[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7995131 by Salvatore Bonaccorso at 2024-04-03T06:04:24+02:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +chromium (dilinger) -- cryptojs -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7995131921a37603599b20320d089a03b24a6fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7995131921a37603599b20320d089a03b24a6fc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e39d34e by Salvatore Bonaccorso at 2024-04-03T06:02:06+02:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-3159 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-3158 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) +CVE-2024-3156 + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-3151 (A vulnerability, which was classified as problematic, was found in Bdt ...) NOT-FOR-US: Bdtask Multi-Store Inventory Management System CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Wooc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e39d34ef7b864df676a02e0f6eff17f4865d353 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e39d34ef7b864df676a02e0f6eff17f4865d353 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c5d96ae2 by Salvatore Bonaccorso at 2024-04-02T22:21:47+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,69 +1,69 @@ CVE-2024-3151 (A vulnerability, which was classified as problematic, was found in Bdt ...) - TODO: check + NOT-FOR-US: Bdtask Multi-Store Inventory Management System CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Wooc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31105 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30965 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-30946 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-30809 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-30808 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-30807 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-30806 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-30621 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName par ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30620 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName pa ...) - TODO: check + NOT-FOR-US: Tenda CVE-2024-30532 (Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Bu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nel ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Di ...) - TODO: check + NOT-FOR-US: Foxit PDF Reader CVE-2024-30248 (Piccolo Admin is an admin interface/content management system for Pyth ...) TODO: check CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable to Sen ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a sensitiv ...) - TODO: check + NOT-FOR-US: Rapid7 CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a workflo ...) TODO: check CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system c ...) - TODO: check + NOT-FOR-US: Flowmon CVE-2024-29949 (There is a command injection vulnerability in some Hikvision NVRs. Thi ...) - TODO: check + NOT-FOR-US: Hikvision CVE-2024-29948 (There is an out-of-bounds read vulnerability in some Hikvision NVRs. A ...) - TODO: check + NOT-FOR-US: Hikvision CVE-2024-29947 (There is a NULL dereference pointer vulnerability in some Hikvision NV ...) - TODO: check + NOT-FOR-US: Hikvision CVE-2024-29834 (This vulnerability allows authenticated users with produce or consume ...) - TODO: check + NOT-FOR-US: Apache Pulsar CVE-2024-29514 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) - TODO: check + NOT-FOR-US: Lepton CMS CVE-2024-28287 (A DOM-based open redirection in the returnUrl parameter of INSTINCT UI ...) - TODO: check + NOT-FOR-US: INSTINCT UI Web Client CVE-2024-24888 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22780 (Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a r ...) - TODO: check + NOT-FOR-US: CA17 TeamsACS CVE-2024-22248 (VMware SD-WAN Orchestrator contains an open redirect vulnerability. A ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22247 (VMware SD-WAN Edge contains a missing authentication and protection me ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-22246 (VMware SD-WAN Edge contains an unauthenticated command injection vulne ...) - TODO: check + NOT-FOR-US: VMware CVE-2024-1946 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1732 (The
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2750275 by Salvatore Bonaccorso at 2024-04-02T22:15:00+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -83,7 +83,7 @@ CVE-2023-51453 (A Improper Input Validation issue affecting the v2_sdk_service r CVE-2023-51452 (A Improper Input Validation issue affecting the v2_sdk_service running ...) TODO: check CVE-2023-50313 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...) NOT-FOR-US: dotCMS CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2750275257a1ea1e5fd8727cde73fc7993e9734 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2750275257a1ea1e5fd8727cde73fc7993e9734 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edaa68cc by security tracker role at 2024-04-02T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,89 @@ +CVE-2024-3151 (A vulnerability, which was classified as problematic, was found in Bdt ...) + TODO: check +CVE-2024-31109 (Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Wooc ...) + TODO: check +CVE-2024-31105 (Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate ...) + TODO: check +CVE-2024-30965 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-30946 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...) + TODO: check +CVE-2024-30809 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30808 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30807 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30806 (An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a he ...) + TODO: check +CVE-2024-30621 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName par ...) + TODO: check +CVE-2024-30620 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName pa ...) + TODO: check +CVE-2024-30532 (Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Bu ...) + TODO: check +CVE-2024-30531 (Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nel ...) + TODO: check +CVE-2024-30335 (Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Di ...) + TODO: check +CVE-2024-30248 (Piccolo Admin is an admin interface/content management system for Pyth ...) + TODO: check +CVE-2024-2931 (The WPFront User Role Editor plugin for WordPress is vulnerable to Sen ...) + TODO: check +CVE-2024-2745 (Rapid7's InsightVM maintenance mode login page suffers from a sensitiv ...) + TODO: check +CVE-2024-2435 (For an attacker with pre-existing access to send a signal to a workflo ...) + TODO: check +CVE-2024-2389 (In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system c ...) + TODO: check +CVE-2024-29949 (There is a command injection vulnerability in some Hikvision NVRs. Thi ...) + TODO: check +CVE-2024-29948 (There is an out-of-bounds read vulnerability in some Hikvision NVRs. A ...) + TODO: check +CVE-2024-29947 (There is a NULL dereference pointer vulnerability in some Hikvision NV ...) + TODO: check +CVE-2024-29834 (This vulnerability allows authenticated users with produce or consume ...) + TODO: check +CVE-2024-29514 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) + TODO: check +CVE-2024-28287 (A DOM-based open redirection in the returnUrl parameter of INSTINCT UI ...) + TODO: check +CVE-2024-24888 (Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenbe ...) + TODO: check +CVE-2024-22780 (Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a r ...) + TODO: check +CVE-2024-22248 (VMware SD-WAN Orchestrator contains an open redirect vulnerability. A ...) + TODO: check +CVE-2024-22247 (VMware SD-WAN Edge contains a missing authentication and protection me ...) + TODO: check +CVE-2024-22246 (VMware SD-WAN Edge contains an unauthenticated command injection vulne ...) + TODO: check +CVE-2024-1946 (The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross- ...) + TODO: check +CVE-2024-1807 (The Product Sort and Display for WooCommerce plugin for WordPress is v ...) + TODO: check +CVE-2024-1732 (The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for ...) + TODO: check +CVE-2023-6951 (A Use of Weak Credentials vulnerability affecting the Wi-Fi network ge ...) + TODO: check +CVE-2023-6950 (An Improper Input Validation vulnerability affecting the FTP service r ...) + TODO: check +CVE-2023-6949 (A Missing Authentication for Critical Function issue affecting the HTT ...) + TODO: check +CVE-2023-6948 (A Buffer Copy without Checking Size of Input issue affecting the v2_sd ...) + TODO: check +CVE-2023-51456 (A Improper Input Validation issue affecting the v2_sdk_service running ...) + TODO: check +CVE-2023-51455 (A Improper Validation of Array Index issue affecting the v2_sdk_servic ...) + TODO: check +CVE-2023-51454 (A Out-of-bounds Write issue affecting the v2_sdk_service running on a ...) + TODO: check +CVE-2023-51453 (A Improper Input Validation issue affecting the v2_sdk_service running ...) +
[Git][security-tracker-team/security-tracker][master] Update assessment for CVE-2023-47430/minidlna
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edd8bda9 by Salvatore Bonaccorso at 2024-04-02T21:59:55+02:00 Update assessment for CVE-2023-47430/minidlna - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2338,8 +2338,9 @@ CVE-2023-51416 (Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple CVE-2023-49839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2023-47430 (Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 al ...) - - minidlna (bug #1068148) + - minidlna (bug #1068148; unimportant) NOTE: https://sourceforge.net/p/minidlna/bugs/361/ + NOTE: TiVo support not enabled in the Debian builds CVE-2024-30205 (In Emacs before 29.3, Org mode considers contents of remote files to b ...) - emacs 1:29.3+1-1 (bug #1067630) - org-mode 9.6.23+dfsg-1 (bug #1067663) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edd8bda9feaf4700f29dccb82d47fb5c5a1caaac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edd8bda9feaf4700f29dccb82d47fb5c5a1caaac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note on CVE-2024-2314/bpfcc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d6b0f5c by Salvatore Bonaccorso at 2024-04-02T21:14:50+02:00 Add note on CVE-2024-2314/bpfcc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6236,6 +6236,7 @@ CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load [buster] - bpfcc (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 (v0.30.0) NOTE: Introduced by: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 (v0.10.0) + NOTE: Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2) CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) - bpftrace [bookworm] - bpftrace (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6b0f5c58d7806f397a30ee856d838250656ed0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6b0f5c58d7806f397a30ee856d838250656ed0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference tags for upstream commit in CVE-2024-2314
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 74bb27e4 by Salvatore Bonaccorso at 2024-04-02T21:10:58+02:00 Reference tags for upstream commit in CVE-2024-2314 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6234,7 +6234,7 @@ CVE-2024-2314 (If kernel headers need to be extracted, bcc will attempt to load [bookworm] - bpfcc (Minor issue) [bullseye] - bpfcc (Minor issue) [buster] - bpfcc (Vulnerable code introduced later) - NOTE: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 + NOTE: Fixed by: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 (v0.30.0) NOTE: Introduced by: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 (v0.10.0) CVE-2024-2313 (If kernel headers need to be extracted, bpftrace will attempt to load ...) - bpftrace View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74bb27e48cad90fa16afe074ad50fbaf54a12bf9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74bb27e48cad90fa16afe074ad50fbaf54a12bf9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add commit reference for CVE-2024-28219/pillow
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f1ad2f0 by Salvatore Bonaccorso at 2024-04-02T20:42:45+02:00 Add commit reference for CVE-2024-28219/pillow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -303,6 +303,7 @@ CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data CVE-2024-28219 - pillow 10.3.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security + NOTE: https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061 (10.3.0) CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) NOT-FOR-US: LocalAI CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f1ad2f09b79b6c0cdc2e5a56f8b6961ebf82da5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f1ad2f09b79b6c0cdc2e5a56f8b6961ebf82da5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-28219/pillow via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a87099c8 by Salvatore Bonaccorso at 2024-04-02T20:38:11+02:00 Track fixed version for CVE-2024-28219/pillow via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -301,7 +301,7 @@ CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authenticati CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...) NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2024-28219 - - pillow + - pillow 10.3.0-1 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) NOT-FOR-US: LocalAI View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a87099c8ed551ac8afc5190a0d23eea754edb321 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a87099c8ed551ac8afc5190a0d23eea754edb321 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add commit reference for CVE-2024-29041 improving the fix in 4.19.2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c14992ad by Salvatore Bonaccorso at 2024-04-02T20:35:00+02:00 Add commit reference for CVE-2024-29041 improving the fix in 4.19.2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2312,6 +2312,7 @@ CVE-2024-29041 (Express.js minimalist web framework for node. Versions of Expres NOTE: https://github.com/koajs/koa/issues/1800 NOTE: https://github.com/expressjs/express/pull/5539 NOTE: https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd (4.19.0) + NOTE: https://github.com/expressjs/express/commit/da4d763ff6ba9df6dbd8f1f0b1d05412dda934d5 (4.19.2) NOTE: https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94 CVE-2024-28421 (SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to ...) NOT-FOR-US: Cobub Razor View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c14992adb6d0517265c2d14f79adec431418dc66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c14992adb6d0517265c2d14f79adec431418dc66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] py7zr DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 30bf0583 by Moritz Mühlenhoff at 2024-04-02T19:48:06+02:00 py7zr DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[02 Apr 2024] DSA-5652-1 py7zr - security update + {CVE-2022-44900} + [bullseye] - py7zr 0.11.3+dfsg-1+deb11u1 [31 Mar 2024] DSA-5651-1 mediawiki - security update [bullseye] - mediawiki 1:1.35.13-1+deb11u2 [bookworm] - mediawiki 1:1.39.7-1~deb12u1 = data/dsa-needed.txt = @@ -60,9 +60,6 @@ phppgadmin -- pillow (jmm) -- -py7zr/oldstable - Santiago (santiago) posted debdiff for review for bullseye --- pymatgen/stable -- python-asyncssh View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30bf05831010ffbf0a6192de01e29f98e33cb062 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30bf05831010ffbf0a6192de01e29f98e33cb062 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add more linux CVEs covered by the 6.1.82-1 upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 94ece514 by Salvatore Bonaccorso at 2024-04-02T17:49:42+02:00 Add more linux CVEs covered by the 6.1.82-1 upload - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -156,6 +156,16 @@ CVE-2023-52622 [bookworm] - linux 6.1.82-1 CVE-2023-52623 [bookworm] - linux 6.1.82-1 +CVE-2023-52630 + [bookworm] - linux 6.1.82-1 +CVE-2023-52631 + [bookworm] - linux 6.1.82-1 +CVE-2023-52632 + [bookworm] - linux 6.1.82-1 +CVE-2023-52633 + [bookworm] - linux 6.1.82-1 +CVE-2023-52635 + [bookworm] - linux 6.1.82-1 CVE-2023-6270 [bookworm] - linux 6.1.82-1 CVE-2023-7042 @@ -214,3 +224,31 @@ CVE-2024-26641 [bookworm] - linux 6.1.82-1 CVE-2024-26651 [bookworm] - linux 6.1.82-1 +CVE-2024-26659 + [bookworm] - linux 6.1.82-1 +CVE-2024-26660 + [bookworm] - linux 6.1.82-1 +CVE-2024-26663 + [bookworm] - linux 6.1.82-1 +CVE-2024-26664 + [bookworm] - linux 6.1.82-1 +CVE-2024-26665 + [bookworm] - linux 6.1.82-1 +CVE-2024-26667 + [bookworm] - linux 6.1.82-1 +CVE-2024-26671 + [bookworm] - linux 6.1.82-1 +CVE-2024-26673 + [bookworm] - linux 6.1.82-1 +CVE-2024-26675 + [bookworm] - linux 6.1.82-1 +CVE-2024-26676 + [bookworm] - linux 6.1.82-1 +CVE-2024-26679 + [bookworm] - linux 6.1.82-1 +CVE-2024-26680 + [bookworm] - linux 6.1.82-1 +CVE-2024-26681 + [bookworm] - linux 6.1.82-1 +CVE-2024-26684 + [bookworm] - linux 6.1.82-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94ece5140aa1240f367ff5cfce1711dfd761cdeb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94ece5140aa1240f367ff5cfce1711dfd761cdeb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new node-express issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a59d67ed by Moritz Muehlenhoff at 2024-04-02T14:17:03+02:00 new node-express issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2305,7 +2305,14 @@ CVE-2024-29189 (PyAnsys Geometry is a Python client library for the Ansys Geomet CVE-2024-29179 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-29041 (Express.js minimalist web framework for node. Versions of Express.js p ...) - TODO: check + - node-express + [bookworm] - node-express (Minor issue) + [bullseye] - node-express (Minor issue) + NOTE: https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc + NOTE: https://github.com/koajs/koa/issues/1800 + NOTE: https://github.com/expressjs/express/pull/5539 + NOTE: https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd (4.19.0) + NOTE: https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94 CVE-2024-28421 (SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to ...) NOT-FOR-US: Cobub Razor CVE-2024-21914 (A vulnerability exists in the affected product that allows a malicious ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59d67ed88b29327b9082c23e8c785c72ebb218d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59d67ed88b29327b9082c23e8c785c72ebb218d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] disputed llvm issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ff67906 by Moritz Muehlenhoff at 2024-04-02T14:06:08+02:00 disputed llvm issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1916,7 +1916,7 @@ CVE-2023-46051 (TeX Live 944e257 allows a NULL pointer dereference in texk/web2c NOTE: https://tug.org/pipermail/tex-live/2023-August/049406.html NOTE: Crash in CLI tool, negligible security impact CVE-2023-46049 (LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() f ...) - TODO: check + NOTE: Disputed LLVM issue CVE-2023-46048 (Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdi ...) - texlive-bin (unimportant) NOTE: https://tug.org/pipermail/tex-live/2023-August/049400.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ff6790622e0a43e66a34cfb023814a9bfd10f25 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ff6790622e0a43e66a34cfb023814a9bfd10f25 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] tcpreplay non issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ecc4bf38 by Moritz Muehlenhoff at 2024-04-02T13:38:59+02:00 tcpreplay non issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1169,7 +1169,8 @@ CVE-2023-42892 (A use-after-free issue was addressed with improved memory manage CVE-2023-40390 (A privacy issue was addressed by moving sensitive data to a protected ...) NOT-FOR-US: Apple CVE-2024-3024 (A vulnerability was found in appneta tcpreplay up to 4.4.4. It has bee ...) - TODO: check + - tcpreplay (unimportant) + NOTE: Crash in CLI tool, no security impact CVE-2024-3015 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple Subscription Website CVE-2024-3014 (A vulnerability classified as critical has been found in SourceCodeste ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecc4bf380afa5d03f5da51d37e6fa53b48f37cc9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecc4bf380afa5d03f5da51d37e6fa53b48f37cc9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new iotjs issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 71f0539b by Moritz Muehlenhoff at 2024-04-02T13:21:27+02:00 new iotjs issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -911,7 +911,11 @@ CVE-2024-29667 (SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CVE-2024-29640 (An issue in aliyundrive-webdav v.2.3.3 and before allows a remote atta ...) NOT-FOR-US: aliyundrive-webdav CVE-2024-29489 (Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:23 ...) - TODO: check + - iotjs + [bullseye] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5101 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/5129 + NOTE: https://github.com/jerryscript-project/jerryscript/commit/cefd391772529c8a9531d7b3c244d78d38be47c6 CVE-2024-29316 (NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-pr ...) NOT-FOR-US: NodeBB CVE-2024-29202 (JumpServer is an open source bastion host and an operation and mainten ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71f0539b9e77e392a3de6b57441e83ecb0107a7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71f0539b9e77e392a3de6b57441e83ecb0107a7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ef9641b by Moritz Muehlenhoff at 2024-04-02T13:04:03+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -409,7 +409,7 @@ CVE-2024-26653 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7c9631969287a5366bc8e39cd5abff154b35fb80 (6.9-rc2) CVE-2024-31033 (JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus ...) - TODO: check + NOT-FOR-US: Java JWT CVE-2024-2278 (Themify WordPress plugin before 1.4.4 does not sanitise and escape so ...) NOT-FOR-US: WordPress plugin CVE-2024-2263 (Themify WordPress plugin before 1.4.4 does not sanitise and escape a ...) @@ -927,7 +927,7 @@ CVE-2024-28960 (An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-03/ NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md CVE-2024-28867 (Swift Prometheus is a Swift client for the Prometheus monitoring syste ...) - TODO: check + NOT-FOR-US: swift-prometheus CVE-2024-28714 (SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 al ...) NOT-FOR-US: CRMEB_Java e-commerce system CVE-2024-28456 (Cross Site Scripting vulnerability in Campcodes Online Marriage Regist ...) @@ -1992,7 +1992,7 @@ CVE-2023-39306 (Improper Neutralization of Input During Web Page Generation ('Cr CVE-2023-38388 (Unrestricted Upload of File with Dangerous Type vulnerability in Artbe ...) NOT-FOR-US: WordPress plugin CVE-2023-31854 (std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed ...) - TODO: check + NOT-FOR-US: precomp CVE-2023-31634 (In TeslaMate before 1.27.2, there is unauthorized access to port 4000 ...) NOT-FOR-US: TeslaMate CVE-2017-20190 (Some Microsoft technologies as used in Windows 8 through 11 allow a te ...) @@ -2278,9 +2278,9 @@ CVE-2024-2303 (The Easy Textillate plugin for WordPress is vulnerable to Stored CVE-2024-2170 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-29442 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29440 (An unauthorized access vulnerability has been discovered in ROS2 Humbl ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29303 (The delete admin users function of SourceCodester PHP Task Management ...) NOT-FOR-US: SourceCodester PHP Task Management System CVE-2024-29302 (SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Inj ...) @@ -2365,7 +2365,7 @@ CVE-2024-2864 (Improper Neutralization of Input During Web Page Generation ('Cro CVE-2024-29666 (Insecure Permissions vulnerability in Vehicle Monitoring platform syst ...) NOT-FOR-US: Vehicle Monitoring platform system CMSV6 CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker ...) - TODO: check + NOT-FOR-US: @thi.ng/paths CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) NOT-FOR-US: Lepton CMS CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) @@ -2402,7 +2402,7 @@ CVE-2024-28243 (KaTeX is a JavaScript library for TeX math rendering on the web. NOTE: https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w NOTE: https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 (v0.16.10) CVE-2024-28183 (ESP-IDF is the development framework for Espressif SoCs supported on W ...) - TODO: check + NOT-FOR-US: Espressif CVE-2024-28108 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) NOT-FOR-US: phpMyFAQ CVE-2024-28107 (phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, ...) @@ -2661,7 +2661,7 @@ CVE-2024-24890 (Improper Neutralization of Special Elements used in an OS Comman CVE-2024-21865 (HGW BL1500HM Ver 002.001.013 and earlier contains a use of week creden ...) NOT-FOR-US: HGW BL1500HM CVE-2024-21505 (Versions of the package web3-utils before 4.2.1 are vulnerable to Prot ...) - TODO: check + NOT-FOR-US: Node web3 CVE-2024-1962 (The CM Download Manager WordPress plugin before 2.9.1 does not have C ...) NOT-FOR-US: WordPress plugin CVE-2024-1564 (The wp-schema-pro WordPress plugin before
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 31b3f5f9 by Moritz Muehlenhoff at 2024-04-02T11:09:43+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,7 +27,7 @@ CVE-2024-3139 (A vulnerability, which was classified as critical, has been found CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...) NOT-FOR-US: RosarioSISster CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton) - TODO: check + NOT-FOR-US: UVdesk CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) NOT-FOR-US: Bento4 CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) @@ -208,15 +208,15 @@ CVE-2024-25187 (Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0 CVE-2024-24581 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) NOT-FOR-US: OpenHarmony CVE-2024-23119 (Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulne ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-23118 (Centreon updateContactHostCommands SQL Injection Remote Code Execution ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-23117 (Centreon updateContactServiceCommands SQL Injection Remote Code Execut ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-23116 (Centreon updateLCARelation SQL Injection Remote Code Execution Vulnera ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-23115 (Centreon updateGroups SQL Injection Remote Code Execution Vulnerabilit ...) - TODO: check + - centreon-web (bug #913903) CVE-2024-22180 (in OpenHarmony v4.0.0 and prior versions allow a local attacker cause ...) NOT-FOR-US: OpenHarmony CVE-2024-22177 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) @@ -264,7 +264,7 @@ CVE-2024-1274 (The My Calendar WordPress plugin before 3.4.24 does not sanitise CVE-2024-1179 (TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow ...) NOT-FOR-US: TP-Link CVE-2024-0637 (Centreon updateDirectory SQL Injection Remote Code Execution Vulnerabi ...) - TODO: check + - centreon-web (bug #913903) CVE-2023-52636 (In the Linux kernel, the following vulnerability has been resolved: l ...) - linux 6.7.7-1 [bookworm] - linux (Vulnerable code not present) @@ -293,18 +293,18 @@ CVE-2023-52630 (In the Linux kernel, the following vulnerability has been resolv [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2a427b49d02995ea4a6ff93a1432c40fa4d36821 (6.8-rc4) CVE-2023-51573 (Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous ...) - TODO: check + NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51572 (Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remo ...) - TODO: check + NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51571 (Voltronic Power ViewPower Pro SocketService Missing Authentication Den ...) - TODO: check + NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2023-51570 (Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote ...) - TODO: check + NOT-FOR-US: Voltronic Power ViewPower Pro CVE-2024-28219 - pillow NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) - TODO: check + NOT-FOR-US: LocalAI CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3130 (Hard-coded Credentialsin CoolKit eWeLlink app are before 5.4.x on Andr ...) @@ -348,51 +348,51 @@ CVE-2024-30859 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/c CVE-2024-30858 (netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fi ...) NOT-FOR-US: netentsec NS-ASG CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary ...) - TODO: check + NOT-FOR-US: Alldata CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) - TODO: check + NOT-FOR-US: Alldata CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...) NOT-FOR-US: IceWhaleTech/CasaOS-UserService CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 17584700 by Salvatore Bonaccorso at 2024-04-02T11:01:35+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81,63 +81,128 @@ CVE-2024-27324 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Informati CVE-2024-27323 (PDF-XChange Editor Updater Improper Certificate Validation Remote Code ...) NOT-FOR-US: PDF-XChange Editor CVE-2024-26684 (In the Linux kernel, the following vulnerability has been resolved: n ...) - TODO: check + - linux 6.7.7-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/46eba193d04f8bd717e525eb4110f3c46c12aec3 (6.8-rc4) CVE-2024-26683 (In the Linux kernel, the following vulnerability has been resolved: w ...) - TODO: check + - linux 6.7.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/177fbbcb4ed6b306c1626a277fac3fb1c495a4c7 (6.8-rc4) CVE-2024-26682 (In the Linux kernel, the following vulnerability has been resolved: w ...) - TODO: check + - linux 6.7.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/35e2385dbe787936c793d70755a5177d267a40aa (6.8-rc4) CVE-2024-26681 (In the Linux kernel, the following vulnerability has been resolved: n ...) - TODO: check + - linux 6.7.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ba5e1272142d051dcc57ca1d3225ad8a089f9858 (6.8-rc4) CVE-2024-26680 (In the Linux kernel, the following vulnerability has been resolved: n ...) - TODO: check + - linux 6.7.7-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2e7d3b67630dfd8f178c41fa2217aa00e79a5887 (6.8-rc4) CVE-2024-26679 (In the Linux kernel, the following vulnerability has been resolved: i ...) - TODO: check + - linux 6.7.7-1 + NOTE: https://git.kernel.org/linus/eef00a82c568944f113f2de738156ac591bbd5cd (6.8-rc4) CVE-2024-26678 (In the Linux kernel, the following vulnerability has been resolved: x ...) - TODO: check + - linux 6.7.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1ad55cecf22f05f1c884adf63cc09d3c3e609ebf (6.8-rc4) CVE-2024-26677 (In the Linux kernel, the following vulnerability has been resolved: r ...) - TODO: check + - linux 6.7.7-1 + NOTE: https://git.kernel.org/linus/e7870cf13d20f56bfc19f9c3e89707c69cf104ef (6.8-rc4) CVE-2024-26676 (In the Linux kernel, the following vulnerability has been resolved: a ...) - TODO: check + - linux 6.7.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1279f9d9dec2d7462823a18c29ad61359e0a007d (6.8-rc4) CVE-2024-26675 (In the Linux kernel, the following vulnerability has been resolved: p ...) - TODO: check + - linux 6.7.7-1 + NOTE: https://git.kernel.org/linus/cb88cb53badb8aeb3955ad6ce80b07b598e310b8 (6.8-rc4) CVE-2024-26674 (In the Linux kernel, the following vulnerability has been resolved: x ...) - TODO: check + - linux 6.7.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8eed4e00a370b37b4e5985ed983dccedd555ea9d (6.8-rc4) CVE-2024-26673 (In the Linux kernel, the following vulnerability has been resolved: n ...) - TODO: check + - linux 6.7.7-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4 (6.8-rc3) CVE-2024-26672 (In the Linux kernel, the following vulnerability has been resolved: d ...) - TODO: check + - linux 6.7.7-1 + NOTE: https://git.kernel.org/linus/4f32504a2f85a7b40fe149436881381f48e9c0c0 (6.8-rc1) CVE-2024-26671 (In the Linux kernel, the following vulnerability has been resolved: b ...) - TODO: check + - linux 6.7.7-1 + NOTE: https://git.kernel.org/linus/5266caaf5660529e3da53004b8b7174cab6374ed (6.8-rc1) CVE-2024-26670 (In the Linux kernel, the following vulnerability
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 35640d10 by Salvatore Bonaccorso at 2024-04-02T10:44:12+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -274,7 +274,7 @@ CVE-2024-29435 (An issue discovered in Alldata v0.4.6 allows attacker to run arb CVE-2024-29433 (A deserialization vulnerability in the FASTJSON component of Alldata v ...) TODO: check CVE-2024-28232 (Go package IceWhaleTech/CasaOS-UserService provides user management fu ...) - TODO: check + NOT-FOR-US: IceWhaleTech/CasaOS-UserService CVE-2024-25574 (SQL injection vulnerability exists in GetDIAE_usListParameters.) TODO: check CVE-2024-25080 (WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attac ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35640d10685d59d463dedcba3216c6bdfed676f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35640d10685d59d463dedcba3216c6bdfed676f5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c619b2d0 by Moritz Muehlenhoff at 2024-04-02T10:39:37+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,85 +1,85 @@ CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...) - TODO: check + NOT-FOR-US: dotCMS CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 ...) - TODO: check + NOT-FOR-US: dotCMS CVE-2024-3160 (** DISPUTED ** A vulnerability, which was classified as problematic, w ...) - TODO: check + NOT-FOR-US: IntelBras CVE-2024-3148 (A vulnerability, which was classified as critical, has been found in D ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3147 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3146 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3145 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3144 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3143 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3142 (A vulnerability was found in Clavister E10 and E80 up to 20240323 and ...) - TODO: check + NOT-FOR-US: Clavister CVE-2024-3141 (A vulnerability has been found in Clavister E10 and E80 up to 20240323 ...) - TODO: check + NOT-FOR-US: Clavister CVE-2024-3140 (A vulnerability, which was classified as problematic, was found in Sou ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-3139 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...) - TODO: check + NOT-FOR-US: RosarioSISster CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton) TODO: check CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-31003 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-31002 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2024-2925 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2924 (The Creative Addons for Elementor plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote attackers ...) - TODO: check + NOT-FOR-US: seeyonOA CVE-2024-29086 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-29074 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-28951 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-28226 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause ...) - TODO: check + NOT-FOR-US: OpenHarmony CVE-2024-27334 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...) - TODO: check + NOT-FOR-US: KOfax Power PDF CVE-2024-27333 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclo ...) - TODO: check + NOT-FOR-US: KOfax Power PDF CVE-2024-27332 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Dis ...) - TODO: check + NOT-FOR-US: PDF-XChange Editor CVE-2024-27331 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 861da87f by security tracker role at 2024-04-02T08:12:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,227 @@ +CVE-2024-3165 (System->Maintenance-> Log Files in dotCMS dashboard is providing the u ...) + TODO: check +CVE-2024-3164 (In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 ...) + TODO: check +CVE-2024-3160 (** DISPUTED ** A vulnerability, which was classified as problematic, w ...) + TODO: check +CVE-2024-3148 (A vulnerability, which was classified as critical, has been found in D ...) + TODO: check +CVE-2024-3147 (A vulnerability classified as problematic was found in DedeCMS 5.7. Th ...) + TODO: check +CVE-2024-3146 (A vulnerability classified as problematic has been found in DedeCMS 5. ...) + TODO: check +CVE-2024-3145 (A vulnerability was found in DedeCMS 5.7. It has been rated as problem ...) + TODO: check +CVE-2024-3144 (A vulnerability was found in DedeCMS 5.7. It has been declared as prob ...) + TODO: check +CVE-2024-3143 (A vulnerability was found in DedeCMS 5.7. It has been classified as pr ...) + TODO: check +CVE-2024-3142 (A vulnerability was found in Clavister E10 and E80 up to 20240323 and ...) + TODO: check +CVE-2024-3141 (A vulnerability has been found in Clavister E10 and E80 up to 20240323 ...) + TODO: check +CVE-2024-3140 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2024-3139 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-3138 (** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS ...) + TODO: check +CVE-2024-3137 (Improper Privilege Management in uvdesk/community-skeleton) + TODO: check +CVE-2024-31005 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) + TODO: check +CVE-2024-31004 (An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execu ...) + TODO: check +CVE-2024-31003 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) + TODO: check +CVE-2024-31002 (Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a rem ...) + TODO: check +CVE-2024-2925 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...) + TODO: check +CVE-2024-2924 (The Creative Addons for Elementor plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-2839 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-2791 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + TODO: check +CVE-2024-2369 (The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does ...) + TODO: check +CVE-2024-29276 (An issue was discovered in seeyonOA version 8, allows remote attackers ...) + TODO: check +CVE-2024-29086 (in OpenHarmony v3.2.4 and prior versions allow a local attacker cause ...) + TODO: check +CVE-2024-29074 (in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-28951 (in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitr ...) + TODO: check +CVE-2024-28226 (in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause ...) + TODO: check +CVE-2024-27334 (Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclo ...) + TODO: check +CVE-2024-27333 (Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclo ...) + TODO: check +CVE-2024-27332 (PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27331 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27330 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27329 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27328 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27327 (PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Ex ...) + TODO: check +CVE-2024-27326 (PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27325 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27324 (PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Dis ...) + TODO: check +CVE-2024-27323 (PDF-XChange Editor Updater Improper Certificate Validation Remote Code ...) + TODO: check
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28219/pillow
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 429e230b by Salvatore Bonaccorso at 2024-04-02T08:39:21+02:00 Add CVE-2024-28219/pillow - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2024-28219 + - pillow + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security CVE-2024-3135 (The web server lacked CSRF tokens allowing an attacker to host malicio ...) TODO: check CVE-2024-3131 (A vulnerability was found in SourceCodester Computer Laboratory Manage ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/429e230bc457af9d2f329310a795c0cec52afbfd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/429e230bc457af9d2f329310a795c0cec52afbfd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits