Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3fd6e59a by security tracker role at 2024-04-18T08:11:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2024-3932 (A vulnerability classified as problematic has been found in
Totara LMS ...)
+ TODO: check
+CVE-2024-3931 (A vulnerability was found in Totara LMS 18.0.1 Build
20231128.01. It h ...)
+ TODO: check
+CVE-2024-3928 (A vulnerability was found in Dromara open-capacity-platform
2.0.1. It ...)
+ TODO: check
+CVE-2024-32746 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32745 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32744 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32743 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32472 (excalidraw is an open source virtual hand-drawn style
whiteboard. A st ...)
+ TODO: check
+CVE-2024-32345 (A cross-site scripting (XSS) vulnerability in the Settings
menu of CMS ...)
+ TODO: check
+CVE-2024-32344 (A cross-site scripting (XSS) vulnerability in the Settings
menu of CMS ...)
+ TODO: check
+CVE-2024-32343 (A cross-site scripting (XSS) vulnerability in the Create Page
of Boid ...)
+ TODO: check
+CVE-2024-32342 (A cross-site scripting (XSS) vulnerability in the Create Page
of Boid ...)
+ TODO: check
+CVE-2024-32341 (Multiple cross-site scripting (XSS) vulnerabilities in the
Home page o ...)
+ TODO: check
+CVE-2024-32340 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32339 (Multiple cross-site scripting (XSS) vulnerabilities in the HOW
TO page ...)
+ TODO: check
+CVE-2024-32338 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-32337 (A cross-site scripting (XSS) vulnerability in the Settings
section of ...)
+ TODO: check
+CVE-2024-31869 (Airflow versions 2.7.0 through 2.8.4 have a vulnerability that
allows ...)
+ TODO: check
+CVE-2024-2729 (The Otter Blocks WordPress plugin before 2.6.6 does not
properly esca ...)
+ TODO: check
+CVE-2024-29956 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a
prints the ...)
+ TODO: check
+CVE-2024-29955 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a
could allo ...)
+ TODO: check
+CVE-2024-29952 (A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a
could allo ...)
+ TODO: check
+CVE-2024-1429 (The Element Pack Elementor Addons (Header Footer, Free Template
Librar ...)
+ TODO: check
+CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template
Librar ...)
+ TODO: check
+CVE-2023-4509 (It is possible for an API key to be logged in clear text in the
audit ...)
+ TODO: check
+CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
+ TODO: check
+CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
+ TODO: check
+CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
+ TODO: check
+CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A
stack ...)
+ TODO: check
CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60
allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
@@ -11452,7 +11510,7 @@ CVE-2024-24693 (Improper access control in the
installer for Zoom Rooms Client f
CVE-2024-24692 (Race condition in the installer for Zoom Rooms Client for
Windows befo ...)
NOT-FOR-US: Zoom
CVE-2024-24549 (Denial of Service due to improper input validation
vulnerability for H ...)
- {DLA-3779-1}
+ {DSA-5665-1 DLA-3779-1}
- tomcat10 10.1.20-1 (bug #1066878)
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg
@@ -11460,7 +11518,7 @@ CVE-2024-24549 (Denial of Service due to improper input
validation vulnerability
NOTE:
https://github.com/apache/tomcat/commit/8e03be9f2698f2da9027d40b9e9c0c9429b74dc0
(9.0.86)
NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack,
using that as the fixed version
CVE-2024-23672 (Denial of Service via incomplete cleanup vulnerability in
Apache Tomca ...)
- {DLA-3779-1}
+ {DSA-5665-1 DLA-3779-1}
- tomcat10 10.1.20-1 (bug #1066877)
- tomcat9 9.0.70-2
NOTE: https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f
@@ -16334,7 +16392,7 @@ CVE-2024-23496 (A heap-based buffer overflow
vulnerability exists in the GGUF li
CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to
contain a Ser ...)
NOT-FOR-US: Tencent Blueking CMDB
CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2
SSL con ...)
- {DLA-3780-1}
+ {DSA-5664-1 DLA-3780-1}
- jetty9 9.4.54-1 (bug #1064923)
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
NOTE: https://github.com/jetty/jetty.project/issues/11256
@@ -34219,7 +34277,7 @@ CVE-2023-40056 (SQL Injection Remote Code Vulnerability
was found in the SolarWi
CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and
3.1.0-3.1.5, ...)
NOT-FOR-US: Spring Boot
CVE-2023-46589 (Improper Input Validation vulnerability in Apache
Tomcat.Tomcat from 1 ...)
- {DLA-3707-1}
+ {DSA-5665-1 DLA-3707-1}
- tomcat10 10.1.16-1 (bug #1057082)
- tomcat9 9.0.70-2
[bullseye] - tomcat9 <postponed> (Minor issue, fix along in next DSA)
@@ -122448,7 +122506,7 @@ CVE-2022-38712 ("IBM WebSphere Application Server
7.0, 8.0, 8.5, and 9.0 Web ser
NOT-FOR-US: IBM
CVE-2022-38711
RESERVED
-CVE-2022-38710 ("IBM Robotic Process Automation 21.0.1 and 21.0.2 could
disclose sensi ...)
+CVE-2022-38710 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could
disclose sensit ...)
NOT-FOR-US: IBM
CVE-2022-38709 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for
Cloud Pa ...)
NOT-FOR-US: IBM
@@ -243872,7 +243930,7 @@ CVE-2021-20601 (Improper input validation
vulnerability in GOT2000 series GT27 m
NOT-FOR-US: Mitsubishi
CVE-2021-20600 (Uncontrolled resource consumption in Mitsubishi Electric
MELSEC iQ-R s ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20599 (Cleartext transmission of sensitive information vulnerability
in MELSE ...)
+CVE-2021-20599 (Cleartext Transmission of Sensitive InformationCleartext
transmission ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in
Mitsubis ...)
NOT-FOR-US: Mitsubishi
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd6e59affd815d675cb5150d1add8d574b01969
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd6e59affd815d675cb5150d1add8d574b01969
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
