[Git][security-tracker-team/security-tracker][master] CVE for diffoscope assigned: CVE-2024-25711
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae5e1076 by Salvatore Bonaccorso at 2024-02-11T08:56:52+01:00 CVE for diffoscope assigned: CVE-2024-25711 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -80,7 +80,7 @@ CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in Outlo NOT-FOR-US: HCL / Sametime application CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete enabled in ...) NOT-FOR-US: HCL / Sametime application -CVE-2024- [potential information disclosure vulnerability] +CVE-2024-25711 [potential information disclosure vulnerability] - diffoscope 256 NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361 NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/458f7f04bc053a0066aa7d2fd3251747d4899476 (256) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae5e1076e2b99c84b38fc298738a03940c2b4910 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae5e1076e2b99c84b38fc298738a03940c2b4910 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim tomcat9 and knot-resolver.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: a5b32c1b by Markus Koschany at 2024-02-11T00:58:18+01:00 Reclaim tomcat9 and knot-resolver. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -122,7 +122,7 @@ jenkins-htmlunit-core-js NOTE: 20231231: … TransformerFactory without setting the ~secure flag, so it may NOTE: 20231231: … indeed be vulnerable. (lamby) -- -knot-resolver +knot-resolver (Markus Koschany) NOTE: 20231029: Added by Front-Desk (gladk) -- libreswan @@ -263,7 +263,7 @@ tinymce NOTE: 20231216: upstream's patch is backportable, as the code has changed a NOTE: 20231216: lot. (spwhitton) -- -tomcat9 +tomcat9 (Markus Koschany) NOTE: 20240121: Added by Front-Desk (apo) -- varnish (Abhijith PA) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5b32c1bf0884c0f9ae295a56f0bddfea6efc776 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5b32c1bf0884c0f9ae295a56f0bddfea6efc776 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] fix version
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89573a24 by Moritz Muehlenhoff at 2024-02-10T22:26:19+01:00
fix version
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -123378,7 +123378,7 @@ CVE-2022-31161 (Roxy-WI is a Web interface for
managing HAProxy, Nginx and Keepa
CVE-2022-31160 (jQuery UI is a curated set of user interface interactions,
effects, wi ...)
{DLA-3230-1}
- jqueryui 1.13.2+dfsg-1 (bug #1015982)
- [bullseye] - jqueryui .12.1+dfsg-8+deb11u2
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u2
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
NOTE:
https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9
(1.13.2)
CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with
Amazon Web S ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89573a24e0cc61d36a3005af55963af0f0309cd9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89573a24e0cc61d36a3005af55963af0f0309cd9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5883237b by Salvatore Bonaccorso at 2024-02-10T21:22:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,31 +1,31 @@
CVE-2024-23517 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23516 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23514 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-22361 (IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0
through 11.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22313 (IBM Storage Defender - Resiliency Service 2.0 contains
hard-coded cred ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-22312 (IBM Storage Defender - Resiliency Service 2.0 stores user
credentials ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-51493 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51492 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51488 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51485 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51480 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51415 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-51404 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50957 (IBM Storage Defender - Resiliency Service 2.0 could allow a
privileged ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Sp ...)
NOT-FOR-US: MediaWiki extension
CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5883237b1b06c0daaec66c964d44ac161b158414
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5883237b1b06c0daaec66c964d44ac161b158414
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
503a7ea4 by security tracker role at 2024-02-10T20:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,31 @@
+CVE-2024-23517 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-23516 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-23514 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-22361 (IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0
through 11.0 ...)
+ TODO: check
+CVE-2024-22313 (IBM Storage Defender - Resiliency Service 2.0 contains
hard-coded cred ...)
+ TODO: check
+CVE-2024-22312 (IBM Storage Defender - Resiliency Service 2.0 stores user
credentials ...)
+ TODO: check
+CVE-2023-51493 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-51492 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-51488 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-51485 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-51480 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-51415 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-51404 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50957 (IBM Storage Defender - Resiliency Service 2.0 could allow a
privileged ...)
+ TODO: check
CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Sp ...)
NOT-FOR-US: MediaWiki extension
CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503a7ea49ef57eb4e2edf0252d6721b2f74d2a6a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503a7ea49ef57eb4e2edf0252d6721b2f74d2a6a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2024-24806/libuv1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 12cec0f3 by Salvatore Bonaccorso at 2024-02-10T17:43:42+01:00 Update information for CVE-2024-24806/libuv1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -373,9 +373,10 @@ CVE-2024-25144 (The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and CVE-2024-24806 (libuv is a multi-platform support library with a focus on asynchronous ...) - libuv1 (bug #1063484) NOTE: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 - NOTE: https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 (v1.48.0) - NOTE: https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 (v1.48.0) - NOTE: https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 (v1.48.0) + NOTE: Introduced by: https://github.com/libuv/libuv/commit/6dd44caa35b4697d7e8c1b9fa0ba8e95d73355de (v1.24.0) + NOTE: Fixed by: https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 (v1.48.0) + NOTE: Fixed by: https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 (v1.48.0) + NOTE: Fixed by: https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 (v1.48.0) CVE-2024-24350 (File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and be ...) NOT-FOR-US: Software Publico e-Sic Livre CVE-2024-24216 (Zentao v18.0 to v18.10 was discovered to contain a remote code executi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12cec0f3bfc3e0946803e0c3831166be3a4920f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12cec0f3bfc3e0946803e0c3831166be3a4920f9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-24821/composer via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 42d10439 by Salvatore Bonaccorso at 2024-02-10T17:23:10+01:00 Track fixed version for CVE-2024-24821/composer via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -167,7 +167,7 @@ CVE-2024-24829 (Sentry is an error tracking and performance monitoring platform. CVE-2024-24825 (DIRAC is a distributed resource framework. In affected versions any us ...) NOT-FOR-US: DIRAC CVE-2024-24821 (Composer is a dependency Manager for the PHP language. In affected ver ...) - - composer (bug #1063603) + - composer 2.7.1-1 (bug #1063603) NOTE: https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h NOTE: https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 (2.7.0) CVE-2024-24820 (Icinga Director is a tool designed to make Icinga 2 configuration hand ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42d104392e63d442fdc93804bc05de63cfb0d167 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42d104392e63d442fdc93804bc05de63cfb0d167 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2022-31160/jqueryui was fixed in bullseye 11.9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a63d909 by Salvatore Bonaccorso at 2024-02-10T17:07:49+01:00
CVE-2022-31160/jqueryui was fixed in bullseye 11.9
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -123349,7 +123349,7 @@ CVE-2022-31161 (Roxy-WI is a Web interface for
managing HAProxy, Nginx and Keepa
CVE-2022-31160 (jQuery UI is a curated set of user interface interactions,
effects, wi ...)
{DLA-3230-1}
- jqueryui 1.13.2+dfsg-1 (bug #1015982)
- [bullseye] - jqueryui (Minor issue)
+ [bullseye] - jqueryui .12.1+dfsg-8+deb11u2
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
NOTE:
https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9
(1.13.2)
CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with
Amazon Web S ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a63d9092ee19665928f9307e08fa42442c16343
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a63d9092ee19665928f9307e08fa42442c16343
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some CVEs for envoyproxy, itp'ed
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec0e55f6 by Salvatore Bonaccorso at 2024-02-10T09:46:08+01:00
Process some CVEs for envoyproxy, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -17,15 +17,15 @@ CVE-2024-24713 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When
PPv2 is en ...)
- TODO: check
+ - envoyproxy (bug #987544)
CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy
crashes i ...)
- TODO: check
+ - envoyproxy (bug #987544)
CVE-2024-23324 (Envoy is a high-performance edge/middle/service proxy.
External authen ...)
- TODO: check
+ - envoyproxy (bug #987544)
CVE-2024-23323 (Envoy is a high-performance edge/middle/service proxy. The
regex expre ...)
- TODO: check
+ - envoyproxy (bug #987544)
CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy
will cras ...)
- TODO: check
+ - envoyproxy (bug #987544)
CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot
framework wri ...)
TODO: check
CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec0e55f6825bf0122baa257f36d26bfc7529fea5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec0e55f6825bf0122baa257f36d26bfc7529fea5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51741398 by Salvatore Bonaccorso at 2024-02-10T09:45:20+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,21 +1,21 @@
CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Sp ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension
CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an
executables. Any ...)
TODO: check
CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24801 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24717 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24713 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When
PPv2 is en ...)
TODO: check
CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy
crashes i ...)
@@ -31,27 +31,27 @@ CVE-2024-21624 (nonebot2 is a cross-platform Python
asynchronous chatbot framewo
CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
TODO: check
CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been decl ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-1405 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been clas ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-1404 (A vulnerability was found in Linksys WRT54GL 4.30.18 and
classified as ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2024-0596 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0595 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0594 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50349 (Sametime is impacted by a Cross Site Request Forgery (CSRF)
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Sametime Proxy application
CVE-2023-45718 (Sametime is impacted by a failure to invalidate sessions. The
applica ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-45716 (Sametime is impacted by sensitive information passed in URL.)
- TODO: check
+ NOT-FOR-US: HCL / Sametime application
CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in
Outlook add ...)
- TODO: check
+ NOT-FOR-US: HCL / Sametime application
CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete
enabled in ...)
- TODO: check
+ NOT-FOR-US: HCL / Sametime application
CVE-2024- [potential information disclosure vulnerability]
- diffoscope 256
NOTE:
https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
@@ -139,11 +139,11 @@ CVE-2024-1246 (Concrete CMS in version 9 before 9.2.5 is
vulnerable to reflected
CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS
in file ...)
NOT-FOR-US: Concrete CMS
CVE-2023-6724 (Authorization Bypass Through User-Controlled Key vulnerability
in Soft ...)
- TODO: check
+ NOT-FOR-US: Software Engineering Consultancy Machine Equipment Limited
Company Hearing Tracking System
CVE-2023-6716
REJECTED
CVE-2023-6677 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Oduyo Financial Technology Online Collection
CVE-2023-50386 (Improper Control of Dynamically-Managed Code Resources,
Unrestricted U ...)
TODO: check
CVE-2023-50298 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
@@ -53206,7 +53206,7 @@ CVE-2023-28079 (PowerPath for Windows, versions 7.0,
7.1 & 7.2 contains Insecure
CVE-2023-28078
RESERVED
CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0
[Git][security-tracker-team/security-tracker][master] CVE-2024-22563/openvswitch buster is not vulnerable.
Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker Commits: f508ab99 by Tobias Frost at 2024-02-10T09:35:14+01:00 CVE-2024-22563/openvswitch buster is not vulnerable. The memory leak was introduced with commit https://github.com/openvswitch/ovs/commit/b6e840aed03e3f6d1aa726b482140d895f60f90f, first appearing in tag v2.11.0. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3912,9 +3912,10 @@ CVE-2024-22876 (StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerab CVE-2024-22563 (openvswitch 2.17.8 was discovered to contain a memory leak via the fun ...) - openvswitch 2.17.2-4 [bullseye] - openvswitch (Minor issue) - [buster] - openvswitch (Minor issue, memory leak) + [buster] - openvswitch (Vulnerable code introduced later) NOTE: https://github.com/openvswitch/ovs-issues/issues/315 NOTE: https://github.com/openvswitch/ovs/commit/3168f328c78cf6e4b3022940452673b0e49f7620 (v2.17.0) + NOTE: Introduced with: https://github.com/openvswitch/ovs/commit/b6e840aed03e3f6d1aa726b482140d895f60f90f (v2.11.0) CVE-2024-22562 (swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via ...) - swftools NOTE: https://github.com/matthiaskramm/swftools/issues/210 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f508ab997796385f4abb5fc9ed80250d15cc6ffc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f508ab997796385f4abb5fc9ed80250d15cc6ffc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43f1d5cf by security tracker role at 2024-02-10T08:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,57 @@
+CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Sp ...)
+ TODO: check
+CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an
executables. Any ...)
+ TODO: check
+CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24801 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24717 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24713 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When
PPv2 is en ...)
+ TODO: check
+CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy
crashes i ...)
+ TODO: check
+CVE-2024-23324 (Envoy is a high-performance edge/middle/service proxy.
External authen ...)
+ TODO: check
+CVE-2024-23323 (Envoy is a high-performance edge/middle/service proxy. The
regex expre ...)
+ TODO: check
+CVE-2024-23322 (Envoy is a high-performance edge/middle/service proxy. Envoy
will cras ...)
+ TODO: check
+CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot
framework wri ...)
+ TODO: check
+CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A
regular exp ...)
+ TODO: check
+CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been decl ...)
+ TODO: check
+CVE-2024-1405 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been clas ...)
+ TODO: check
+CVE-2024-1404 (A vulnerability was found in Linksys WRT54GL 4.30.18 and
classified as ...)
+ TODO: check
+CVE-2024-0596 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
+ TODO: check
+CVE-2024-0595 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
+ TODO: check
+CVE-2024-0594 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin
plugin ...)
+ TODO: check
+CVE-2023-50349 (Sametime is impacted by a Cross Site Request Forgery (CSRF)
vulnerabil ...)
+ TODO: check
+CVE-2023-45718 (Sametime is impacted by a failure to invalidate sessions. The
applica ...)
+ TODO: check
+CVE-2023-45716 (Sametime is impacted by sensitive information passed in URL.)
+ TODO: check
+CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in
Outlook add ...)
+ TODO: check
+CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete
enabled in ...)
+ TODO: check
CVE-2024- [potential information disclosure vulnerability]
- diffoscope 256
NOTE:
https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361
@@ -80,7 +134,7 @@ CVE-2024-1402 (Mattermost fails to check if a custom emoji
reaction exists when
- mattermost-server (bug #823556)
CVE-2024-1247 (Concrete CMS version 9 before 9.2.5 is vulnerable tostored XSS
via the ...)
NOT-FOR-US: Concrete CMS
-CVE-2024-1246 (Concrete CMSin version 9 before 9.2.5is vulnerable to reflected
XSS vi ...)
+CVE-2024-1246 (Concrete CMS in version 9 before 9.2.5 is vulnerable to
reflected XSS ...)
NOT-FOR-US: Concrete CMS
CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS
in file ...)
NOT-FOR-US: Concrete CMS
@@ -8736,7 +8790,7 @@ CVE-2023-6936
[bookworm] - wolfssl (Minor issue)
[bullseye] - wolfssl (Minor issue)
NOTE:
https://github.com/wolfSSL/wolfssl/blob/v5.6.6-stable/ChangeLog.md#vulnerabilities
-CVE-2023-6935
+CVE-2023-6935 (wolfSSL SP Math All RSA implementation is vulnerable to the
Marvin Att ...)
[experimental] - wolfssl 5.6.6-1
- wolfssl 5.6.6-1.2 (bug #1059357)
[bookworm] - wolfssl (Minor issue)
@@ -53150,8 +53204,8 @@ CVE-2023-28079 (PowerPath for Windows, versions 7.0,
7.1 & 7.2 contains Insecure
NOT-FOR-US: PowerPath
CVE-2023-28078
RESERVED
-CVE-2023-28077
- RESERVED
+CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and
7.1 cont ...)
+ TODO: check
CVE-2023-28076 (CloudLink 7.1.
