Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3fd6e59a by security tracker role at 2024-04-18T08:11:47+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,61 @@ +CVE-2024-3932 (A vulnerability classified as problematic has been found in Totara LMS ...) + TODO: check +CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It h ...) + TODO: check +CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform 2.0.1. It ...) + TODO: check +CVE-2024-32746 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32745 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32744 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32743 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32472 (excalidraw is an open source virtual hand-drawn style whiteboard. A st ...) + TODO: check +CVE-2024-32345 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-32344 (A cross-site scripting (XSS) vulnerability in the Settings menu of CMS ...) + TODO: check +CVE-2024-32343 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) + TODO: check +CVE-2024-32342 (A cross-site scripting (XSS) vulnerability in the Create Page of Boid ...) + TODO: check +CVE-2024-32341 (Multiple cross-site scripting (XSS) vulnerabilities in the Home page o ...) + TODO: check +CVE-2024-32340 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32339 (Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page ...) + TODO: check +CVE-2024-32338 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-32337 (A cross-site scripting (XSS) vulnerability in the Settings section of ...) + TODO: check +CVE-2024-31869 (Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows ...) + TODO: check +CVE-2024-2729 (The Otter Blocks WordPress plugin before 2.6.6 does not properly esca ...) + TODO: check +CVE-2024-29956 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the ...) + TODO: check +CVE-2024-29955 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) + TODO: check +CVE-2024-29952 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allo ...) + TODO: check +CVE-2024-1429 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template Librar ...) + TODO: check +CVE-2023-4509 (It is possible for an API key to be logged in clear text in the audit ...) + TODO: check +CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check +CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) + TODO: check CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...) - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) @@ -11452,7 +11510,7 @@ CVE-2024-24693 (Improper access control in the installer for Zoom Rooms Client f CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for Windows befo ...) NOT-FOR-US: Zoom CVE-2024-24549 (Denial of Service due to improper input validation vulnerability for H ...) - {DLA-3779-1} + {DSA-5665-1 DLA-3779-1} - tomcat10 10.1.20-1 (bug #1066878) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg @@ -11460,7 +11518,7 @@ CVE-2024-24549 (Denial of Service due to improper input validation vulnerability NOTE: https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0 (9.0.86) NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in Apache Tomca ...) - {DLA-3779-1} + {DSA-5665-1 DLA-3779-1} - tomcat10 10.1.20-1 (bug #1066877) - tomcat9 9.0.70-2 NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f @@ -16334,7 +16392,7 @@ CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF li CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...) NOT-FOR-US: Tencent Blueking CMDB CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...) - {DLA-3780-1} + {DSA-5664-1 DLA-3780-1} - jetty9 9.4.54-1 (bug #1064923) NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 NOTE: https://github.com/jetty/jetty.project/issues/11256 @@ -34219,7 +34277,7 @@ CVE-2023-40056 (SQL Injection Remote Code Vulnerability was found in the SolarWi CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, ...) NOT-FOR-US: Spring Boot CVE-2023-46589 (Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...) - {DLA-3707-1} + {DSA-5665-1 DLA-3707-1} - tomcat10 10.1.16-1 (bug #1057082) - tomcat9 9.0.70-2 [bullseye] - tomcat9 <postponed> (Minor issue, fix along in next DSA) @@ -122448,7 +122506,7 @@ CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web ser NOT-FOR-US: IBM CVE-2022-38711 RESERVED -CVE-2022-38710 ("IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensi ...) +CVE-2022-38710 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensit ...) NOT-FOR-US: IBM CVE-2022-38709 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pa ...) NOT-FOR-US: IBM @@ -243872,7 +243930,7 @@ CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 m NOT-FOR-US: Mitsubishi CVE-2021-20600 (Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R s ...) NOT-FOR-US: Mitsubishi -CVE-2021-20599 (Cleartext transmission of sensitive information vulnerability in MELSE ...) +CVE-2021-20599 (Cleartext Transmission of Sensitive InformationCleartext transmission ...) NOT-FOR-US: Mitsubishi CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...) NOT-FOR-US: Mitsubishi View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd6e59affd815d675cb5150d1add8d574b01969 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd6e59affd815d675cb5150d1add8d574b01969 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits