODO: check + NOT-FOR-US: Solidus CVE-2024-4624 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4473 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4440 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4392 (The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4333 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3676 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3579 (Open-source project Online Shopping System Advanced is vulnerable to R ...) - TODO: check + NOT-FOR-US: Open-source project Online Shopping System Advanced CVE-2024-3374 (An unauthenticated user can trigger a fatal assertion in the server wh ...) TODO: check CVE-2024-3372 (Improper validation of certain metadata input may result in the server ...) TODO: check CVE-2024-35012 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35011 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35010 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-35009 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: idccms CVE-2024-34950 (D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-34914 (php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a wea ...) TODO: check CVE-2024-34773 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-34772 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-34771 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-34717 (PrestaShop is an open source e-commerce web application. In PrestaShop ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2024-34716 (PrestaShop is an open source e-commerce web application. A cross-site ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hoppscotch ...) TODO: check CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1274349a463fb472f2ea6d6535c66578cc38d73e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1274349a463fb472f2ea6d6535c66578cc38d73e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3044/libreoffice
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ece5454d by Salvatore Bonaccorso at 2024-05-14T23:37:41+02:00 Add CVE-2024-3044/libreoffice - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2024-3044 [Graphic on-click binding allows unchecked script execution] + - libreoffice 4:24.2.3~rc1-2 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/ CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...) TODO: check CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ece5454de614ff567a8e9140ee333a253d6e6d26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ece5454de614ff567a8e9140ee333a253d6e6d26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52088067 by security tracker role at 2024-05-14T20:11:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,73 +1,475 @@ -CVE-2024-4778 +CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...) + TODO: check +CVE-2024-4860 (The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are ...) + TODO: check +CVE-2024-4859 (Solidus <= 4.3.4is affected by a Stored Cross-Site Scripting vulnerabi ...) + TODO: check +CVE-2024-4624 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4473 (The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-4440 (The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for Wo ...) + TODO: check +CVE-2024-4392 (The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for Wor ...) + TODO: check +CVE-2024-4333 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...) + TODO: check +CVE-2024-3676 (The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection ...) + TODO: check +CVE-2024-3579 (Open-source project Online Shopping System Advanced is vulnerable to R ...) + TODO: check +CVE-2024-3374 (An unauthenticated user can trigger a fatal assertion in the server wh ...) + TODO: check +CVE-2024-3372 (Improper validation of certain metadata input may result in the server ...) + TODO: check +CVE-2024-35012 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35011 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35010 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-35009 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-34950 (D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer ...) + TODO: check +CVE-2024-34914 (php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a wea ...) + TODO: check +CVE-2024-34773 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34772 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34771 (A vulnerability has been identified in Solid Edge (All versions < V224 ...) + TODO: check +CVE-2024-34717 (PrestaShop is an open source e-commerce web application. In PrestaShop ...) + TODO: check +CVE-2024-34716 (PrestaShop is an open source e-commerce web application. A cross-site ...) + TODO: check +CVE-2024-34714 (The Hoppscotch Browser Extension is a browser extension for Hoppscotch ...) + TODO: check +CVE-2024-34713 (sshproxy is used on a gateway to transparently proxy a user SSH connec ...) + TODO: check +CVE-2024-34712 (Oceanic is a NodeJS library for interfacing with Discord. Prior to ver ...) + TODO: check +CVE-2024-34358 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34357 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34356 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34355 (TYPO3 is an enterprise content management system. Starting in version ...) + TODO: check +CVE-2024-34256 (OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function ...) + TODO: check +CVE-2024-34243 (Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the user ...) + TODO: check +CVE-2024-34191 (htmly v2.9.6 was discovered to contain an arbitrary file deletion vuln ...) + TODO: check +CVE-2024-34086 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) + TODO: check +CVE-2024-34085 (A vulnerability has been identified in JT2Go (All versions < V2312.000 ...) + TODO: check +CVE-2024-33868 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is L ...) + TODO: check +CVE-2024-33867 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) + TODO: check +CVE-2024-33866 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is / ...) + TODO: check +CVE-2024-33865 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is a ...) + TODO: check +CVE-2024-33864 (An issue was discovered in linqi before 1.4.0.1 on Windows. There is S ...) + TODO: check +CVE-2024-33863 (An issue was discovered in linqi before 1.4.0.1 on Windows. There
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fa9a4f6 by security tracker role at 2024-05-14T08:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,122 @@ -CVE-2024-4761 +CVE-2024-4855 (Use after free issue in editcap could cause denial of service via craf ...) + TODO: check +CVE-2024-4854 (MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4. ...) + TODO: check +CVE-2024-4853 (Memory handling issue in editcap could cause denial of service via cra ...) + TODO: check +CVE-2024-4840 (An flaw was found in the OpenStack Platform (RHOSP) director, a toolse ...) + TODO: check +CVE-2024-4810 (In register_device, the return value of ida_simple_get is unchecked, i ...) + TODO: check +CVE-2024-4712 (An arbitrary file creation vulnerability exists in PaperCut NG/MF that ...) + TODO: check +CVE-2024-4445 (The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPre ...) + TODO: check +CVE-2024-4144 (The Simple Basic Contact Form plugin for WordPress for WordPress is vu ...) + TODO: check +CVE-2024-4139 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) + TODO: check +CVE-2024-4138 (Manage Bank Statement ReProcessing Rules does not perform necessary au ...) + TODO: check +CVE-2024-3241 (The Ultimate Blocks WordPress plugin before 3.1.7 does not validate a ...) + TODO: check +CVE-2024-3037 (An arbitrary file deletion vulnerability exists in PaperCut NG/MF that ...) + TODO: check +CVE-2024-34687 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not suf ...) + TODO: check +CVE-2024-33878 + REJECTED +CVE-2024-33009 (SAP Global Label Management is vulnerable to SQL injection. On exploit ...) + TODO: check +CVE-2024-33008 (SAP Replication Server allows an attacker to use gateway for executing ...) + TODO: check +CVE-2024-33007 (PDFViewer is a control delivered as part of SAPUI5 product which shows ...) + TODO: check +CVE-2024-33006 (An unauthenticated attacker can upload a malicious file to the server ...) + TODO: check +CVE-2024-33004 (SAP Business Objects Business Intelligence Platform is vulnerable to I ...) + TODO: check +CVE-2024-33002 (Document Service handler (obsolete) in Data Provisioning Service does ...) + TODO: check +CVE-2024-33000 (SAP Bank Account Management does not perform necessary authorization c ...) + TODO: check +CVE-2024-32733 (Due to missing input validation and output encoding of untrusted data, ...) + TODO: check +CVE-2024-32731 (SAP My Travel Requests does not perform necessary authorization checks ...) + TODO: check +CVE-2024-28165 (SAP Business Objects Business Intelligence Platform is vulnerable to s ...) + TODO: check +CVE-2024-27852 (A privacy issue was addressed with improved client ID handling for alt ...) + TODO: check +CVE-2024-27847 (This issue was addressed with improved checks This issue is fixed in i ...) + TODO: check +CVE-2024-27843 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2024-27842 (The issue was addressed with improved checks. This issue is fixed in m ...) + TODO: check +CVE-2024-27841 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27839 (A privacy issue was addressed by moving sensitive data to a more secur ...) + TODO: check +CVE-2024-27837 (A downgrade issue was addressed with additional code-signing restricti ...) + TODO: check +CVE-2024-27835 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-27834 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-27829 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27827 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-27825 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) + TODO: check +CVE-2024-27824 (This issue was addressed by removing the vulnerable code. This issue i ...) + TODO: check +CVE-2024-27822 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2024-27821 (A path handling issue was addressed with improved validation. This iss ...) + TODO: check +CVE-2024-27818 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27816 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2024-27813 (The issue was addressed with
[Git][security-tracker-team/security-tracker][master] 2 commits: Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac7aabf4 by Salvatore Bonaccorso at 2024-05-14T07:52:11+02:00 Add chromium to dsa-needed list - - - - - eed61e3b by Salvatore Bonaccorso at 2024-05-14T07:52:30+02:00 Add CVE-2024-4761/chromium - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-4761 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 tha ...) NOT-FOR-US: Agentejo Cockpit CMS CVE-2024-4824 (Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injecti ...) = data/dsa-needed.txt = @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +chromium (dilinger) -- dnsdist (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1c829d004a5af971ebc18fd9bcd609ae45404f76...eed61e3b47a43d4aa2ae979c98ee3cbf2cfff452 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1c829d004a5af971ebc18fd9bcd609ae45404f76...eed61e3b47a43d4aa2ae979c98ee3cbf2cfff452 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-4759/jgit via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c829d00 by Salvatore Bonaccorso at 2024-05-14T06:48:06+02:00 Track fixed version for CVE-2023-4759/jgit via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54976,7 +54976,7 @@ CVE-2023-4914 (Relative Path Traversal in GitHub repository cecilapp/cecil prior CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/c ...) NOT-FOR-US: cecil.app CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, al ...) - - jgit (bug #1055853) + - jgit 6.7.0-1 (bug #1055853) [bookworm] - jgit (Minor issue) [bullseye] - jgit (Minor issue) [buster] - jgit (Minor issue. Only case-insensitive filesystems are affected) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c829d004a5af971ebc18fd9bcd609ae45404f76 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c829d004a5af971ebc18fd9bcd609ae45404f76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new set of cacti issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f140717 by Salvatore Bonaccorso at 2024-05-13T22:51:54+02:00 Add new set of cacti issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -135,17 +135,26 @@ CVE-2024-31810 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain CVE-2024-31771 (Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local ...) NOT-FOR-US: TotalAV CVE-2024-31460 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r CVE-2024-31459 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r CVE-2024-31458 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x CVE-2024-31445 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc + NOTE: https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886 CVE-2024-31444 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87 CVE-2024-31443 (Cacti provides an operational monitoring and fault management framewor ...) - TODO: check + - cacti + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 + NOTE: https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf CVE-2024-31377 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) NOT-FOR-US: WordPress plugin CVE-2024-30268 (Cacti provides an operational monitoring and fault management framewor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f14071758bf1476d798b1291d8a5b3fa00a7ee2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f14071758bf1476d798b1291d8a5b3fa00a7ee2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new issues in mantis
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2f238d43 by Salvatore Bonaccorso at 2024-05-13T22:45:03+02:00 Add new issues in mantis - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -117,11 +117,11 @@ CVE-2024-34222 (Sourcecodester Human Resource Management System 1.0 is vulnerabl CVE-2024-34221 (Sourcecodester Human Resource Management System 1.0 is vulnerable to I ...) NOT-FOR-US: Sourcecodester Human Resource Management System CVE-2024-34081 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. Improp ...) - TODO: check + - mantis CVE-2024-34080 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an i ...) - TODO: check + - mantis CVE-2024-34077 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insuffi ...) - TODO: check + - mantis CVE-2024-33433 (Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B2 ...) NOT-FOR-US: TOTOLINK CVE-2024-33386 (An issue in SoundCloud Prometheu v.2.5.1 and before allows a remote at ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f238d436c5391d9a2525e1a743f4be4eaebff86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f238d436c5391d9a2525e1a743f4be4eaebff86 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-34459/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 094b5e1f by Salvatore Bonaccorso at 2024-05-13T22:44:22+02:00 Add CVE-2024-34459/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -88,7 +88,8 @@ CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...) NOT-FOR-US: WordPress plugin CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) - TODO: check + - libxml2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) NOT-FOR-US: WordPress plugin CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/094b5e1f514e8e102e5adf039f7310c959467502 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/094b5e1f514e8e102e5adf039f7310c959467502 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2897f4ec by Salvatore Bonaccorso at 2024-05-13T22:43:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -86,7 +86,7 @@ CVE-2024-34698 (FreeScout is a free, self-hosted help desk and shared mailbox. V CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A store ...) TODO: check CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in URBAN ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) TODO: check CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) @@ -122,17 +122,17 @@ CVE-2024-34080 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. I CVE-2024-34077 (MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insuffi ...) TODO: check CVE-2024-33433 (Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B2 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-33386 (An issue in SoundCloud Prometheu v.2.5.1 and before allows a remote at ...) TODO: check CVE-2024-33250 (An issue in Open-Source Technology Committee SRS real-time video serve ...) TODO: check CVE-2024-32100 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31810 (TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hard ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-31771 (Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local ...) - TODO: check + NOT-FOR-US: TotalAV CVE-2024-31460 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-31459 (Cacti provides an operational monitoring and fault management framewor ...) @@ -146,7 +146,7 @@ CVE-2024-31444 (Cacti provides an operational monitoring and fault management fr CVE-2024-31443 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-31377 (Unrestricted Upload of File with Dangerous Type vulnerability in J.N. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30268 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-30259 (FastDDS is a C++ implementation of the DDS (Data Distribution Service) ...) @@ -158,17 +158,17 @@ CVE-2024-29895 (Cacti provides an operational monitoring and fault management fr CVE-2024-29894 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-29513 (An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Foren ...) - TODO: check + NOT-FOR-US: BlueRiSC WindowsSCOPE Cyber Forensics CVE-2024-28866 (GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23. ...) TODO: check CVE-2024-28285 (A Fault Injection vulnerability in the SymmetricDecrypt function in cr ...) TODO: check CVE-2024-28279 (Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection v ...) - TODO: check + NOT-FOR-US: Code-projects Computer Book Store CVE-2024-28277 (In Sourcecodester School Task Manager v1.0, a vulnerability was identi ...) - TODO: check + NOT-FOR-US: Sourcecodester School Task Manager CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scr ...) - TODO: check + NOT-FOR-US: Sourcecodester School Task Manager CVE-2024-27082 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2897f4ec38e6bf64277a4a71b23528fe7b3fbc14 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2897f4ec38e6bf64277a4a71b23528fe7b3fbc14 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5833e85e by Salvatore Bonaccorso at 2024-05-13T22:38:27+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36,41 +36,41 @@ CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food administr ...) TODO: check CVE-2024-35172 (Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35171 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35167 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35166 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) TODO: check CVE-2024-35165 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-35099 (TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stac ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-35050 (An issue in SurveyKing v1.3.1 allows attackers to escalate privileges ...) - TODO: check + NOT-FOR-US: SurveyKing CVE-2024-35049 (SurveyKing v1.3.1 was discovered to keep users' sessions active after ...) - TODO: check + NOT-FOR-US: SurveyKing CVE-2024-35048 (An issue in SurveyKing v1.3.1 allows attackers to execute a session re ...) - TODO: check + NOT-FOR-US: SurveyKing CVE-2024-34921 (TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a co ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-34899 (WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).) - TODO: check + NOT-FOR-US: WWBN AVideo CVE-2024-34812 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34749 (Phormer prior to version 3.35 contains a cross-site scripting vulnerab ...) - TODO: check + NOT-FOR-US: Phormer CVE-2024-34709 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-34708 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2024-34707 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) TODO: check CVE-2024-34706 (Valtimo is an open source business process and case management platfor ...) @@ -90,31 +90,31 @@ CVE-2024-34555 (Unrestricted Upload of File with Dangerous Type vulnerability in CVE-2024-34459 (An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...) TODO: check CVE-2024-34440 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in Pk Fa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in Thoma ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34353 (matrix-rust-sdk is an implementation of a Matrix client-server library ...) TODO: check CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...) TODO: check CVE-2024-34231 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) - TODO: check + NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-34230 (A cross-site scripting (XSS) vulnerability in Sourcecodester Laborator ...) - TODO: check + NOT-FOR-US: Sourcecodester Laboratory Management System CVE-2024-34226 (SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor ...) - TODO: check + NOT-FOR-US: SourceCodester Visitor Management System CVE-2024-34225 (Cross Site Scripting vulnerability in php-lms/admin/?page=system_info ...) - TODO: check + NOT-FOR-US: Computer Laboratory Management System using PHP and MySQL CVE-2024-34224 (Cross
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4067/node-micromatch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 346c19b1 by Salvatore Bonaccorso at 2024-05-13T22:37:38+02:00 Add CVE-2024-4067/node-micromatch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -28,7 +28,9 @@ CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters - node-braces NOTE: https://github.com/micromatch/braces/issues/35 CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) - TODO: check + - node-micromatch + NOTE: https://github.com/micromatch/micromatch/issues/243 + NOTE: https://github.com/micromatch/micromatch/pull/247 CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...) TODO: check CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food administr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/346c19b1713b57bc256af91004bbe78b1adbde1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/346c19b1713b57bc256af91004bbe78b1adbde1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4068/node-braces
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7eb6c89b by Salvatore Bonaccorso at 2024-05-13T22:37:05+02:00 Add CVE-2024-4068/node-braces - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,7 +25,8 @@ CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie R CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...) - TODO: check + - node-braces + NOTE: https://github.com/micromatch/braces/issues/35 CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) TODO: check CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eb6c89b80bc0280277fade5100753dd516f4127 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7eb6c89b80bc0280277fade5100753dd516f4127 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5df7377b by Salvatore Bonaccorso at 2024-05-13T22:22:13+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,29 @@ CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 tha ...) - TODO: check + NOT-FOR-US: Agentejo Cockpit CMS CVE-2024-4824 (Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injecti ...) - TODO: check + NOT-FOR-US: School ERP Pro+Responsive CVE-2024-4823 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) - TODO: check + NOT-FOR-US: School ERP Pro+Responsive CVE-2024-4822 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) - TODO: check + NOT-FOR-US: School ERP Pro+Responsive CVE-2024-4820 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) - TODO: check + NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2024-4819 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4818 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4817 (A vulnerability has been found in Campcodes Online Laundry Management ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4816 (A vulnerability, which was classified as critical, was found in Ruijie ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-4815 (A vulnerability, which was classified as critical, has been found in R ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-4814 (A vulnerability classified as critical was found in Ruijie RG-UAC up t ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie RG-UAC ...) - TODO: check + NOT-FOR-US: Ruijie RG-UAC CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...) TODO: check CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5df7377b92db6ee0318b14ab32b92b7129e06bc7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5df7377b92db6ee0318b14ab32b92b7129e06bc7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 652d3782 by security tracker role at 2024-05-13T20:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,28 +1,214 @@ -CVE-2024-27401 [firewire: nosy: ensure user_length is taken into account when fetching packet contents] +CVE-2024-4825 (A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 tha ...) + TODO: check +CVE-2024-4824 (Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injecti ...) + TODO: check +CVE-2024-4823 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) + TODO: check +CVE-2024-4822 (Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the ...) + TODO: check +CVE-2024-4820 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + TODO: check +CVE-2024-4819 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4818 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4817 (A vulnerability has been found in Campcodes Online Laundry Management ...) + TODO: check +CVE-2024-4816 (A vulnerability, which was classified as critical, was found in Ruijie ...) + TODO: check +CVE-2024-4815 (A vulnerability, which was classified as critical, has been found in R ...) + TODO: check +CVE-2024-4814 (A vulnerability classified as critical was found in Ruijie RG-UAC up t ...) + TODO: check +CVE-2024-4813 (A vulnerability classified as critical has been found in Ruijie RG-UAC ...) + TODO: check +CVE-2024-4747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4068 (The NPM package `braces` fails to limit the number of characters it ca ...) + TODO: check +CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...) + TODO: check +CVE-2024-3462 (Ant Media Server Community Edition in a default configuration is vulne ...) + TODO: check +CVE-2024-3263 (YMS VIS Pro is an information system for veterinary and food administr ...) + TODO: check +CVE-2024-35172 (Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPi ...) + TODO: check +CVE-2024-35171 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35167 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-35166 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35165 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-35099 (TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stac ...) + TODO: check +CVE-2024-35050 (An issue in SurveyKing v1.3.1 allows attackers to escalate privileges ...) + TODO: check +CVE-2024-35049 (SurveyKing v1.3.1 was discovered to keep users' sessions active after ...) + TODO: check +CVE-2024-35048 (An issue in SurveyKing v1.3.1 allows attackers to execute a session re ...) + TODO: check +CVE-2024-34921 (TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a co ...) + TODO: check +CVE-2024-34899 (WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).) + TODO: check +CVE-2024-34812 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-34811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-34749 (Phormer prior to version 3.35 contains a cross-site scripting vulnerab ...) + TODO: check +CVE-2024-34709 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-34708 (Directus is a real-time API and App dashboard for managing SQL databas ...) + TODO: check +CVE-2024-34707 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) + TODO: check +CVE-2024-34706 (Valtimo is an open source business process and case management platfor ...) + TODO: check +CVE-2024-34704 (era-compiler-solidity is the ZKsync compiler for Solidity. The proble ...) + TODO: check +CVE-2024-34701 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) + TODO: check +CVE-2024-34699 (GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bcc1c6ec by Salvatore Bonaccorso at 2024-05-13T17:52:58+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2024-27401 [firewire: nosy: ensure user_length is taken into account when fetching packet contents] + - linux + NOTE: https://git.kernel.org/linus/38762a0763c10c24a4915feee722d7aa6e73eb98 (6.9-rc7) +CVE-2024-27400 [drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7) +CVE-2024-27399 [Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout] + - linux + NOTE: https://git.kernel.org/linus/adf0398cee86643b8eacde95f17d073d022f782c (6.9) +CVE-2024-27398 [Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout] + - linux + NOTE: https://git.kernel.org/linus/483bc08181827fc475643272ffb69c533007e546 (6.9) +CVE-2023-52656 [io_uring: drop any code related to SCM_RIGHTS] + - linux 6.7.12-1 + [bookworm] - linux 6.1.85-1 + [bullseye] - linux 5.10.216-1 + NOTE: https://git.kernel.org/linus/6e5e6d274956305f1fc0340522b38f5f5be74bdb (6.8-rc1) +CVE-2023-52655 [usb: aqc111: check packet for fixup for true limit] + - linux 6.6.8-1 + [bookworm] - linux 6.1.69-1 + [bullseye] - linux 5.10.205-1 + NOTE: https://git.kernel.org/linus/ccab434e674ca95d483788b1895a70c21b7f016a (6.7-rc3) CVE-2024-25581 [Transfer requests received over DoH can lead to a denial of service in DNSdist] - dnsdist [bookworm] - dnsdist (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcc1c6ec1b2402e02468b4a8dd9b468f0b4cb082 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcc1c6ec1b2402e02468b4a8dd9b468f0b4cb082 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-25581/dnsdist
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e012110c by Salvatore Bonaccorso at 2024-05-13T13:06:42+02:00 Add CVE-2024-25581/dnsdist - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,10 @@ +CVE-2024-25581 [Transfer requests received over DoH can lead to a denial of service in DNSdist] + - dnsdist + [bookworm] - dnsdist (Vulnerable code not present) + [bullseye] - dnsdist (Vulnerable code not present) + [buster] - dnsdist (Vulnerable code not present) + NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html + NOTE: Patches: https://downloads.powerdns.com/patches/2024-03/ CVE-2024-4809 (A vulnerability has been found in SourceCodester Open Source Clinic Ma ...) NOT-FOR-US: SourceCodester Open Source Clinic Management System CVE-2024-4808 (A vulnerability, which was classified as critical, was found in Kaship ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e012110cb421c6b101844be0359f76841e360a75 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e012110cb421c6b101844be0359f76841e360a75 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7454bf2b by Salvatore Bonaccorso at 2024-05-13T11:31:54+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,23 +1,23 @@ CVE-2024-4809 (A vulnerability has been found in SourceCodester Open Source Clinic Ma ...) - TODO: check + NOT-FOR-US: SourceCodester Open Source Clinic Management System CVE-2024-4808 (A vulnerability, which was classified as critical, was found in Kaship ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4807 (A vulnerability, which was classified as critical, has been found in K ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4806 (A vulnerability classified as critical was found in Kashipara College ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4805 (A vulnerability classified as critical has been found in Kashipara Col ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4804 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4803 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4802 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4801 (A vulnerability was found in Kashipara College Management System 1.0 a ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4800 (A vulnerability has been found in Kashipara College Management System ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-3239 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress pl ...) TODO: check CVE-2024-35205 (The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7454bf2b09194aba1369c037118a79b25ad9fa9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7454bf2b09194aba1369c037118a79b25ad9fa9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e78c894 by security tracker role at 2024-05-13T08:12:08+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2024-4809 (A vulnerability has been found in SourceCodester Open Source Clinic Ma ...) + TODO: check +CVE-2024-4808 (A vulnerability, which was classified as critical, was found in Kaship ...) + TODO: check +CVE-2024-4807 (A vulnerability, which was classified as critical, has been found in K ...) + TODO: check +CVE-2024-4806 (A vulnerability classified as critical was found in Kashipara College ...) + TODO: check +CVE-2024-4805 (A vulnerability classified as critical has been found in Kashipara Col ...) + TODO: check +CVE-2024-4804 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-4803 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-4802 (A vulnerability was found in Kashipara College Management System 1.0. ...) + TODO: check +CVE-2024-4801 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-4800 (A vulnerability has been found in Kashipara College Management System ...) + TODO: check +CVE-2024-3239 (The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress pl ...) + TODO: check +CVE-2024-35205 (The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for ...) + TODO: check +CVE-2024-35204 (Veritas System Recovery before 23.2_Hotfix has incorrect permissions f ...) + TODO: check +CVE-2024-32700 (Unrestricted Upload of File with Dangerous Type vulnerability in Kogne ...) + TODO: check +CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the parisn ...) + TODO: check +CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam Service Pr ...) + TODO: check +CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...) + TODO: check +CVE-2023-5052 (vulnerability in Uniform Server Zero, version 10.2.5, consisting of an ...) + TODO: check CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) NOT-FOR-US: Kashipara College Management System CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) @@ -53100,7 +53136,7 @@ CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versio NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...) NOT-FOR-US: Apple -CVE-2023-43040 [Improperly verified POST keys] +CVE-2023-43040 (IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to ...) {DLA-3629-1} - ceph 16.2.11+ds-5 (bug #1053690) [bookworm] - ceph (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e78c8948c97e8346baaccce80737717691832cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e78c8948c97e8346baaccce80737717691832cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d3e18f8 by Salvatore Bonaccorso at 2024-05-13T06:14:26+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Computer and Laptop Store CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3e18f8b18b24bd0337f7f9aec68af58803ec23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3e18f8b18b24bd0337f7f9aec68af58803ec23 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e7ceb659 by security tracker role at 2024-05-12T20:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-4799 (A vulnerability, which was classified as critical, was found in Kaship ...) + TODO: check +CVE-2024-4798 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) @@ -30710,6 +30714,7 @@ CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are v CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, w ...) NOT-FOR-US: IceHrm CVE-2023-52076 (Atril Document Viewer is the default document reader of the MATE deskt ...) + {DSA-5688-1} - atril 1.26.2-1 (bug #1061522) NOTE: https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37 NOTE: https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ceb65948fa0ef180455d3fe7147a417cbd1b2b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7ceb65948fa0ef180455d3fe7147a417cbd1b2b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-48655/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6160598 by Salvatore Bonaccorso at 2024-05-12T21:00:28+02:00 Update status for CVE-2022-48655/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5608,6 +5608,7 @@ CVE-2022-48656 (In the Linux kernel, the following vulnerability has been resolv NOTE: https://git.kernel.org/linus/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e (6.0-rc7) CVE-2022-48655 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.0.2-1 + [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e9076ffbcaed5da6c182b144ef9f6e24554af268 (6.0-rc7) CVE-2022-48654 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.0.2-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6160598345fda505d505e66d248a87f47a85f90 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6160598345fda505d505e66d248a87f47a85f90 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for sqlparse issue fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba0493e6 by Salvatore Bonaccorso at 2024-05-12T20:58:38+02:00 Track fixed version for sqlparse issue fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5058,7 +5058,7 @@ CVE-2023-52647 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/eb2f932100288dbb881eadfed02e1459c6b9504c (6.9-rc1) CVE-2024-4340 (Passing a heavily nested list to sqlparse.parse() leads to a Denial of ...) - - sqlparse (bug #1070148) + - sqlparse 0.5.0-1 (bug #1070148) NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03 (0.5.0) NOTE: https://github.com/advisories/GHSA-2m57-hf25-phgg CVE-2024-4337 (Adive Framework 2.0.8, does not sufficiently encode user-controlled in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0493e6a63c35209cceda7c225449a9dd131bd0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba0493e6a63c35209cceda7c225449a9dd131bd0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] python-future removed from unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 41c4b2a7 by Salvatore Bonaccorso at 2024-05-12T14:27:40+02:00 python-future removed from unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -124745,7 +124745,7 @@ CVE-2022-40901 CVE-2022-40900 RESERVED CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...) - - python-future (bug #1031699) + - python-future (bug #1031699) [bookworm] - python-future (Minor issue) [bullseye] - python-future (Minor issue) [buster] - python-future (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41c4b2a7eaa536cb918bcbe5d9868172a581dcbf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41c4b2a7eaa536cb918bcbe5d9868172a581dcbf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 658ade88 by Salvatore Bonaccorso at 2024-05-12T13:20:38+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4795 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4794 (A vulnerability has been found in Campcodes Online Laundry Management ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4793 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4792 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Online Laundry Management System CVE-2024-4791 (A vulnerability classified as critical was found in Contemporary Contr ...) - TODO: check + NOT-FOR-US: Contemporary Control System BASrouter BACnet BASRT-B CVE-2024-4790 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/658ade8852b9a432c53f0a267d44e372a0485458 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/658ade8852b9a432c53f0a267d44e372a0485458 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ec72f73 by security tracker role at 2024-05-12T08:11:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2024-4797 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4796 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4795 (A vulnerability was found in Campcodes Online Laundry Management Syste ...) + TODO: check +CVE-2024-4794 (A vulnerability has been found in Campcodes Online Laundry Management ...) + TODO: check +CVE-2024-4793 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4792 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-4791 (A vulnerability classified as critical was found in Contemporary Contr ...) + TODO: check +CVE-2024-4790 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec72f7327848d71a30a6fcd81ead843b241bde8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec72f7327848d71a30a6fcd81ead843b241bde8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a693b61e by Salvatore Bonaccorso at 2024-05-12T08:57:15+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,33 +27,33 @@ CVE-2024-4209 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Fe CVE-2024-4046 (Cracking vulnerability in the OS security module Impact: Successful ex ...) NOT-FOR-US: Huawei CVE-2024-3055 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32999 (Cracking vulnerability in the OS security module Impact: Successful ex ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32998 (NULL pointer access vulnerability in the clock module Impact: Successf ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32997 (Race condition vulnerability in the binder driver module Impact: Succe ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32996 (Privilege escalation vulnerability in the account module Impact: Succe ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32995 (Denial of service (DoS) vulnerability in the AMS module Impact: Succes ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32993 (Out-of-bounds access vulnerability in the memory module Impact: Succes ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32992 (Insufficient verification vulnerability in the baseband module Impact: ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32991 (Permission verification vulnerability in the wpa_supplicant module Imp ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32990 (Permission verification vulnerability in the system sharing pop-up mod ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-32989 (Insufficient verification vulnerability in the system sharing pop-up m ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-28761 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) NOT-FOR-US: IBM CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) NOT-FOR-US: IBM CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) - TODO: check + NOT-FOR-US: HP CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) TODO: check CVE-2023-52721 (The WindowManager module has a vulnerability in permission control. Im ...) @@ -239,7 +239,7 @@ CVE-2024-31113 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital CVE-2024-30802 (An issue in Vehicle Management System 7.31.0.3_20230412 allows an atta ...) NOT-FOR-US: Vehicle Management System CVE-2024-30801 (SQL Injection vulnerability in Cloud based customer service management ...) - TODO: check + NOT-FOR-US: Cloud based customer service management platform CVE-2024-30055 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2024-2749 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a693b61e284dc2dbd655e4549ec66dd0064b25ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a693b61e284dc2dbd655e4549ec66dd0064b25ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bef4386e by Salvatore Bonaccorso at 2024-05-12T07:41:12+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,9 +49,9 @@ CVE-2024-32990 (Permission verification vulnerability in the system sharing pop- CVE-2024-32989 (Insufficient verification vulnerability in the system sharing pop-up m ...) TODO: check CVE-2024-28761 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) TODO: check CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) @@ -67,11 +67,11 @@ CVE-2023-52384 (Double-free vulnerability in the RSMC module Impact: Successful CVE-2023-52383 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) TODO: check CVE-2023-47712 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local u ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47711 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authen ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-47709 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bef4386e7e312881ce9cff46c555cb5628b29cc6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bef4386e7e312881ce9cff46c555cb5628b29cc6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60291c8e by Salvatore Bonaccorso at 2024-05-12T07:38:40+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,31 +1,31 @@ CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4736 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4630 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4574 (The Graphina \u2013 Elementor Charts and Graphs plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4560 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4487 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4430 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4417 (The Falang multilanguage for WordPress plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4413 (The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Objec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4329 (The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4213 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4209 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4046 (Cracking vulnerability in the OS security module Impact: Successful ex ...) - TODO: check + NOT-FOR-US: Huawei CVE-2024-3055 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) TODO: check CVE-2024-32999 (Cracking vulnerability in the OS security module Impact: Successful ex ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60291c8e98ca4a3174cb07d602fe2613d36aa686 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60291c8e98ca4a3174cb07d602fe2613d36aa686 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06a1d63f by security tracker role at 2024-05-11T20:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2024-4738 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4737 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4736 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4630 (The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Tem ...) + TODO: check +CVE-2024-4574 (The Graphina \u2013 Elementor Charts and Graphs plugin for WordPress i ...) + TODO: check +CVE-2024-4560 (The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4487 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4430 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) + TODO: check +CVE-2024-4417 (The Falang multilanguage for WordPress plugin for WordPress is vulnera ...) + TODO: check +CVE-2024-4413 (The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Objec ...) + TODO: check +CVE-2024-4329 (The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4213 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-4209 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...) + TODO: check +CVE-2024-4046 (Cracking vulnerability in the OS security module Impact: Successful ex ...) + TODO: check +CVE-2024-3055 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-32999 (Cracking vulnerability in the OS security module Impact: Successful ex ...) + TODO: check +CVE-2024-32998 (NULL pointer access vulnerability in the clock module Impact: Successf ...) + TODO: check +CVE-2024-32997 (Race condition vulnerability in the binder driver module Impact: Succe ...) + TODO: check +CVE-2024-32996 (Privilege escalation vulnerability in the account module Impact: Succe ...) + TODO: check +CVE-2024-32995 (Denial of service (DoS) vulnerability in the AMS module Impact: Succes ...) + TODO: check +CVE-2024-32993 (Out-of-bounds access vulnerability in the memory module Impact: Succes ...) + TODO: check +CVE-2024-32992 (Insufficient verification vulnerability in the baseband module Impact: ...) + TODO: check +CVE-2024-32991 (Permission verification vulnerability in the wpa_supplicant module Imp ...) + TODO: check +CVE-2024-32990 (Permission verification vulnerability in the system sharing pop-up mod ...) + TODO: check +CVE-2024-32989 (Insufficient verification vulnerability in the system sharing pop-up m ...) + TODO: check +CVE-2024-28761 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) + TODO: check +CVE-2024-28760 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 thr ...) + TODO: check +CVE-2024-27460 (A privilege escalation exists in the updater for Plantronics Hub 3.25. ...) + TODO: check +CVE-2023-5447 (Missing lock check in SynHsaService may create a use-after-free condit ...) + TODO: check +CVE-2023-52721 (The WindowManager module has a vulnerability in permission control. Im ...) + TODO: check +CVE-2023-52720 (Race condition vulnerability in the soundtrigger module Impact: Succes ...) + TODO: check +CVE-2023-52719 (Privilege escalation vulnerability in the PMS module Impact: Successfu ...) + TODO: check +CVE-2023-52384 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) + TODO: check +CVE-2023-52383 (Double-free vulnerability in the RSMC module Impact: Successful exploi ...) + TODO: check +CVE-2023-47712 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local u ...) + TODO: check +CVE-2023-47711 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authen ...) + TODO: check +CVE-2023-47709 (IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote ...) + TODO: check CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06a1d63f9e1efa4eab9f0780b051baa8bd2f6539 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 917df2bc by Salvatore Bonaccorso at 2024-05-10T22:32:31+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,129 +1,129 @@ CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4731 (A vulnerability classified as problematic was found in Campcodes Legal ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4730 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4729 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4728 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4727 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4726 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4725 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4724 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4723 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4722 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4721 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4720 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4719 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4718 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4717 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4716 (A vulnerability has been found in Campcodes Complete Web-Based School ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4715 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4714 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4713 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4701 (A path traversal issue potentially leading to remote code execution in ...) TODO: check CVE-2024-4699 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-4689 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4688 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4687 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4686 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO:
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-34070/froxlor
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 792c4051 by Salvatore Bonaccorso at 2024-05-10T22:31:38+02:00 Add CVE-2024-34070/froxlor - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -139,7 +139,7 @@ CVE-2024-34199 (TinyWeb 1.94 and below allows unauthenticated remote attackers t CVE-2024-34079 (octo-sts is a GitHub App that acts like a Security Token Service (STS) ...) TODO: check CVE-2024-34070 (Froxlor is open source server administration software. Prior to 2.1.9, ...) - TODO: check + - froxlor (bug #581792) CVE-2024-33819 (Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-s ...) TODO: check CVE-2024-33818 (Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Dire ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/792c405150462b99aa65b05ca703b67eead49462 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/792c405150462b99aa65b05ca703b67eead49462 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 46ff5231 by Salvatore Bonaccorso at 2024-05-10T22:22:39+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -177,15 +177,15 @@ CVE-2024-2441 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before CVE-2024-2257 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) TODO: check CVE-2024-28781 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-27269 (IBM QRadar SIEM 7.5 could allow a privileged user to configure user ma ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22345 (IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22344 (IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22343 (IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored loca ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22064 (ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi ...) TODO: check CVE-2024-0100 (NVIDIA Triton Inference Server for Linux contains a vulnerability in t ...) @@ -201,7 +201,7 @@ CVE-2024-0088 (NVIDIA Triton Inference Server for Linux contains a vulnerability CVE-2024-0087 (NVIDIA Triton Inference Server for Linux contains a vulnerability wher ...) TODO: check CVE-2023-38264 (The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-37526 (HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Shari ...) TODO: check CVE-2024-4671 (Use after free in Visuals in Google Chrome prior to 124.0.6367.201 all ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46ff52317311187af032d4a96ba34f825638d902 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46ff52317311187af032d4a96ba34f825638d902 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove listing of CVE-2024-23252 for now
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d697d93d by Salvatore Bonaccorso at 2024-05-10T22:18:14+02:00 Remove listing of CVE-2024-23252 for now The CVE id is been rejected by Apple CNA for not a specific reason in the CVE page. But for not causing incosinstencies remove it from now in the respective DSA listing as we as well never filled in the source package information so far. This can be reverted if https://www.cve.org/CVERecord?id=CVE-2024-23252 get updated. - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -20518,7 +20518,6 @@ CVE-2024-23253 (A permissions issue was addressed with additional restrictions. NOT-FOR-US: Apple CVE-2024-23252 REJECTED - {DSA-5684-1} CVE-2024-23250 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2024-23249 (The issue was addressed with improved memory handling. This issue is f ...) = data/DSA/list = @@ -13,7 +13,7 @@ [bullseye] - wordpress 5.7.11+dfsg1-0+deb11u1 [bookworm] - wordpress 6.1.6+dfsg1-0+deb12u1 [09 May 2024] DSA-5684-1 webkit2gtk - security update - {CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252 CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284} + {CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284} [bullseye] - webkit2gtk 2.44.1-1~deb11u1 [bookworm] - webkit2gtk 2.44.1-1~deb12u1 [08 May 2024] DSA-5683-1 chromium - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d697d93d584212b246222f6f627c8f3e3065ed46 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d697d93d584212b246222f6f627c8f3e3065ed46 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove note from CVE-2024-34511
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54adffc0 by Salvatore Bonaccorso at 2024-05-10T22:16:24+02:00 Remove note from CVE-2024-34511 This CVE got rejected as it is a duplicat of CVE-2024-1561. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1693,7 +1693,6 @@ CVE-2024-4500 (A vulnerability was found in SourceCodester Prison Management Sys NOT-FOR-US: SourceCodester Prison Management System CVE-2024-34511 REJECTED - NOT-FOR-US: Gradio CVE-2024-34510 (Gradio before 4.20 allows credential leakage on Windows.) NOT-FOR-US: Gradio CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54adffc0e7070f634f0c720ace911c446822495f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54adffc0e7070f634f0c720ace911c446822495f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a9933148 by security tracker role at 2024-05-10T20:12:07+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,211 @@ -CVE-2024-4671 +CVE-2024-4735 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) + TODO: check +CVE-2024-4732 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4731 (A vulnerability classified as problematic was found in Campcodes Legal ...) + TODO: check +CVE-2024-4730 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4729 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4728 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4727 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4726 (A vulnerability was found in Campcodes Legal Case Management System 1. ...) + TODO: check +CVE-2024-4725 (A vulnerability has been found in Campcodes Legal Case Management Syst ...) + TODO: check +CVE-2024-4724 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4723 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4722 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4721 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4720 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4719 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4718 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4717 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4716 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4715 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4714 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4713 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4701 (A path traversal issue potentially leading to remote code execution in ...) + TODO: check +CVE-2024-4699 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + TODO: check +CVE-2024-4689 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) + TODO: check +CVE-2024-4688 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4687 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-4686 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4631 + REJECTED +CVE-2024-4490 (The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plug ...) + TODO: check +CVE-2024-4481 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...) + TODO: check +CVE-2024-4449 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4448 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024- (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4434 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4398 (The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for ...) + TODO: check +CVE-2024-4280 (The White Label CMS plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2024-4277 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4275 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-4232 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) + TODO: check +CVE-2024-4231 (This vulnerability exists in Digisol Router (DG-GR1321: Hardware versi ...) + TODO: check +CVE-2024-4129 (Improper Authentication vulnerability in Snow Software AB Snow License ...) + TODO: check +CVE-2024-4044 (A deserialization of untrusted data vulnerability exists in
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2024-1681/python-flask-cors
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e8338dd by Salvatore Bonaccorso at 2024-05-10T21:48:47+02:00 Reference upstream commit for CVE-2024-1681/python-flask-cors - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6869,6 +6869,7 @@ CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the lo - python-flask-cors 4.0.1-1 (bug #1069764) NOTE: https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644 NOTE: https://github.com/corydolphin/flask-cors/issues/349 + NOTE: Fixed by: https://github.com/corydolphin/flask-cors/commit/6172c2000dba965fedb8e9a8a916ad56f0fb2630 (4.0.1) CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows MPFS ...) NOT-FOR-US: Electrolink CVE-2024-1065 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e8338dd83a23d3547beac39258e3f4fad9162d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e8338dd83a23d3547beac39258e3f4fad9162d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-1681 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8657de63 by Salvatore Bonaccorso at 2024-05-10T21:47:32+02:00 Track fixed version for CVE-2024-1681 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6866,7 +6866,7 @@ CVE-2024-21872 (The device allows an unauthenticated attacker to bypass authenti CVE-2024-21846 (An unauthenticated attacker can reset the board and stop transmitter ...) NOT-FOR-US: Electrolink CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the log lev ...) - - python-flask-cors (bug #1069764) + - python-flask-cors 4.0.1-1 (bug #1069764) NOTE: https://huntr.com/bounties/25a7a0ba-9fa2-4777-acb6-03e5539bb644 NOTE: https://github.com/corydolphin/flask-cors/issues/349 CVE-2024-1491 (The devices allow access to an unprotected endpoint that allows MPFS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8657de6331a9383a7386703ec7ec84c8aa333fd5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8657de6331a9383a7386703ec7ec84c8aa333fd5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for hdf5 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d78d68cd by Salvatore Bonaccorso at 2024-05-10T21:38:30+02:00 Add Debian bug reference for hdf5 issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -242,27 +242,27 @@ CVE-2024-34200 (TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to cont CVE-2024-34074 (Frappe is a full-stack web application framework. Prior to 15.26.0 and ...) NOT-FOR-US: Frappe Framework CVE-2024-33877 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__c ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33876 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_d ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33875 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__l ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33874 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_n ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-33873 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__s ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ @@ -293,97 +293,97 @@ CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. In 8.0.2 and ea NOTE: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c NOTE: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6 CVE-2024-32624 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32623 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32622 (HDF5 Library through 1.14.3 contains a out-of-bounds read operation in ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32621 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32620 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32619 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32618 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32617 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read cau ...) - - hdf5 + - hdf5 (bug #1070861) [bookworm] - hdf5 (Minor issue) [bullseye] - hdf5 (Minor issue) NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/ CVE-2024-32616 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...) - - hdf5 +
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-4671/chromium via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8de8c8db by Salvatore Bonaccorso at 2024-05-10T09:23:39+02:00 Track fixed version for CVE-2024-4671/chromium via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2024-4671 - - chromium + - chromium 124.0.6367.201-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8de8c8db4895af0377cfcf8c527a05d45ebac07e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8de8c8db4895af0377cfcf8c527a05d45ebac07e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2024-4671/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 981ce6e7 by Salvatore Bonaccorso at 2024-05-10T06:07:59+02:00 Add CVE-2024-4671/chromium - - - - - 369f0d5b by Salvatore Bonaccorso at 2024-05-10T06:08:57+02:00 Add chromium to dsa-needed list - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-4671 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4684 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- atril (jmm) -- +chromium (dilinger) +-- dnsdist (jmm) -- dnsmasq View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/50033cc85ff489799729ccaa546ebd229dd6af0d...369f0d5b5968e7d9c49d4ef39a8d9f6721ac0895 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/50033cc85ff489799729ccaa546ebd229dd6af0d...369f0d5b5968e7d9c49d4ef39a8d9f6721ac0895 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8a84b909 by Salvatore Bonaccorso at 2024-05-09T23:02:38+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45,11 +45,11 @@ CVE-2024-4446 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Catego CVE-2024-4441 (The XML Sitemap & Google News plugin for WordPress is vulnerable to Lo ...) NOT-FOR-US: WordPress plugin CVE-2024-4425 (The access control inCemiPark software stores integration (e.g. FTP or ...) - TODO: check + NOT-FOR-US: CemiPark software CVE-2024-4424 (The access control inCemiPark software does not properly validate user ...) - TODO: check + NOT-FOR-US: CemiPark software CVE-2024-4423 (The access control inCemiPark software does not properly validate user ...) - TODO: check + NOT-FOR-US: CemiPark software CVE-2024-4411 (The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to St ...) NOT-FOR-US: WordPress plugin CVE-2024-4397 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) @@ -121,71 +121,71 @@ CVE-2024-3680 (The Enter Addons \u2013 Ultimate Template Builder for Elementor p CVE-2024-3595 (The Pure Chat \u2013 Live Chat Plugin & More! plugin for WordPress is ...) NOT-FOR-US: WordPress plugin CVE-2024-3461 (KioWare for Windows (versions all through 8.35)allows to brute force t ...) - TODO: check + NOT-FOR-US: KioWare for Windows CVE-2024-3460 (In KioWare for Windows (versions all through 8.34)it is possible to ex ...) - TODO: check + NOT-FOR-US: KioWare for Windows CVE-2024-3459 (KioWare for Windows (versions allthrough 8.34)allows to escape the env ...) - TODO: check + NOT-FOR-US: KioWare for Windows CVE-2024-3070 (The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2024-3068 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-34559 (Insertion of Sensitive Information into Log File vulnerability in Ghos ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34557 (Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode ...) TODO: check CVE-2024-34556 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) TODO: check CVE-2024-34550 (Insertion of Sensitive Information into Log File vulnerability in Alex ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34549 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34445 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34441 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34439 (Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Mes ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34433 (Deserialization of Untrusted Data vulnerability in OCDI One Click Demo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34432 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34431 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34430 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34427 (Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34426 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-34425 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b6ba3516 by Salvatore Bonaccorso at 2024-05-09T22:31:53+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61,65 +61,65 @@ CVE-2024-4383 (The Simple Membership plugin for WordPress is vulnerable to Store CVE-2024-4339 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) NOT-FOR-US: WordPress plugin CVE-2024-4335 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4316 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4314 (The Hostel plugin for WordPress is vulnerable to Cross-Site Request Fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4312 (The Soccer Engine \u2013 Soccer Plugin for WordPress plugin for WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4193 (The Testimonial Slider plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4158 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-4150 (The Simple Basic Contact Form plugin for WordPress is vulnerable to Re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4107 (The Elementor Website Builder \u2013 More than Just a Page Builder Pro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4104 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4103 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4082 (The Joli FAQ SEO \u2013 WordPress FAQ Plugin plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4041 (The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4038 (The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3990 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3989 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3974 (The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3954 (The Ditty plugin for WordPress is vulnerable to PHP Object Injection i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3952 (The Advanced Ads \u2013Ad Manager & AdSense plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3923 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3916 (The Swift Framework plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3915 (The Swift Framework plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3831 (The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3809 (The Porto Theme - Functionality plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3808 (The Porto Theme - Functionality plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3807 (The Porto theme for WordPress is vulnerable to Local File Inclusion in ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-3806 (The Porto theme for WordPress is vulnerable to Local File Inclusion in ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-3727 (A flaw was found in the github.com/containers/image library. This flaw ...) TODO: check CVE-2024-3722 (The Swift Performance Lite plugin for WordPress is vulnerable to unaut ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3680 (The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3595 (The Pure Chat \u2013 Live Chat Plugin & More! plugin for WordPress is ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e00587f by Salvatore Bonaccorso at 2024-05-09T22:22:54+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,31 +1,31 @@ CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4684 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4683 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4682 (A vulnerability has been found in Campcodes Complete Web-Based School ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4681 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Legal Case Management System CVE-2024-4678 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4677 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4676 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4675 (A vulnerability has been found in Campcodes Complete Web-Based School ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4674 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4673 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4614 REJECTED CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes Ultimate S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote Code Execu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4579 REJECTED CVE-2024-4572 @@ -33,17 +33,17 @@ CVE-2024-4572 CVE-2024-4571 REJECTED CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 ...) TODO: check CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4446 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4441 (The XML Sitemap & Google News plugin for WordPress is vulnerable to Lo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4425 (The access control inCemiPark software stores integration (e.g. FTP or ...) TODO: check CVE-2024-4424 (The access control inCemiPark software does not properly validate user ...) @@ -51,15 +51,15 @@ CVE-2024-4424 (The access control inCemiPark software does not properly validate CVE-2024-4423 (The access control inCemiPark software does not properly validate user ...) TODO: check CVE-2024-4411 (The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4397 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4386 (The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4383 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4339 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4335 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulne ...) TODO: check
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 459a3e8f by security tracker role at 2024-05-09T20:12:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,373 @@ +CVE-2024-4685 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4684 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4683 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4682 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4681 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-4678 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4677 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4676 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...) + TODO: check +CVE-2024-4675 (A vulnerability has been found in Campcodes Complete Web-Based School ...) + TODO: check +CVE-2024-4674 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-4673 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-4614 + REJECTED +CVE-2024-4606 (Deserialization of Untrusted Data vulnerability in BdThemes Ultimate S ...) + TODO: check +CVE-2024-4605 (The Breakdance plugin for WordPress is vulnerable to Remote Code Execu ...) + TODO: check +CVE-2024-4579 + REJECTED +CVE-2024-4572 + REJECTED +CVE-2024-4571 + REJECTED +CVE-2024-4567 (The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4545 (All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 ...) + TODO: check +CVE-2024-4542 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2024-4463 (The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vul ...) + TODO: check +CVE-2024-4446 (The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Po ...) + TODO: check +CVE-2024-4441 (The XML Sitemap & Google News plugin for WordPress is vulnerable to Lo ...) + TODO: check +CVE-2024-4425 (The access control inCemiPark software stores integration (e.g. FTP or ...) + TODO: check +CVE-2024-4424 (The access control inCemiPark software does not properly validate user ...) + TODO: check +CVE-2024-4423 (The access control inCemiPark software does not properly validate user ...) + TODO: check +CVE-2024-4411 (The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4397 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...) + TODO: check +CVE-2024-4386 (The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-4383 (The Simple Membership plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2024-4339 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...) + TODO: check +CVE-2024-4335 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulne ...) + TODO: check +CVE-2024-4316 (The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed You ...) + TODO: check +CVE-2024-4314 (The Hostel plugin for WordPress is vulnerable to Cross-Site Request Fo ...) + TODO: check +CVE-2024-4312 (The Soccer Engine \u2013 Soccer Plugin for WordPress plugin for WordPr ...) + TODO: check +CVE-2024-4193 (The Testimonial Slider plugin for WordPress is vulnerable to Stored Cr ...) + TODO: check +CVE-2024-4158 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...) + TODO: check +CVE-2024-4150 (The Simple Basic Contact Form plugin for WordPress is vulnerable to Re ...) + TODO: check +CVE-2024-4107 (The Elementor Website Builder \u2013 More than Just a Page Builder Pro ...) + TODO: check +CVE-2024-4104 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) + TODO: check +CVE-2024-4103 (The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is ...) + TODO: check +CVE-2024-4082 (The Joli FAQ SEO \u2013 WordPress FAQ Plugin plugin for WordPress is v ...) + TODO: check +CVE-2024-4041 (The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Si ...) + TODO: check +CVE-2024-4038 (The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-34069/python-werkzeug via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dcbb7ab4 by Salvatore Bonaccorso at 2024-05-09T21:54:31+02:00 Track fixed version for CVE-2024-34069/python-werkzeug via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -830,7 +830,7 @@ CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `kee NOTE: https://github.com/matthiask/html-sanitizer/security/advisories/GHSA-wvhx-q427-fgh3 NOTE: https://github.com/matthiask/html-sanitizer/commit/48db42fc5143d0140c32d929c46b802f96913550 (2.4.2) CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The debugger ...) - - python-werkzeug (bug #1070711) + - python-werkzeug 3.0.3-1 (bug #1070711) NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985 NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967 (3.0.3) NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01 (3.0.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcbb7ab40cb636e7d61518fcb2af097eabf7732c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcbb7ab40cb636e7d61518fcb2af097eabf7732c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream commit reference for CVE-2024-33655
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: db7df419 by Salvatore Bonaccorso at 2024-05-09T21:20:00+02:00 Add upstream commit reference for CVE-2024-33655 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,7 @@ CVE-2024-33655 - unbound 1.20.0-1 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2024-33655.txt + NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/c3206f4568f60c486be6d165b1f2b5b254fea3de (release-1.20.0rc1) CVE-2024-4693 [virtio-pci: fix use of a released vector] - qemu 1:8.2.3+ds-1 [bookworm] - qemu (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db7df4197228ed09c5bdfe658e57627ce72afe34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db7df4197228ed09c5bdfe658e57627ce72afe34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4693/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e5aebad by Salvatore Bonaccorso at 2024-05-09T20:56:38+02:00 Add CVE-2024-4693/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-4693 [virtio-pci: fix use of a released vector] + - qemu 1:8.2.3+ds-1 + [bookworm] - qemu (Vulnerable code not present) + [bullseye] - qemu (Vulnerable code not present) + [buster] - qemu (Vulnerable code not present) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2321 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f9a09ca3ea69d108d828b7c82f1bd61b2df6fc96 (v8.0.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/fcbb086ae590e910614fe5b8bf76e264f71ef304 (v8.2.3) CVE-2024-4317 [Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner] - postgresql-16 16.3-1 - postgresql-15 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e5aebad3bc0e7bfa80646a6eb8e08e89f967ccd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e5aebad3bc0e7bfa80646a6eb8e08e89f967ccd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-4317/postgresql-15
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e05af68 by Salvatore Bonaccorso at 2024-05-09T20:49:42+02:00 Add CVE-2024-4317/postgresql-15 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,10 @@ +CVE-2024-4317 [Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner] + - postgresql-16 16.3-1 + - postgresql-15 + [bookworm] - postgresql-15 (Minor issue; can be fixed via point release) + - postgresql-13 (Vulnerable code not present) + - postgresql-11 (Vulnerable code not present) + NOTE: https://www.postgresql.org/support/security/CVE-2024-4317/ CVE-2024-4672 (A vulnerability classified as problematic was found in Campcodes Compl ...) NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all versions from ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e05af6870eb48326b8321d93f2719233be35855 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e05af6870eb48326b8321d93f2719233be35855 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-3019/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98d3b4b1 by Salvatore Bonaccorso at 2024-05-09T18:19:16+02:00 Update status for CVE-2023-3019/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62625,12 +62625,13 @@ CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based CVE-2023-3019 (A DMA reentrancy issue leading to a use-after-free error was found in ...) [experimental] - qemu 1:8.1.0+ds-1~exp1 - qemu 1:8.2.0+ds-1 (bug #1041102) - [bookworm] - qemu (Minor issue, revisit when fixed upstream) + [bookworm] - qemu 1:7.2+dfsg-7+deb12u4 [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243 NOTE: Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9050f976e447444ea6ee2ba12c9f77e4b0dc54bc (v8.2.0-rc1) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/3c0463a650008aec7de29cf84540652730510921 (v7.2.8) CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...) NOT-FOR-US: ARMember plugin for WordPress CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d3b4b17833828b22e3f2b4c27360e8d41d6a36 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98d3b4b17833828b22e3f2b4c27360e8d41d6a36 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-3301/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18e41d4d by Salvatore Bonaccorso at 2024-05-09T18:15:58+02:00 Update status for CVE-2023-3301/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -60066,11 +60066,12 @@ CVE-2023-3364 (An issue has been discovered in GitLab CE/EE affecting all versio - gitlab 16.0.8+ds1-1 CVE-2023-3301 (A flaw was found in QEMU. The async nature of hot-unplug enables a rac ...) - qemu 1:8.0.3+dfsg-1 - [bookworm] - qemu (Minor issue) + [bookworm] - qemu 1:7.2+dfsg-7+deb12u1 [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 [buster] - qemu (vhost-vdpa introduced in v5.1) NOTE: https://github.com/qemu/qemu/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8 (v8.1.0-rc0) NOTE: https://github.com/qemu/qemu/commit/aab37b2002811f112d5c26337473486d7d585881 (v8.0.3) + NOTE: https://github.com/qemu/qemu/commit/3d12598b74ed4bcc6db8b50818a95c4b770d4487 (v7.2.4) CVE-2023-3718 (An authenticated command injection vulnerability exists in the AOS-CX ...) NOT-FOR-US: Aruba CVE-2023-39147 (An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attacker ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18e41d4d5eff46b7d2158b9ad4add5e2af60613e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18e41d4d5eff46b7d2158b9ad4add5e2af60613e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-5088/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cc987ba by Salvatore Bonaccorso at 2024-05-09T18:06:04+02:00 Update status for CVE-2023-5088/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45096,9 +45096,10 @@ CVE-2023-5707 (The SEO Slider plugin for WordPress is vulnerable to Stored Cross CVE-2023-5088 (A bug in QEMU could cause a guest I/O operation otherwise addressed to ...) {DLA-3759-1} - qemu 1:8.1.1+ds-2 - [bookworm] - qemu (Minor issue) + [bookworm] - qemu 1:7.2+dfsg-7+deb12u3 [bullseye] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247283 + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/471a9310fd92b3e1a33d06dba2e0cf0f0b5590e0 (v7.2.7) NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/7d7512019fc40c577e2bdd61f114f31a9eb84a8e (v8.2.0-rc0) CVE-2023-4769 (A SSRF vulnerability has been found in ManageEngine Desktop Central af ...) NOT-FOR-US: ManageEngine Desktop Central View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cc987baefd852654aaf72a5cdff1b13329da828 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cc987baefd852654aaf72a5cdff1b13329da828 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-3567/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20e93f06 by Salvatore Bonaccorso at 2024-05-09T18:04:23+02:00 Update status for CVE-2024-3567/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9429,13 +9429,14 @@ CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary c NOT-FOR-US: huggingface/transformers CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...) - qemu 1:8.2.3+ds-1 (bug #1068822) - [bookworm] - qemu (Minor issue) - [bullseye] - qemu (Minor issue) - [buster] - qemu (Minor issue) + [bookworm] - qemu (Vulnerable code introduced later) + [bullseye] - qemu (Vulnerable code introduced later) + [buster] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339 NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273 - NOTE: https://gitlab.com/qemu-project/qemu/-/commit/83ddb3dbba2ee0f1767442ae6ee665058aeb1093 (v9.0.0-rc3) - NOTE: https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719 (v8.2.3) + NOTE: Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/f199b13bc113c46eaddcf9f375d13f1e400b4e35 (v8.1.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/83ddb3dbba2ee0f1767442ae6ee665058aeb1093 (v9.0.0-rc3) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/1cfe45956e03070f894e91b304e233b4d5b99719 (v8.2.3) CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) - nodejs (Only affects Windows) CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20e93f06191113a1ae78f34c08f9cd530f7ab309 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20e93f06191113a1ae78f34c08f9cd530f7ab309 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2024-24474/qemu in bookworm fixed in 1:7.2+dfsg-7+deb12u3 upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 549c412b by Salvatore Bonaccorso at 2024-05-09T17:48:54+02:00 CVE-2024-24474/qemu in bookworm fixed in 1:7.2+dfsg-7+deb12u3 upload - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24674,7 +24674,7 @@ CVE-2024-24475 REJECTED CVE-2024-24474 (QEMU before 8.2.0 has an integer underflow, and resultant buffer overf ...) - qemu 1:8.2.0+ds-1 - [bookworm] - qemu (Minor issue) + [bookworm] - qemu 1:7.2+dfsg-7+deb12u3 [bullseye] - qemu (Vulnerable code introduced later) [buster] - qemu (Vulnerable code introduced later) NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1810 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549c412b93512a828ed604a8916b2bfc7adb2fbc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/549c412b93512a828ed604a8916b2bfc7adb2fbc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2e94be4 by Salvatore Bonaccorso at 2024-05-09T11:18:04+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,11 +27,11 @@ CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) TODO: check CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind River VxWo ...) - TODO: check + NOT-FOR-US: Wind River CVE-2024-27793 (The issue was addressed with improved checks. This issue is fixed in i ...) TODO: check CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0 allows a remo ...) - TODO: check + NOT-FOR-US: School Task Manager CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) TODO: check CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -171,59 +171,59 @@ CVE-2024-31156 (A stored cross-site scripting (XSS) vulnerability exists in an u CVE-2024-30459 (Missing Authorization vulnerability in AIpost AI WP Writer.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-28971 (Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a P ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-28889 (When an SSL profile with alert timeout is configured with a non-defaul ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-28883 (An origin validation vulnerability exists in BIG-IP APM browser netw ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-28132 (Exposure of Sensitive Information vulnerability exists in the GSLB con ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-27202 (A DOM-based cross-site scripting (XSS) vulnerability exists in an undi ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-26579 (Deserialization of Untrusted Data vulnerability in Apache InLong.This ...) TODO: check CVE-2024-26026 (An SQL injection vulnerability exists in the BIG-IP Next Central Manag ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-25560 (When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic c ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-25533 (Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25532 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25531 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25530 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25529 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25528 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25527 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25526 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25525 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25524 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25523 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25522 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25521 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25520 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25519 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25518 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25517 (RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vu ...) - TODO: check + NOT-FOR-US: RuvarOA CVE-2024-25515 (RuvarOA v6.01 and v12.01 were discovered to
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-34365/apache-karaf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fa13b0a by Salvatore Bonaccorso at 2024-05-09T10:35:28+02:00 Add CVE-2024-34365/apache-karaf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,7 +13,7 @@ CVE-2024-3582 (The UnGallery WordPress plugin through 2.2.4 does not have CSRF c CVE-2024-3016 (NEC Platforms DT900 and DT900S Series 5.0.0.0 \u2013 v5.3.4.4, v5.4.0. ...) NOT-FOR-US: NEC Platforms DT900 and DT900S Series CVE-2024-34365 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerabilit ...) - TODO: check + - apache-karaf (bug #881297) CVE-2024-34308 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) NOT-FOR-US: TOTOLINK CVE-2024-34196 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fa13b0adf0ccb8979a8efde6d0fd846f9f912be -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fa13b0adf0ccb8979a8efde6d0fd846f9f912be You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f9d3935 by Salvatore Bonaccorso at 2024-05-09T10:34:58+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,27 +1,27 @@ CVE-2024-4672 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Web-Based School Management System CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all versions from ...) TODO: check CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) TODO: check CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does not have ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3590 (The LetterPress WordPress plugin through 1.2.2 does not have CSRF che ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3582 (The UnGallery WordPress plugin through 2.2.4 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3016 (NEC Platforms DT900 and DT900S Series 5.0.0.0 \u2013 v5.3.4.4, v5.4.0. ...) - TODO: check + NOT-FOR-US: NEC Platforms DT900 and DT900S Series CVE-2024-34365 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerabilit ...) TODO: check CVE-2024-34308 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-34196 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-32672 (A Segmentation Fault issue discovered in Samsung Open Source Escargo ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-32669 (Improper Input Validation vulnerability in Samsung Open Source escargo ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) TODO: check CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f9d39352c20412df141fb0b693d1c60381bb956 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f9d39352c20412df141fb0b693d1c60381bb956 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7277cec by security tracker role at 2024-05-09T08:12:01+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2024-4672 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-4597 (An issue has been discovered in GitLab EE affecting all versions from ...) + TODO: check +CVE-2024-4539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-3903 (The Add Custom CSS and JS WordPress plugin through 1.20 does not have ...) + TODO: check +CVE-2024-3590 (The LetterPress WordPress plugin through 1.2.2 does not have CSRF che ...) + TODO: check +CVE-2024-3582 (The UnGallery WordPress plugin through 2.2.4 does not have CSRF check ...) + TODO: check +CVE-2024-3016 (NEC Platforms DT900 and DT900S Series 5.0.0.0 \u2013 v5.3.4.4, v5.4.0. ...) + TODO: check +CVE-2024-34365 (** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerabilit ...) + TODO: check +CVE-2024-34308 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stac ...) + TODO: check +CVE-2024-34196 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware ...) + TODO: check +CVE-2024-32672 (A Segmentation Fault issue discovered in Samsung Open Source Escargo ...) + TODO: check +CVE-2024-32669 (Improper Input Validation vulnerability in Samsung Open Source escargo ...) + TODO: check +CVE-2024-2651 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + TODO: check +CVE-2024-2454 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2024-28759 (A crafted network packet may cause a buffer overrun in Wind River VxWo ...) + TODO: check +CVE-2024-27793 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-26517 (SQL Injection vulnerability in School Task Manager v.1.0 allows a remo ...) + TODO: check +CVE-2023-6688 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2023-6682 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2023-5971 (The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does ...) + TODO: check CVE-2024-29510 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html @@ -917,13 +957,13 @@ CVE-2023-32873 (In keyInstall, there is a possible out of bounds write due to a TODO: check CVE-2023-32871 (In DA, there is a possible permission bypass due to an incorrect statu ...) TODO: check -CVE-2024-29857 +CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/issues/1635 NOTE: https://www.bouncycastle.org/latest_releases.html -CVE-2024-30172 +CVE-2024-30172 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) @@ -5240,7 +5280,7 @@ CVE-2022-48682 (In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition a [buster] - fdupes (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200381 NOTE: https://github.com/adrianlopezroche/fdupes/commit/85680897148f1ac33b55418e00334116e419717f (v2.2.0) -CVE-2024-27282 [Arbitrary memory address read vulnerability with Regex search] +CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplie ...) {DSA-5677-1} - ruby3.2 (bug #1069968) - ruby3.1 (bug #1069969) @@ -5757,7 +5797,7 @@ CVE-2024-25583 (A crafted response from an upstream server the recursor has been NOTE: Fixed by: https://github.com/PowerDNS/pdns/commit/e1247da968077ee7c58fa41447057ee2a2b09fc9 (rec-4.8.8) CVE-2024-3154 (A flaw was found in cri-o, where an arbitrary systemd property can be ...) - cri-o (bug #979702) -CVE-2024-30171 +CVE-2024-30171 (An issue was discovered in Bouncy Castle Java TLS API and JSSE Provide ...) - bouncycastle (bug #1070655) [bookworm] - bouncycastle (Minor issue) [bullseye] - bouncycastle (Minor issue) @@ -11535,6 +11575,7 @@ CVE-2024-31498 (Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windo CVE-2024-31212 (InstantCMS is a free and open source content management system. A SQL ...) NOT-FOR-US: InstantCMS
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2023-40533
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 389ee4ba by Salvatore Bonaccorso at 2024-05-09T10:08:53+02:00 Remove notes from CVE-2023-40533 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3319,9 +3319,8 @@ CVE-2023-46295 (An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthent NOT-FOR-US: Teledyne FLIR M300 CVE-2023-46294 (An issue was discovered in Teledyne FLIR M300 2.00-19. User account pa ...) NOT-FOR-US: Teledyne FLIR M300 -CVE-2023-40533 (An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 w ...) - - tinyproxy (bug #1070395) - NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1902 +CVE-2023-40533 + REJECTED CVE-2024-27392 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8d0d2447394b13fb22a069f0330f9c49b7fff9d3 (6.9-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389ee4ba525c7cbfe16c7bb6be7ae0e524cf5c92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389ee4ba525c7cbfe16c7bb6be7ae0e524cf5c92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add ghostscript to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd06aba2 by Salvatore Bonaccorso at 2024-05-09T09:10:42+02:00 Add ghostscript to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -23,6 +23,8 @@ dnsmasq frr Tobias Frost (tobi) proposed to work on preparing an update -- +ghostscript (carnil) +-- gpac/oldstable -- h2o (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd06aba29c955fb4109b5f340715a0b935868d97 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd06aba29c955fb4109b5f340715a0b935868d97 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream tag information for ghostscript issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e52458fe by Salvatore Bonaccorso at 2024-05-09T09:03:18+02:00 Add upstream tag information for ghostscript issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,23 +1,23 @@ CVE-2024-29510 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html - NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707662 CVE-2024-33871 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html - NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754 CVE-2024-33870 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html - NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686 CVE-2024-33869 - ghostscript NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html - NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 - NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 (ghostpdl-10.03.1) + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 (ghostpdl-10.03.1) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707691 CVE-2024-4654 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) NOT-FOR-US: BlueNet Technology Clinical Browsing System View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e52458fea1d8ad7f0c0ba0c08603a7fd34f38cfd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e52458fea1d8ad7f0c0ba0c08603a7fd34f38cfd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add initial tracking for some ghostscript issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7b0c7b5 by Salvatore Bonaccorso at 2024-05-09T08:59:11+02:00 Add initial tracking for some ghostscript issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,24 @@ +CVE-2024-29510 + - ghostscript + NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707662 +CVE-2024-33871 + - ghostscript + NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707754 +CVE-2024-33870 + - ghostscript + NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707686 +CVE-2024-33869 + - ghostscript + NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 + NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707691 CVE-2024-4654 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) NOT-FOR-US: BlueNet Technology Clinical Browsing System CVE-2024-4653 (A vulnerability was found in BlueNet Technology Clinical Browsing Syst ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b0c7b57559b22e18a5528c6bd369dde3718599 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b0c7b57559b22e18a5528c6bd369dde3718599 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for glib2.0 regression update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ae52a07 by Salvatore Bonaccorso at 2024-05-09T06:58:05+02:00 Reserve DSA for glib2.0 regression update - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[09 May 2024] DSA-5682-2 glib2.0 - regression update + [bullseye] - glib2.0 2.66.8-1+deb11u3 + [bookworm] - glib2.0 2.74.6-2+deb12u2 [08 May 2024] DSA-5685-1 wordpress - security update {CVE-2023-2745 CVE-2023-5561 CVE-2023-3 CVE-2024-31210} [bullseye] - wordpress 5.7.11+dfsg1-0+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ae52a076f2372f161a5460851181e25ea8e3c09 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ae52a076f2372f161a5460851181e25ea8e3c09 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] List CVE-2023-38000 only for bookworm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4fea71bf by Salvatore Bonaccorso at 2024-05-09T06:39:43+02:00 List CVE-2023-38000 only for bookworm - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -48814,6 +48814,7 @@ CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open so - nextcloud-server (bug #941708) CVE-2023-38000 (Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ...) - wordpress 6.3.2+dfsg1-1 + [bookworm] - wordpress 6.1.6+dfsg1-0+deb12u1 [bullseye] - wordpress (Vulnerable code was introduced in 5.9) [buster] - wordpress (Vulnerable code was introduced in 5.9) NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/ = data/DSA/list = @@ -1,5 +1,5 @@ [08 May 2024] DSA-5685-1 wordpress - security update - {CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-3 CVE-2024-31210} + {CVE-2023-2745 CVE-2023-5561 CVE-2023-3 CVE-2024-31210} [bullseye] - wordpress 5.7.11+dfsg1-0+deb11u1 [bookworm] - wordpress 6.1.6+dfsg1-0+deb12u1 [08 May 2024] DSA-5684-1 webkit2gtk - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fea71bf722b045175dd75790c2a5e2674290b1c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fea71bf722b045175dd75790c2a5e2674290b1c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream tags for suricata commits for three issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e8eabaf by Salvatore Bonaccorso at 2024-05-08T23:49:57+02:00 Add upstream tags for suricata commits for three issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -416,27 +416,27 @@ CVE-2024-33120 (Roothub v2.5 was discovered to contain an arbitrary file upload CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.5-1 NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5 - NOTE: https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9 - NOTE: https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 - NOTE: https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634 - NOTE: https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b - NOTE: https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9 - NOTE: https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8 + NOTE: https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 (suricata-7.0.5) + NOTE: https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9 (suricata-7.0.5) + NOTE: https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8 (suricata-7.0.5) + NOTE: https://github.com/OISF/suricata/commit/bf3d420fb709ebe074019a99e3bd3a2364524a4b (suricata-6.0.19) + NOTE: https://github.com/OISF/suricata/commit/414f97c6695c5a2e1d378a36a6f50d7288767634 (suricata-6.0.19) + NOTE: https://github.com/OISF/suricata/commit/d13bd2ae217a6d2ceb347f74d27cbfcd37b9bda9 (suricata-6.0.19) NOTE: https://redmine.openinfosecfoundation.org/issues/6672 NOTE: https://redmine.openinfosecfoundation.org/issues/6673 NOTE: https://redmine.openinfosecfoundation.org/issues/6677 CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.5-1 NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7 - NOTE: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379 - NOTE: https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4 + NOTE: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379 (suricata-7.0.5) + NOTE: https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4 (suricata-6.0.19) CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - suricata 1:7.0.5-1 NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r - NOTE: https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64 - NOTE: https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd - NOTE: https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019 - NOTE: https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 + NOTE: https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64 (suricata-6.0.19) + NOTE: https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019 (suricata-6.0.19) + NOTE: https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 (suricata-7.0.5) + NOTE: https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd (suricata-7.0.5) NOTE: https://redmine.openinfosecfoundation.org/issues/6892 NOTE: https://redmine.openinfosecfoundation.org/issues/6900 CVE-2024-32371 (An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e8eabaf2f7faaa2dd4bb0667a1a22ad8bbc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e8eabaf2f7faaa2dd4bb0667a1a22ad8bbc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d85816e2 by Salvatore Bonaccorso at 2024-05-08T23:33:34+02:00 Process some NFUs - - - - - ec0f49b4 by Salvatore Bonaccorso at 2024-05-08T23:33:34+02:00 Add new suricata issues - - - - - c528e26a by Salvatore Bonaccorso at 2024-05-08T23:33:35+02:00 Add two new glpi issues - - - - - c236e40b by Salvatore Bonaccorso at 2024-05-08T23:33:35+02:00 Add CVE-2024-32972/golang-github-go-ethereum - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,9 +27,9 @@ CVE-2024-4233 (Missing Authorization vulnerability in Tyche Softwares Print Invo CVE-2024-4135 (The WP Latest Posts plugin for WordPress is vulnerable to arbitrary sh ...) NOT-FOR-US: WordPress plugin CVE-2024-3951 (PTC Codebeamer is vulnerable to a cross site scripting vulnerability t ...) - TODO: check + NOT-FOR-US: PTC Codebeamer CVE-2024-3507 (Improper privilege management vulnerability in Lunar software that aff ...) - TODO: check + NOT-FOR-US: Lunar CVE-2024-34574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-34573 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -352,7 +352,7 @@ CVE-2024-4346 (The Startklar Elementor Addons plugin for WordPress is vulnerable CVE-2024-4345 (The Startklar Elementor Addons plugin for WordPress is vulnerable to a ...) NOT-FOR-US: WordPress plugin CVE-2024-34523 (AChecker 1.5 allows remote attackers to read the contents of arbitrary ...) - TODO: check + NOT-FOR-US: AChecker CVE-2024-34517 (The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privi ...) TODO: check CVE-2024-34342 (react-pdf displays PDFs in React apps. If PDF.js is used to load a mal ...) @@ -364,7 +364,7 @@ CVE-2024-34315 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusio CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vune ...) NOT-FOR-US: CmsEasy CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of service a ...) - TODO: check + NOT-FOR-US: Minder by Stacklok CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows Local File ...) NOT-FOR-US: Logpoint CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code sent throu ...) @@ -388,37 +388,57 @@ CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...) TODO: check CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33161 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33155 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33153 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33149 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33148 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33147 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33146 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33144 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33139 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: J2EEFAST CVE-2024-33124 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...) - TODO: check + NOT-FOR-US: Roothub CVE-2024-33122 (Roothub v2.6 was discovered to contain a SQL injection vulnerability v ...) - TODO: check + NOT-FOR-US: Roothub CVE-2024-33120 (Roothub v2.5 was discovered to contain an arbitrary file upload vulner ...) - TODO: check + NOT-FOR-US: Roothub CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) - TODO: check + - suricata 1:7.0.5-1 + NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5 + NOTE: https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9 + NOTE:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7dcb9db by Salvatore Bonaccorso at 2024-05-08T22:58:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80,35 +80,35 @@ CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbu - libmodbus NOTE: https://github.com/stephane/libmodbus/issues/743 CVE-2024-33612 (An improper certificate validation vulnerability exists in BIG-IP Next ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-33608 (When IPsec is configured on a virtual server, undisclosed traffic can ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-33604 (A reflected cross-site scripting (XSS) vulnerability exist in undisclo ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-33574 (Missing Authorization vulnerability in appsbd Vitepos.This issue affec ...) TODO: check CVE-2024-33573 (Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33382 (An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of se ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2024-32980 (Spin is the developer tool for building and running serverless applica ...) TODO: check CVE-2024-32886 (Vitess is a database clustering system for horizontal scaling of MySQL ...) - TODO: check + NOT-FOR-US: Vitess CVE-2024-32761 (Under certain conditions, a potential data leak may occur in the Traff ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-32113 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) - TODO: check + NOT-FOR-US: Apache OFBiz CVE-2024-32049 (BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-31961 (A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide bef ...) - TODO: check + NOT-FOR-US: Sonic Shopfloor CVE-2024-31270 (Missing Authorization vulnerability in Repute InfoSystems ARForms Form ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31156 (A stored cross-site scripting (XSS) vulnerability exists in an undiscl ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2024-30459 (Missing Authorization vulnerability in AIpost AI WP Writer.This issue ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-28971 (Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a P ...) TODO: check CVE-2024-28889 (When an SSL profile with alert timeout is configured with a non-defaul ...) @@ -366,25 +366,25 @@ CVE-2024-34314 (CmsEasy v7.7.7.9 was discovered to contain a local file inclusio CVE-2024-34084 (Minder's `HandleGithubWebhook` is susceptible to a denial of service a ...) TODO: check CVE-2024-33860 (An issue was discovered in Logpoint before 7.4.0. It allows Local File ...) - TODO: check + NOT-FOR-US: Logpoint CVE-2024-33859 (An issue was discovered in Logpoint before 7.4.0. HTML code sent throu ...) - TODO: check + NOT-FOR-US: Logpoint CVE-2024-33858 (An issue was discovered in Logpoint before 7.4.0. A path injection vul ...) - TODO: check + NOT-FOR-US: Logpoint CVE-2024-33857 (An issue was discovered in Logpoint before 7.4.0. Due to a lack of inp ...) - TODO: check + NOT-FOR-US: Logpoint CVE-2024-33856 (An issue was discovered in Logpoint before 7.4.0. An attacker can enum ...) - TODO: check + NOT-FOR-US: Logpoint CVE-2024-33783 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...) - TODO: check + NOT-FOR-US: MP-SPDZ CVE-2024-33782 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...) - TODO: check + NOT-FOR-US: MP-SPDZ CVE-2024-33781 (MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the func ...) - TODO: check + NOT-FOR-US: MP-SPDZ CVE-2024-33780 (MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via ...) - TODO: check + NOT-FOR-US: MP-SPDZ CVE-2024-33748 (Cross-site scripting (XSS) vulnerability in the search function in Mvn ...) - TODO: check + NOT-FOR-US: MvnRepository MS Basic CVE-2024-33434 (An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f ...) TODO: check CVE-2024-33164 (J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerabilit ...) @@ -420,11 +420,11 @@ CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion Prev CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) TODO: check CVE-2024-32371 (An issue in HSC Cybersecurity HC
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-34244/libmodbus
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94c8e1e3 by Salvatore Bonaccorso at 2024-05-08T22:57:06+02:00 Add CVE-2024-34244/libmodbus - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77,7 +77,8 @@ CVE-2024-34257 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in CVE-2024-34255 (jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in ...) NOT-FOR-US: jizhicms CVE-2024-34244 (libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_writ ...) - TODO: check + - libmodbus + NOTE: https://github.com/stephane/libmodbus/issues/743 CVE-2024-33612 (An improper certificate validation vulnerability exists in BIG-IP Next ...) TODO: check CVE-2024-33608 (When IPsec is configured on a virtual server, undisclosed traffic can ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94c8e1e3ab804634f049684c892d3b34b20edb59 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94c8e1e3ab804634f049684c892d3b34b20edb59 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits