[Git][security-tracker-team/security-tracker][master] Drop note for exim4, will get a DSA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05e777fd by Salvatore Bonaccorso at 2024-01-04T07:30:54+01:00 Drop note for exim4, will get a DSA - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -21,7 +21,6 @@ cryptojs dnsdist (jmm) -- exim4 (carnil) - Clarifying with maintainer on route to perform, cf. #1059387 -- frr -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e777fdc433c82b083a56750a9fe59775201008 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05e777fdc433c82b083a56750a9fe59775201008 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b16b3f8 by Salvatore Bonaccorso at 2024-01-04T07:29:52+01:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa -- asterisk (apo) -- +chromium (dilinger) +-- cryptojs -- dnsdist (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b16b3f8c7473b14ecf013480f7fbabc0a17c5c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b16b3f8c7473b14ecf013480f7fbabc0a17c5c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a3871aab by Salvatore Bonaccorso at 2024-01-04T07:27:53+01:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-0225 + - chromium + [buster] - chromium (see DSA 5046) +CVE-2024-0224 + - chromium + [buster] - chromium (see DSA 5046) +CVE-2024-0223 + - chromium + [buster] - chromium (see DSA 5046) +CVE-2024-0222 + - chromium + [buster] - chromium (see DSA 5046) CVE-2024-21911 (TinyMCE versions before 5.6.0 are affected by a stored cross-site scri ...) - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3871aab3b4f744d6fd9fd1926ed0dd0887cb2f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3871aab3b4f744d6fd9fd1926ed0dd0887cb2f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-0217/packagekit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2200e35 by Salvatore Bonaccorso at 2024-01-04T07:21:22+01:00 Add CVE-2024-0217/packagekit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,7 +20,9 @@ CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90. CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...) NOT-FOR-US: Craft CMS CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...) - TODO: check + - packagekit + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2256624 + TODO: check, RHBZ#2256624 claims fixed in upstream 1.2.7 but provides no references CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable ...) NOT-FOR-US: WordPress plugin CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2200e355fd5f46e99542b7711554beb4721e521 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2200e355fd5f46e99542b7711554beb4721e521 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2023-52322/spip assigned
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 127f3506 by Salvatore Bonaccorso at 2024-01-04T07:18:07+01:00 CVE-2023-52322/spip assigned - - - - - 3 changed files: - data/CVE/list - data/next-oldstable-point-update.txt - data/next-point-update.txt Changes: = data/CVE/list = @@ -1577,7 +1577,7 @@ CVE-2023-42017 (IBM Planning Analytics Local 2.0 could allow a remote attacker t NOT-FOR-US: IBM CVE-2023-39251 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...) NOT-FOR-US: Dell -CVE-2023- [XSS issue fixed in 4.1.13 upstream] +CVE-2023-52322 [XSS issue fixed in 4.1.13 upstream] - spip 4.1.13+dfsg-1 (bug #1059331) [bookworm] - spip (Minor issue) [bullseye] - spip (Minor issue) = data/next-oldstable-point-update.txt = @@ -108,9 +108,8 @@ CVE-2023-22084 [bullseye] - mariadb-10.5 1:10.5.23-0+deb11u1 CVE-2022-48521 [bullseye] - opendkim 2.11.0~beta2-4+deb11u1 -CVE-2023- [XSS issue fixed in 4.1.13 upstream] +CVE-2023-52322 [bullseye] - spip 3.2.11-3+deb11u10 - NOTE: For Debian bug #1059331 CVE-2023-51764 [bullseye] - postfix 3.5.23-0+deb11u1 CVE-2023-48795 = data/next-point-update.txt = @@ -46,9 +46,8 @@ CVE-2023-22084 [bookworm] - mariadb 1:10.11.6-0+deb12u1 CVE-2023-49284 [bookworm] - fish 3.6.0-3.1+deb12u1 -CVE-2023- [XSS issue fixed in 4.1.13 upstream] +CVE-2023-52322 [bookworm] - spip 4.1.9+dfsg-1+deb12u3 - NOTE: For Debian bug #1059331 CVE-2023-51764 [bookworm] - postfix 3.7.9-0+deb12u1 CVE-2023-7008 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127f35062d396f1e679103612f121002012c5f89 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127f35062d396f1e679103612f121002012c5f89 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e97a080c by Salvatore Bonaccorso at 2024-01-03T22:16:27+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16,7 +16,7 @@ CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In NOTE: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w NOTE: https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...) - TODO: check + NOT-FOR-US: Vapor CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...) NOT-FOR-US: Craft CMS CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...) @@ -32,11 +32,11 @@ CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for Wo CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2023-5881 (Unauthenticated access permitted to web interface page The Genie Compa ...) - TODO: check + NOT-FOR-US: Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrofit-Ki ...) - TODO: check + NOT-FOR-US: Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) CVE-2023-5879 (Users\u2019 product account authentication data was stored in clear te ...) - TODO: check + NOT-FOR-US: Genie Company Aladdin Connect Mobile Application CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in convert_shape_com ...) NOT-FOR-US: PaddlePaddle CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before 2.6.0. Th ...) @@ -66,13 +66,13 @@ CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This fl CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers ca ...) NOT-FOR-US: GL.iNet devices CVE-2023-50253 (Laf is a cloud development platform. In the Laf version design, the lo ...) - TODO: check + NOT-FOR-US: Laf CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable ...) NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7 CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable t ...) NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7 CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile method of ure ...) - TODO: check + NOT-FOR-US: ureport CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box ...) - gpac NOTE: https://github.com/gpac/gpac/issues/2662 @@ -37517,7 +37517,7 @@ CVE-2023-30619 (Tuleap Open ALM is a Libre and Open Source tool for end to end t CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...) NOT-FOR-US: Kitchen-Terraform CVE-2023-30617 (Kruise provides automated management of large-scale applications on Ku ...) - TODO: check + NOT-FOR-US: Kruise CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...) NOT-FOR-US: WordPress plugin CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e97a080c57fef9b2e1782bf2e6e8668d458dd747 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e97a080c57fef9b2e1782bf2e6e8668d458dd747 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-21633/apktool
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71333587 by Salvatore Bonaccorso at 2024-01-03T22:15:47+01:00 Add CVE-2024-21633/apktool - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12,7 +12,9 @@ CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-sit CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandling of ...) TODO: check CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...) - TODO: check + - apktool + NOTE: https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w + NOTE: https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...) TODO: check CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71333587065356bcaea80f56ee6b07f7f0ebbe92 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71333587065356bcaea80f56ee6b07f7f0ebbe92 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bf54b00f by Salvatore Bonaccorso at 2024-01-03T21:36:49+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -76,15 +76,15 @@ CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in NOTE: https://github.com/gpac/gpac/issues/2662 NOTE: https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6 CVE-2023-46742 (CubeFS is an open-source cloud-native file storage system. CubeFS prio ...) - TODO: check + NOT-FOR-US: CubeFS CVE-2023-46741 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) - TODO: check + NOT-FOR-US: CubeFS CVE-2023-46740 (CubeFS is an open-source cloud-native file storage system. Prior to ve ...) - TODO: check + NOT-FOR-US: CubeFS CVE-2023-46739 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) - TODO: check + NOT-FOR-US: CubeFS CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A security ...) - TODO: check + NOT-FOR-US: CubeFS CVE-2023-45559 (An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send cra ...) NOT-FOR-US: Tamaki_hamanoki Line CVE-2023-39655 (A host header injection vulnerability exists in the NPM package @perfo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf54b00f0cd78fc59b363447b3c65e95e2b9871f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf54b00f0cd78fc59b363447b3c65e95e2b9871f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-46929/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4408e89f by Salvatore Bonaccorso at 2024-01-03T21:35:42+01:00 Add CVE-2023-46929/gpac - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72,7 +72,9 @@ CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulner CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile method of ure ...) TODO: check CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box ...) - TODO: check + - gpac + NOTE: https://github.com/gpac/gpac/issues/2662 + NOTE: https://github.com/gpac/gpac/commit/4248def5d24325aeb0e35cacde3d56c9411816a6 CVE-2023-46742 (CubeFS is an open-source cloud-native file storage system. CubeFS prio ...) TODO: check CVE-2023-46741 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4408e89f60bc472bfd8c275c210caaa5cf5dc9b7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4408e89f60bc472bfd8c275c210caaa5cf5dc9b7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7aa3c240 by Salvatore Bonaccorso at 2024-01-03T21:22:07+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,7 @@ CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by a cross-site scri - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39 CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of ...) - TODO: check + NOT-FOR-US: PeterO.Cbor CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-site scri ...) - tinymce NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg @@ -16,19 +16,19 @@ CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...) TODO: check CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...) - TODO: check + NOT-FOR-US: Craft CMS CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...) TODO: check CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6984 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5881 (Unauthenticated access permitted to web interface page The Genie Compa ...) TODO: check CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrofit-Ki ...) @@ -36,39 +36,39 @@ CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrof CVE-2023-5879 (Users\u2019 product account authentication data was stored in clear te ...) TODO: check CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in convert_shape_com ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before 2.6.0. Th ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52312 (Nullptr dereference in paddle.cropin PaddlePaddle before 2.6.0. This f ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52311 (PaddlePaddle before 2.6.0 has a command injection in _wget_download. T ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52310 (PaddlePaddle before 2.6.0 has a command injection in get_online_pass_i ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52309 (Heap buffer overflow in paddle.repeat_interleavein PaddlePaddle before ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52308 (FPE in paddle.aminin PaddlePaddle before 2.6.0. This flaw can cause a ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52307 (Stack overflow in paddle.linalg.lu_unpackin PaddlePaddle before 2.6.0. ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52306 (FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can cause a ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52305 (FPE in paddle.topkin PaddlePaddle before 2.6.0. This flaw can cause a ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52304 (Stack overflow in paddle.searchsortedin PaddlePaddle before 2.6.0. Thi ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52303 (Nullptr in paddle.put_along_axisin PaddlePaddle before 2.6.0. This fla ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This flaw can ...) - TODO: check + NOT-FOR-US: PaddlePaddle CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers ca ...) - TODO: check + NOT-FOR-US: GL.iNet devices CVE-2023-50253 (Laf is a cloud development platform. In the Laf version design, the lo ...) TODO: check CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable ...) - TODO: check + NOT-FOR-US: APIIDA API Gateway Manager for Broadcom Layer7 CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable t ...) - TODO:
[Git][security-tracker-team/security-tracker][master] Add three new issues in tinymce
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81abd204 by Salvatore Bonaccorso at 2024-01-03T21:17:26+01:00 Add three new issues in tinymce - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,14 @@ CVE-2024-21911 (TinyMCE versions before 5.6.0 are affected by a stored cross-site scri ...) - TODO: check + - tinymce + NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by a cross-site scripting ...) - TODO: check + - tinymce + NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39 CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of ...) TODO: check CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-site scri ...) - TODO: check + - tinymce + NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandling of ...) TODO: check CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81abd2042f4e11a8159652f25d3971bcf611b4d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81abd2042f4e11a8159652f25d3971bcf611b4d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fd49bd10 by security tracker role at 2024-01-03T20:11:38+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,106 @@ -CVE-2023-51785 +CVE-2024-21911 (TinyMCE versions before 5.6.0 are affected by a stored cross-site scri ...) + TODO: check +CVE-2024-21910 (TinyMCE versions before 5.10.0 are affected by a cross-site scripting ...) + TODO: check +CVE-2024-21909 (PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of ...) + TODO: check +CVE-2024-21908 (TinyMCE versions before 5.9.0 are affected by a stored cross-site scri ...) + TODO: check +CVE-2024-21907 (Newtonsoft.Json before version 13.0.1 is affected by a mishandling of ...) + TODO: check +CVE-2024-21633 (Apktool is a tool for reverse engineering Android APK files. In versio ...) + TODO: check +CVE-2024-21631 (Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vap ...) + TODO: check +CVE-2024-21622 (Craft is a content management system. This is a potential moderate imp ...) + TODO: check +CVE-2024-0217 (A use-after-free flaw was found in PackageKitd. In some conditions, th ...) + TODO: check +CVE-2024-0201 (The Product Expiry for WooCommerce plugin for WordPress is vulnerable ...) + TODO: check +CVE-2023-7068 (The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shippi ...) + TODO: check +CVE-2023-6984 (The PowerPack Addons for Elementor (Free Widgets, Extensions and Templ ...) + TODO: check +CVE-2023-6747 (The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPre ...) + TODO: check +CVE-2023-6621 (The POST SMTP WordPress plugin before 2.8.7 does not sanitise and esca ...) + TODO: check +CVE-2023-5881 (Unauthenticated access permitted to web interface page The Genie Compa ...) + TODO: check +CVE-2023-5880 (When the Genie Company Aladdin Connect garage door opener (Retrofit-Ki ...) + TODO: check +CVE-2023-5879 (Users\u2019 product account authentication data was stored in clear te ...) + TODO: check +CVE-2023-52314 (PaddlePaddle before 2.6.0 has a command injection in convert_shape_com ...) + TODO: check +CVE-2023-52313 (FPE in paddle.argmin and paddle.argmaxin PaddlePaddle before 2.6.0. Th ...) + TODO: check +CVE-2023-52312 (Nullptr dereference in paddle.cropin PaddlePaddle before 2.6.0. This f ...) + TODO: check +CVE-2023-52311 (PaddlePaddle before 2.6.0 has a command injection in _wget_download. T ...) + TODO: check +CVE-2023-52310 (PaddlePaddle before 2.6.0 has a command injection in get_online_pass_i ...) + TODO: check +CVE-2023-52309 (Heap buffer overflow in paddle.repeat_interleavein PaddlePaddle before ...) + TODO: check +CVE-2023-52308 (FPE in paddle.aminin PaddlePaddle before 2.6.0. This flaw can cause a ...) + TODO: check +CVE-2023-52307 (Stack overflow in paddle.linalg.lu_unpackin PaddlePaddle before 2.6.0. ...) + TODO: check +CVE-2023-52306 (FPE in paddle.lerpin PaddlePaddle before 2.6.0. This flaw can cause a ...) + TODO: check +CVE-2023-52305 (FPE in paddle.topkin PaddlePaddle before 2.6.0. This flaw can cause a ...) + TODO: check +CVE-2023-52304 (Stack overflow in paddle.searchsortedin PaddlePaddle before 2.6.0. Thi ...) + TODO: check +CVE-2023-52303 (Nullptr in paddle.put_along_axisin PaddlePaddle before 2.6.0. This fla ...) + TODO: check +CVE-2023-52302 (Nullptr in paddle.nextafterin PaddlePaddle before 2.6.0. This flaw can ...) + TODO: check +CVE-2023-50921 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers ca ...) + TODO: check +CVE-2023-50253 (Laf is a cloud development platform. In the Laf version design, the lo ...) + TODO: check +CVE-2023-50093 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable ...) + TODO: check +CVE-2023-50092 (APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable t ...) + TODO: check +CVE-2023-50090 (Arbitrary File Write vulnerability in the saveReportFile method of ure ...) + TODO: check +CVE-2023-46929 (An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box ...) + TODO: check +CVE-2023-46742 (CubeFS is an open-source cloud-native file storage system. CubeFS prio ...) + TODO: check +CVE-2023-46741 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) + TODO: check +CVE-2023-46740 (CubeFS is an open-source cloud-native file storage system. Prior to ve ...) + TODO: check +CVE-2023-46739 (CubeFS is an open-source cloud-native file storage system. A vulnerabi ...) + TODO: check +CVE-2023-46738 (CubeFS is an open-source cloud-native file storage system. A
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-26159/node-follow-redirects
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac52ab13 by Salvatore Bonaccorso at 2024-01-03T19:55:17+01:00 Add Debian bug reference for CVE-2023-26159/node-follow-redirects - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51031,7 +51031,7 @@ CVE-2023-26161 CVE-2023-26160 RESERVED CVE-2023-26159 (Versions of the package follow-redirects before 1.15.4 are vulnerable ...) - - node-follow-redirects + - node-follow-redirects (bug #1059926) NOTE: https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 NOTE: https://github.com/follow-redirects/follow-redirects/issues/235 NOTE: https://github.com/follow-redirects/follow-redirects/pull/236 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac52ab13c1036df79d85b810aa26eb597a4df31b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac52ab13c1036df79d85b810aa26eb597a4df31b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for wireshark issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 42499ecb by Salvatore Bonaccorso at 2024-01-03T19:45:01+01:00 Add Debian bug reference for wireshark issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,23 +13,23 @@ CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versi CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...) NOT-FOR-US: OTCLient CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...) - - wireshark + - wireshark (bug #1059925) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-05.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19557 CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service ...) - - wireshark + - wireshark (bug #1059925) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-04.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19504 CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...) - - wireshark + - wireshark (bug #1059925) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-02.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19501 CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to ...) - - wireshark + - wireshark (bug #1059925) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-01.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19496 CVE-2024-0207 (HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via ...) - - wireshark + - wireshark (bug #1059925) NOTE: https://www.wireshark.org/security/wnpa-sec-2024-03.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19502 CVE-2024-0196 (A vulnerability has been found in Magic-Api up to 2.0.1 and classified ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42499ecb528d3e2573aa07fdf0fba1b7ae45ed26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42499ecb528d3e2573aa07fdf0fba1b7ae45ed26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references to upstream commits for CVE-2023-26159
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67880e5b by Salvatore Bonaccorso at 2024-01-03T19:41:55+01:00 Add references to upstream commits for CVE-2023-26159 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51035,6 +51035,9 @@ CVE-2023-26159 (Versions of the package follow-redirects before 1.15.4 are vulne NOTE: https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137 NOTE: https://github.com/follow-redirects/follow-redirects/issues/235 NOTE: https://github.com/follow-redirects/follow-redirects/pull/236 + NOTE: https://github.com/follow-redirects/follow-redirects/commit/1cba8e85fa73f563a439fe460cf028688e4358df (v1.15.4) + NOTE: https://github.com/follow-redirects/follow-redirects/commit/05629af696588b90d64e738bc2e809a97a5f92fc (v1.15.4) + NOTE: https://github.com/follow-redirects/follow-redirects/commit/7a6567e16dfa9ad18a70bfe91784c28653fbf19d (v1.15.4) CVE-2023-26158 (All versions of the package mockjs are vulnerable to Prototype Polluti ...) NOT-FOR-US: mockjs CVE-2023-26157 (Versions of the package libredwg before 0.12.5.6384 are vulnerable to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67880e5b219a2f0d84ee732748be0100a8c22e1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67880e5b219a2f0d84ee732748be0100a8c22e1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d6ab432e by Salvatore Bonaccorso at 2024-01-03T18:49:57+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -106,17 +106,17 @@ CVE-2023-49550 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause CVE-2023-49549 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) NOT-FOR-US: Cesenta MJS CVE-2023-48418 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...) - TODO: check + NOT-FOR-US: Android CVE-2023-47473 (Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_a ...) NOT-FOR-US: fuwushe.org iFair CVE-2023-47458 (An issue in SpringBlade v.3.7.0 and before allows a remote attacker to ...) NOT-FOR-US: SpringBlade CVE-2023-46308 (In Plotly plotly.js before 2.25.2, plot API calls have a risk of __pro ...) - TODO: check + NOT-FOR-US: Plotly.js CVE-2023-45893 (An indirect Object Reference (IDOR) in the Order and Invoice pages in ...) - TODO: check + NOT-FOR-US: Floorsight Customer Portal CVE-2023-45892 (An issue discovered in the Order and Invoice pages in Floorsight Insig ...) - TODO: check + NOT-FOR-US: Floorsight Insights CVE-2023-45724 (HCL DRYiCE MyXalytics product is impacted by unauthenticated file uplo ...) NOT-FOR-US: HCL CVE-2023-45723 (HCL DRYiCE MyXalytics is impacted by path traversal vulnerability whic ...) @@ -126,7 +126,7 @@ CVE-2023-45722 (HCL DRYiCE MyXalytics is impacted by path traversal arbitrary fi CVE-2023-45561 (An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers ...) NOT-FOR-US: A-WORLD OIRASE BEER_waiting Line CVE-2023-42358 (An issue was discovered in O-RAN Software Community ric-plt-e2mgr in t ...) - TODO: check + NOT-FOR-US: ric-plt-e2mgr in G-Release environment CVE-2023-41783 (There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due ...) NOT-FOR-US: ZTE CVE-2023-41780 (There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due ...) @@ -156,9 +156,9 @@ CVE-2023-6752 CVE-2023-6436 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Ekol Informatics Website Template CVE-2023-51652 (OWASP AntiSamy .NET is a library for performing cleansing of HTML comi ...) - TODO: check + NOT-FOR-US: OWASP AntiSamy .NET library CVE-2023-50711 (vmm-sys-util is a collection of modules that provides helpers and util ...) - TODO: check + NOT-FOR-US: vmm-sys-util rust modules CVE-2023-50333 (Mattermost fails to update the permissions of the current session for ...) - mattermost-server (bug #823556) CVE-2023-4280 (An unvalidated input in Silicon Labs TrustZone implementation in v4.3. ...) @@ -170,13 +170,13 @@ CVE-2023-48732 (Mattermost fails to scope the WebSocket response around notified CVE-2023-48721 REJECTED CVE-2023-48419 (An attacker in the wifi vicinity of a target Google Home can spy on th ...) - TODO: check + NOT-FOR-US: Google Home CVE-2023-47858 (Mattermost fails to properly verify the permissions needed for viewing ...) - mattermost-server (bug #823556) CVE-2018-25097 (A vulnerability, which was classified as problematic, was found in Acu ...) NOT-FOR-US: Acumos Design Studio CVE-2017-20188 (A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and class ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2015-10128 (A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPr ...) NOT-FOR-US: WordPress plugin CVE-2023-6693 (A stack based buffer overflow was found in the virtio-net device of QE ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ab432e91d0640bb05908f94cc6c24f00d03973 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ab432e91d0640bb05908f94cc6c24f00d03973 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f1734f7c by Moritz Muehlenhoff at 2024-01-03T16:32:27+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,17 @@ +CVE-2023-51785 + NOT-FOR-US: Apache InLong +CVE-2023-51784 + NOT-FOR-US: Apache InLong CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the Microso ...) - TODO: check + NOT-FOR-US: omniauth-microsoft_graph CVE-2024-21629 (Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a ...) - TODO: check + NOT-FOR-US: Rust EVM CVE-2024-21628 (PrestaShop is an open-source e-commerce platform. Prior to version 8.1 ...) NOT-FOR-US: PrestaShop CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versions 8. ...) NOT-FOR-US: PrestaShop CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...) - TODO: check + NOT-FOR-US: OTCLient CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...) - wireshark NOTE: https://www.wireshark.org/security/wnpa-sec-2024-05.html @@ -29,9 +33,9 @@ CVE-2024-0207 (HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service NOTE: https://www.wireshark.org/security/wnpa-sec-2024-03.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19502 CVE-2024-0196 (A vulnerability has been found in Magic-Api up to 2.0.1 and classified ...) - TODO: check + NOT-FOR-US: Magic-Api CVE-2024-0195 (A vulnerability, which was classified as critical, was found in spider ...) - TODO: check + NOT-FOR-US: spider-flow CVE-2024-0194 (A vulnerability, which was classified as critical, has been found in C ...) NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-7027 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...) @@ -75,7 +79,7 @@ CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used t CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registrat ...) NOT-FOR-US: Open5GS CVE-2023-4164 (There is a possible informationdisclosure due to a missing permission ...) - TODO: check + NOT-FOR-US: Google Pixel Watch CVE-2023-49558 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) - yasm NOTE: https://github.com/yasm/yasm/issues/252 @@ -92,15 +96,15 @@ CVE-2023-49554 (Use After Free vulnerability in YASM 1.3.0.86.g9def allows a rem - yasm NOTE: https://github.com/yasm/yasm/issues/249 CVE-2023-49553 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) - TODO: check + NOT-FOR-US: Cesenta MJS CVE-2023-49552 (An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker ...) - TODO: check + NOT-FOR-US: Cesenta MJS CVE-2023-49551 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) - TODO: check + NOT-FOR-US: Cesenta MJS CVE-2023-49550 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) - TODO: check + NOT-FOR-US: Cesenta MJS CVE-2023-49549 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) - TODO: check + NOT-FOR-US: Cesenta MJS CVE-2023-48418 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...) TODO: check CVE-2023-47473 (Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1734f7c81fe0e5ea8d7bc46e52618c8cd8aee25 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1734f7c81fe0e5ea8d7bc46e52618c8cd8aee25 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b5fd82fa by Salvatore Bonaccorso at 2024-01-03T11:03:23+01:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -71,9 +71,9 @@ CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object R CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete ...) NOT-FOR-US: HCL CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to cras ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registrat ...) - TODO: check + NOT-FOR-US: Open5GS CVE-2023-4164 (There is a possible informationdisclosure due to a missing permission ...) TODO: check CVE-2023-49558 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5fd82fa640e35b53107951c80ec64b310be6f4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5fd82fa640e35b53107951c80ec64b310be6f4b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new yasm issues (not further severity assessed yet)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3fb6acaa by Salvatore Bonaccorso at 2024-01-03T11:02:21+01:00 Add new yasm issues (not further severity assessed yet) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77,15 +77,20 @@ CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Reg CVE-2023-4164 (There is a possible informationdisclosure due to a missing permission ...) TODO: check CVE-2023-49558 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) - TODO: check + - yasm + NOTE: https://github.com/yasm/yasm/issues/252 CVE-2023-49557 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) - TODO: check + - yasm + NOTE: https://github.com/yasm/yasm/issues/253 CVE-2023-49556 (Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote a ...) - TODO: check + - yasm + NOTE: https://github.com/yasm/yasm/issues/250 CVE-2023-49555 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) - TODO: check + - yasm + NOTE: https://github.com/yasm/yasm/issues/248 CVE-2023-49554 (Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote at ...) - TODO: check + - yasm + NOTE: https://github.com/yasm/yasm/issues/249 CVE-2023-49553 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) TODO: check CVE-2023-49552 (An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fb6acaab17a583e0a3134ea211a837353a779ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fb6acaab17a583e0a3134ea211a837353a779ff You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two more wireshark issues to track them initially
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ba31a235 by Salvatore Bonaccorso at 2024-01-03T11:00:05+01:00 Add two more wireshark issues to track them initially - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,9 +9,13 @@ CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versi CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...) TODO: check CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...) - TODO: check + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2024-05.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19557 CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service ...) - TODO: check + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2024-04.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19504 CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...) - wireshark NOTE: https://www.wireshark.org/security/wnpa-sec-2024-02.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba31a235992acffa6d58b95f002741cb1624b40d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba31a235992acffa6d58b95f002741cb1624b40d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add initial tracking for three new wireshark issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e295d1b9 by Salvatore Bonaccorso at 2024-01-03T10:33:12+01:00 Add initial tracking for three new wireshark issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,11 +13,17 @@ CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of servic CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service ...) TODO: check CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...) - TODO: check + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2024-02.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19501 CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to ...) - TODO: check + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2024-01.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19496 CVE-2024-0207 (HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via ...) - TODO: check + - wireshark + NOTE: https://www.wireshark.org/security/wnpa-sec-2024-03.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19502 CVE-2024-0196 (A vulnerability has been found in Magic-Api up to 2.0.1 and classified ...) TODO: check CVE-2024-0195 (A vulnerability, which was classified as critical, was found in spider ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e295d1b99b53e9fcced55427b207e2276f3feb90 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e295d1b99b53e9fcced55427b207e2276f3feb90 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a92b819c by Salvatore Bonaccorso at 2024-01-03T09:28:31+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,9 +3,9 @@ CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the M CVE-2024-21629 (Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a ...) TODO: check CVE-2024-21628 (PrestaShop is an open-source e-commerce platform. Prior to version 8.1 ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versions 8. ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...) TODO: check CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...) @@ -23,43 +23,43 @@ CVE-2024-0196 (A vulnerability has been found in Magic-Api up to 2.0.1 and class CVE-2024-0195 (A vulnerability, which was classified as critical, was found in spider ...) TODO: check CVE-2024-0194 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: CodeAstro Internet Banking System CVE-2023-7027 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6986 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6981 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6980 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6629 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6600 (The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6524 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6339 (Google Nest WiFi Pro root code-execution & user-data compromise) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50922 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers wh ...) - TODO: check + NOT-FOR-US: GL.iNet devices CVE-2023-50351 (HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotati ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50350 (HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50348 (HCL DRYiCE MyXalytics is impacted by an improper error handling vulner ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50346 (HCL DRYiCE MyXalytics is impacted by an information disclosure vulnera ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50345 (HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability wh ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50344 (HCL DRYiCE MyXalytics is impacted by improper access control (Unauthen ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50343 (HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Contr ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Referen ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to cras ...) TODO: check CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registrat ...) @@ -89,9 +89,9 @@ CVE-2023-49549 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause CVE-2023-48418 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...) TODO: check CVE-2023-47473 (Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_a ...) - TODO: check + NOT-FOR-US: fuwushe.org iFair CVE-2023-47458 (An issue in SpringBlade v.3.7.0 and before allows a remote attacker to ...) - TODO: check + NOT-FOR-US: SpringBlade CVE-2023-46308 (In Plotly plotly.js before 2.25.2, plot API calls have a risk of __pro ...) TODO: check CVE-2023-45893 (An indirect Object Reference (IDOR) in the Order and Invoice pages in ...) @@ -99,23 +99,23 @@ CVE-2023-45893 (An indirect Object Reference
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84d7a6d2 by security tracker role at 2024-01-03T08:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2024-21632 (omniauth-microsoft_graph provides an Omniauth strategy for the Microso ...) + TODO: check +CVE-2024-21629 (Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a ...) + TODO: check +CVE-2024-21628 (PrestaShop is an open-source e-commerce platform. Prior to version 8.1 ...) + TODO: check +CVE-2024-21627 (PrestaShop is an open-source e-commerce platform. Prior to versions 8. ...) + TODO: check +CVE-2024-21623 (OTCLient is an alternative tibia client for otserv. Prior to commit db ...) + TODO: check +CVE-2024-0211 (DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via ...) + TODO: check +CVE-2024-0210 (Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service ...) + TODO: check +CVE-2024-0209 (IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3 ...) + TODO: check +CVE-2024-0208 (GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to ...) + TODO: check +CVE-2024-0207 (HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via ...) + TODO: check +CVE-2024-0196 (A vulnerability has been found in Magic-Api up to 2.0.1 and classified ...) + TODO: check +CVE-2024-0195 (A vulnerability, which was classified as critical, was found in spider ...) + TODO: check +CVE-2024-0194 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2023-7027 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...) + TODO: check +CVE-2023-6986 (The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia V ...) + TODO: check +CVE-2023-6981 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...) + TODO: check +CVE-2023-6980 (The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooComme ...) + TODO: check +CVE-2023-6629 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...) + TODO: check +CVE-2023-6600 (The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for ...) + TODO: check +CVE-2023-6524 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-6339 (Google Nest WiFi Pro root code-execution & user-data compromise) + TODO: check +CVE-2023-50922 (An issue was discovered on GL.iNet devices through 4.5.0. Attackers wh ...) + TODO: check +CVE-2023-50351 (HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotati ...) + TODO: check +CVE-2023-50350 (HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic ...) + TODO: check +CVE-2023-50348 (HCL DRYiCE MyXalytics is impacted by an improper error handling vulner ...) + TODO: check +CVE-2023-50346 (HCL DRYiCE MyXalytics is impacted by an information disclosure vulnera ...) + TODO: check +CVE-2023-50345 (HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability wh ...) + TODO: check +CVE-2023-50344 (HCL DRYiCE MyXalytics is impacted by improper access control (Unauthen ...) + TODO: check +CVE-2023-50343 (HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Contr ...) + TODO: check +CVE-2023-50342 (HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Referen ...) + TODO: check +CVE-2023-50341 (HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete ...) + TODO: check +CVE-2023-50020 (An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to cras ...) + TODO: check +CVE-2023-50019 (An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registrat ...) + TODO: check +CVE-2023-4164 (There is a possible informationdisclosure due to a missing permission ...) + TODO: check +CVE-2023-49558 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) + TODO: check +CVE-2023-49557 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) + TODO: check +CVE-2023-49556 (Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote a ...) + TODO: check +CVE-2023-49555 (An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a de ...) + TODO: check +CVE-2023-49554 (Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote at ...) + TODO: check +CVE-2023-49553 (An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a den ...) + TODO: check +CVE-2023-49552 (An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker ...) + TODO: check