Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 80a89ccd by security tracker role at 2024-02-26T20:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,31 +1,131 @@ +CVE-2024-27092 (Hoppscotch is an API development ecosystem. Due to lack of validation ...) + TODO: check +CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions with very ...) + TODO: check +CVE-2024-27087 (Kirby is a content management system. The new link field introduced in ...) + TODO: check +CVE-2024-27084 + REJECTED +CVE-2024-27081 (ESPHome is a system to control your ESP8266/ESP32. A security misconfi ...) + TODO: check +CVE-2024-26468 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) + TODO: check +CVE-2024-26467 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) + TODO: check +CVE-2024-26466 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) + TODO: check +CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the component ...) + TODO: check +CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...) + TODO: check +CVE-2024-26461 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...) + TODO: check +CVE-2024-26458 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/r ...) + TODO: check +CVE-2024-26455 (fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bi ...) + TODO: check +CVE-2024-25925 (Unrestricted Upload of File with Dangerous Type vulnerability in SYSBA ...) + TODO: check +CVE-2024-25913 (Unrestricted Upload of File with Dangerous Type vulnerability in Skymo ...) + TODO: check +CVE-2024-25909 (Unrestricted Upload of File with Dangerous Type vulnerability in JoomU ...) + TODO: check +CVE-2024-25770 (libming 0.4.8 contains a memory leak vulnerability in /libming/src/act ...) + TODO: check +CVE-2024-25768 (OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in / ...) + TODO: check +CVE-2024-25767 (nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/s ...) + TODO: check +CVE-2024-25763 (openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c ...) + TODO: check +CVE-2024-25760 (yasm 1.3.0 contains a memory leak via /yasm/tools/genmacro/genmacro.c.) + TODO: check +CVE-2024-25410 (flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dan ...) + TODO: check +CVE-2024-25344 (Cross Site Scripting vulnerability in ITFlow.org before commit v.43248 ...) + TODO: check +CVE-2024-25082 (Splinefont in FontForge through 20230101 allows command injection via ...) + TODO: check +CVE-2024-25081 (Splinefont in FontForge through 20230101 allows command injection via ...) + TODO: check +CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability in bPlug ...) + TODO: check +CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-24528 + REJECTED +CVE-2024-24402 (An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate p ...) + TODO: check +CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote att ...) + TODO: check +CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...) + TODO: check +CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...) + TODO: check +CVE-2024-23605 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) + TODO: check +CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) + TODO: check +CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...) + TODO: check +CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...) + TODO: check +CVE-2024-21836 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) + TODO: check +CVE-2024-21825 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) + TODO: check +CVE-2024-21802 (A heap-based buffer overflow vulnerability exists in the GGUF library ...) + TODO: check +CVE-2024-1899 (An issue in the anchors subparser of Showdownjs versions <= 2.1.0 coul ...) + TODO: check +CVE-2024-1890 (Vulnerability whereby an attacker could send a malicious link to an au ...) + TODO: check +CVE-2024-1889 (Cross-Site Request Forgery vulnerability in SMA Cluster Controller, af ...) + TODO: check +CVE-2024-1622 (Due to a mistake in error checking, Routinator will terminate when an ...) + TODO: check +CVE-2024-1436 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + TODO: check +CVE-2024-0387 (The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding ...) + TODO: check +CVE-2023-49960 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vuln ...) + TODO: check +CVE-2023-49959 (In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection v ...) + TODO: check +CVE-2023-49114 (A DLL hijacking vulnerability was identified in the Qognify VMS Client ...) + TODO: check CVE-2023-51518 NOT-FOR-US: Apache James -CVE-2023-52474 [IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests] +CVE-2023-52474 (In the Linux kernel, the following vulnerability has been resolved: I ...) - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 [bullseye] - linux 5.10.191-1 NOTE: https://git.kernel.org/linus/00cbce5cbf88459cd1aa1d60d0f1df15477df127 (6.4-rc1) -CVE-2021-46906 [HID: usbhid: fix info leak in hid_submit_ctrl] +CVE-2021-46906 (In the Linux kernel, the following vulnerability has been resolved: H ...) - linux 5.14.6-1 [bullseye] - linux 5.10.46-1 [buster] - linux 4.19.208-1 NOTE: https://git.kernel.org/linus/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f (5.13-rc5) -CVE-2020-36775 [f2fs: fix to avoid potential deadlock] +CVE-2020-36775 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 5.6.7-1 NOTE: https://git.kernel.org/linus/df77fbd8c5b222c680444801ffd20e8bbc90a56e (5.7-rc1) -CVE-2019-25162 [i2c: Fix a potential use after free] +CVE-2019-25162 (In the Linux kernel, the following vulnerability has been resolved: i ...) - linux 5.19.6-1 [bullseye] - linux 5.10.140-1 [buster] - linux 4.19.260-1 NOTE: https://git.kernel.org/linus/e4c72c06c367758a14f227c847f9d623f1994ecf (6.0-rc1) -CVE-2019-25161 [drm/amd/display: prevent memory leak] +CVE-2019-25161 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 5.4.6-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d (5.4-rc1) -CVE-2019-25160 [netlabel: fix out-of-bounds memory accesses] +CVE-2019-25160 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 4.19.28-1 NOTE: https://git.kernel.org/linus/5578de4834fe0f2a34fedc7374be691443396d1f (5.0) -CVE-2024-26606 [binder: signal epoll threads of self-work] +CVE-2024-26606 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/97830f3c3088638ff90b20dfba2eb4d487bf14d7 (6.8-rc3) CVE-2024-27456 (rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for th ...) @@ -209,7 +309,7 @@ CVE-2024-21423 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerabi NOT-FOR-US: Microsoft CVE-2024-1810 (The Archivist \u2013 Custom Archive Templates plugin for WordPress is ...) NOT-FOR-US: WordPress plugin -CVE-2024-22371 +CVE-2024-22371 (Exposure of sensitive data by by crafting a malicious EventFactory and ...) NOT-FOR-US: Apache Camel CVE-2024-27319 (Versions of the package onnx before and including 1.15.0 are vulnerabl ...) NOT-FOR-US: onnx @@ -622,9 +722,9 @@ CVE-2024-26484 (A stored cross-site scripting (XSS) vulnerability in the Edit Co NOT-FOR-US: Kirby CMS module CVE-2024-26483 (An arbitrary file upload vulnerability in the Profile Image module of ...) NOT-FOR-US: Kirby CMS module -CVE-2024-26482 (An HTML injection vulnerability in the Edit Content Layout module of K ...) +CVE-2024-26482 (An HTML injection vulnerability exists in the Edit Content Layout modu ...) NOT-FOR-US: Kirby CMS module -CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scri ...) +CVE-2024-26481 (Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulner ...) NOT-FOR-US: Kirby CMS CVE-2024-26148 (Querybook is a user interface for querying big data. Prior to version ...) NOT-FOR-US: Querybook @@ -3421,6 +3521,7 @@ CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform. CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...) NOT-FOR-US: DIRAC CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...) + {DSA-5632-1} - composer 2.7.1-1 (bug #1063603) NOTE: https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h NOTE: https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 (2.7.0) @@ -4432,7 +4533,7 @@ CVE-2023-5643 (Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel D CVE-2023-5249 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) NOT-FOR-US: Arm CVE-2023-52138 (Engrampa is an archive manager for the MATE environment. Engrampa is f ...) - {DSA-5625-1} + {DSA-5625-1 DLA-3741-1} - engrampa 1.26.2-1 (bug #1063494) NOTE: https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v NOTE: https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970 @@ -7960,6 +8061,7 @@ CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) vulnerability has been found CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on WIC1200, ...) NOT-FOR-US: WIC200 CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malformed c ...) + {DLA-3740-1} - gnutls28 3.8.3-1 (bug #1061046) [bookworm] - gnutls28 3.7.9-2+deb12u2 [bullseye] - gnutls28 <not-affected> (Incomplete fix for CVE-2023-5981 not published officially in any Debian bullseye release) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80a89ccd4f9b3d0cfc7f49cb9884987b04f38080 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits