Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3fc56f07 by Salvatore Bonaccorso at 2024-03-06T21:53:50+01:00 Process some NFUs - - - - - 15b87118 by Salvatore Bonaccorso at 2024-03-06T21:53:52+01:00 Add CVE-2024-27289/golang-github-jackc-pgx - - - - - 4a40a821 by Salvatore Bonaccorso at 2024-03-06T21:53:54+01:00 Add CVE-2024-24761/galette - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,5 +1,5 @@ CVE-2024-2211 (Cross-Site Scripting stored vulnerability in Gophish affecting version ...) - TODO: check + NOT-FOR-US: Gophish CVE-2024-28174 (In JetBrains TeamCity before 2023.11.4 presigned URL generation reques ...) NOT-FOR-US: JetBrains TeamCity CVE-2024-28173 (In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build param ...) @@ -23,41 +23,43 @@ CVE-2024-27303 (electron-builder is a solution to package and build a ready for CVE-2024-27302 (go-zero is a web and rpc framework. Go-zero allows user to specify a C ...) TODO: check CVE-2024-27289 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2 ...) - TODO: check + - golang-github-jackc-pgx <unfixed> + NOTE: https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p + NOTE: https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c (v4.18.2) CVE-2024-27288 (1Panel is an open source Linux server operation and maintenance manage ...) NOT-FOR-US: 1Panel CVE-2024-27287 (ESPHome is a system to control your ESP8266/ESP32 for Home Automation ...) NOT-FOR-US: ESPHome CVE-2024-25359 (An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execu ...) - TODO: check + NOT-FOR-US: zuoxingdong lagom CVE-2024-25103 (This vulnerability exists in AppSamvid software due to the usage of vu ...) - TODO: check + NOT-FOR-US: AppSamvid software CVE-2024-25102 (This vulnerability exists in AppSamvid software due to the usage of a ...) - TODO: check + NOT-FOR-US: AppSamvid software CVE-2024-24767 (CasaOS-UserService provides user management functionalities to CasaOS. ...) - TODO: check + NOT-FOR-US: CasaOS CVE-2024-24766 (CasaOS-UserService provides user management functionalities to CasaOS. ...) - TODO: check + NOT-FOR-US: CasaOS CVE-2024-24765 (CasaOS-UserService provides user management functionalities to CasaOS. ...) - TODO: check + NOT-FOR-US: CasaOS CVE-2024-24761 (Galette is a membership management web application for non profit orga ...) - TODO: check + - galette <removed> CVE-2024-20346 (A vulnerability in the web-based management interface of Cisco AppDyna ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20345 (A vulnerability in the file upload functionality of Cisco AppDynamics ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20338 (A vulnerability in the ISE Posture (System Scan) module of Cisco Secur ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20337 (A vulnerability in the SAML authentication process of Cisco Secure Cli ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20336 (A vulnerability in the web-based user interface of Cisco Small Busines ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20335 (A vulnerability in the web-based management interface of Cisco Small B ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20301 (A vulnerability in Cisco Duo Authentication for Windows Logon and RDP ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-20292 (A vulnerability in the logging component of Cisco Duo Authentication f ...) - TODO: check + NOT-FOR-US: Cisco CVE-2024-1224 (This vulnerability exists in USB Pratirodh due to the usage of a weake ...) TODO: check CVE-2024-1142 (Path Traversal in Sonatype IQ Server from version 143 allows remote au ...) @@ -4152,7 +4154,7 @@ CVE-2024-22220 (An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 CVE-2024-20325 (A vulnerability in the Live Data server of Cisco Unified Intelligence ...) NOT-FOR-US: Cisco CVE-2024-1714 (An issue exists in all supported versions of IdentityIQ Lifecycle Mana ...) - TODO: check + NOT-FOR-US: IdentityIQ Lifecycle Manager CVE-2024-1709 (ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authenti ...) NOT-FOR-US: ConnectWise ScreenConnect CVE-2024-1708 (ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traver ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/73dedb18d9cf68d1327125f6c252a37a4cb0d846...4a40a82117256760ce6a04c471294c059cefc53c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/73dedb18d9cf68d1327125f6c252a37a4cb0d846...4a40a82117256760ce6a04c471294c059cefc53c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits