[Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 32fbd66e by Salvatore Bonaccorso at 2024-04-11T07:55:39+02:00 Track fixed version for chromium issues fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,11 +11,11 @@ CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) TODO: check CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) - - chromium + - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) - - chromium + - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) @@ -37,7 +37,7 @@ CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that e CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) TODO: check CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) - - chromium + - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32fbd66ec08bca0fb8f2405b538225aa12c9aad2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32fbd66ec08bca0fb8f2405b538225aa12c9aad2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim tiff
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 86186d77 by Thorsten Alteholz at 2024-04-10T23:14:50+02:00 claim tiff - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -264,7 +264,7 @@ suricata (Adrian Bunk) NOTE: 20231016: Still reviewing+testing CVEs. (bunk) NOTE: 20231120: DLA coming soon. (bunk) -- -tiff +tiff (Thorsten Alteholz) NOTE: 20240314: Added by coordinator (roberto) NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and NOTE: 20240314: bookworm. Uploads to spu and ospu should be coordinated. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86186d77c378aa6782dd4a42248b59d1293291eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86186d77c378aa6782dd4a42248b59d1293291eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-2794/ofono
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c1e870e2 by Salvatore Bonaccorso at 2024-04-10T22:53:06+02:00 Add CVE-2023-2794/ofono - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -243,7 +243,8 @@ CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive informat CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) TODO: check CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) - TODO: check + - ofono + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387 CVE-2021-47219 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e870e25a559c6efc76d0f27ff56b75511af871 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e870e25a559c6efc76d0f27ff56b75511af871 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 730aeaaa by Salvatore Bonaccorso at 2024-04-10T22:32:01+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,19 +21,19 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 a CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) TODO: check CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) TODO: check CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) @@ -47,21 +47,21 @@ CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the ` CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...) TODO: check CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, an ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) NOT-FOR-US: IBM CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) @@ -71,71 +71,71 @@ CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) NOT-FOR-US: IBM CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) - TODO: check + NOT-FOR-US: WWBN AVideo CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) - TODO: check + NOT-FOR-US: XWiki CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...) - TODO: check + NOT-FOR-US: Plane CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...) - TODO: check + NOT-FOR-US: Saleswonder.Biz 5 Stars Rating Funnel CVE-2024-31356 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31355 (Improper
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3567/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52716cd6 by Salvatore Bonaccorso at 2024-04-10T22:31:24+02:00 Add CVE-2024-3567/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,9 @@ CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-la CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...) TODO: check CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...) - TODO: check + - qemu + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273 CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) TODO: check CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52716cd680b14106709c80ce593dd43df2e76d61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52716cd680b14106709c80ce593dd43df2e76d61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fc63739 by Salvatore Bonaccorso at 2024-04-10T22:23:01+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61,13 +61,13 @@ CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) TODO: check CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) TODO: check CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc63739eba522e04640726f41ad3ec3399b8690 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc63739eba522e04640726f41ad3ec3399b8690 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Tagged a few CVEs for freeimage as postponed.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: d20822ee by Ola Lundqvist at 2024-04-10T22:19:21+02:00 Tagged a few CVEs for freeimage as postponed. Postponed because they are of DoS class and all reverse dependencies are tools used by a human that should know the input data. One can even question whether that should even be considered a security issue. In any case it is nothing that warrant any immediate attention. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6974,6 +6974,7 @@ CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) @@ -6999,6 +7000,7 @@ CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) @@ -7009,31 +7011,37 @@ CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) @@ -7044,6 +7052,7 @@ CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 287988f5 by Salvatore Bonaccorso at 2024-04-10T22:18:20+02:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -13,6 +13,8 @@ If needed, specify the release by adding a slash after the name of the source pa apache2 -- +chromium (dilinger) +-- cryptojs -- dav1d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/287988f58adaa504027138148636699d107bc827 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/287988f58adaa504027138148636699d107bc827 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e278fd9 by Salvatore Bonaccorso at 2024-04-10T22:17:19+02:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,9 +9,13 @@ CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) TODO: check CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) - TODO: check + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) - TODO: check + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) TODO: check CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) @@ -31,7 +35,9 @@ CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that e CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) TODO: check CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) - TODO: check + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) TODO: check CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `llama ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e278fd9b7b1b7f964bb66c4371b3b48dd1179a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e278fd9b7b1b7f964bb66c4371b3b48dd1179a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2611a4fb by security tracker role at 2024-04-10T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,173 +1,411 @@ -CVE-2021-47219 [scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()] +CVE-2024-3570 (A stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...) + TODO: check +CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-labs/an ...) + TODO: check +CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...) + TODO: check +CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...) + TODO: check +CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) + TODO: check +CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) + TODO: check +CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) + TODO: check +CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) + TODO: check +CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) + TODO: check +CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) + TODO: check +CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...) + TODO: check +CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...) + TODO: check +CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...) + TODO: check +CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...) + TODO: check +CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...) + TODO: check +CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) + TODO: check +CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) + TODO: check +CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) + TODO: check +CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `llama ...) + TODO: check +CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...) + TODO: check +CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, an ...) + TODO: check +CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...) + TODO: check +CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...) + TODO: check +CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) + TODO: check +CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...) + TODO: check +CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...) + TODO: check +CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...) + TODO: check +CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) + TODO: check +CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) + TODO: check +CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) + TODO: check +CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) + TODO: check +CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) + TODO: check +CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) + TODO: check +CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) + TODO: check +CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) + TODO: check +CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) + TODO: check +CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...) + TODO: check +CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) + TODO: check +CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...) + TODO: check +CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...) + TODO: check +CVE-2024-31356
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81f80a42 by Salvatore Bonaccorso at 2024-04-10T21:52:59+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,169 @@ +CVE-2021-47219 [scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/f347c26836c270199de1599c3cd466bb7747caa9 (5.16-rc1) +CVE-2021-47218 [selinux: fix NULL-pointer dereference when hashtab allocation fails] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dc27f3c5d10c58069672215787a96b4fae01818b (5.16-rc3) +CVE-2021-47217 [x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/daf972118c517b91f74ff1731417feb4270625a4 (5.16-rc2) +CVE-2021-47216 [scsi: advansys: Fix kernel pointer leak] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/d4996c6eac4c81b8872043e9391563f67f13e406 (5.16-rc1) +CVE-2021-47215 [net/mlx5e: kTLS, Fix crash in RX resync flow] + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6 (5.16-rc2) +CVE-2021-47214 [hugetlb, userfaultfd: fix reservation restore on userfaultfd error] + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cc30042df6fcc82ea18acf0dace831503e60a0b7 (5.16-rc2) +CVE-2021-47213 [NFSD: Fix exposure in nfsd4_decode_bitmap()] + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2) +CVE-2021-47212 [net/mlx5: Update error handler for UCTX and UMEM] + - linux 5.15.5-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ba50cd9451f6c49cf0841c0a4a146ff6a2822699 (5.16-rc2) +CVE-2021-47211 [ALSA: usb-audio: fix null pointer dereference on pointer cs_desc] + - linux 5.15.5-1 + NOTE: https://git.kernel.org/linus/b97053df0f04747c3c1e021ecbe99db675342954 (5.16-rc1) +CVE-2021-47210 [usb: typec: tipd: Remove WARN_ON in tps6598x_block_read] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/b7a0a63f3fed57d413bb857de164ea9c3984bc4e (5.16-rc1) +CVE-2021-47209 [sched/fair: Prevent dead task groups from regaining cfs_rq's] + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b027789e5e50494c2325cc70c8642e7fd6059479 (5.16-rc1) +CVE-2021-47207 [ALSA: gus: fix null pointer dereference on pointer block] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/a0d21bb3279476c777434c40d969ea88ca64f9aa (5.16-rc1) +CVE-2021-47206 [usb: host: ohci-tmio: check return value after calling platform_get_resource()] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/9eff2b2e59fda25051ab36cd1cb5014661df657b (5.16-rc1) +CVE-2021-47205 [clk: sunxi-ng: Unregister clocks/resets when unbinding] + - linux 5.15.5-1 + NOTE: https://git.kernel.org/linus/9bec2b9c6134052994115d2d3374e96f2ccb9b9d (5.16-rc1) +CVE-2021-47204 [net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/9b5a333272a48c2f8b30add7a874e46e8b26129c (5.16-rc2) +CVE-2021-47203 [scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/99154581b05c8fb22607afb7c3d66c1bace6aa5d (5.16-rc1) +CVE-2021-47202 [thermal: Fix NULL pointer dereferences in of_thermal_ functions] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/96cfe05051fd8543cdedd6807ec59a0e6c409195 (5.16-rc1) +CVE-2021-47201 [iavf: free q_vectors before queues in iavf_disable_vf] + - linux 5.15.5-1 +
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3786-1 for pillow
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: cbe65225 by Adrian Bunk at 2024-04-10T22:18:37+03:00 Reserve DLA-3786-1 for pillow - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[10 Apr 2024] DLA-3786-1 pillow - security update + {CVE-2024-28219} + [buster] - pillow 5.4.1-2+deb10u6 [09 Apr 2024] DLA-3785-1 gtkwave - security update {CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004 CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703 CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957 CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961 CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969 CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994 CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746 CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915 CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417 CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442 CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446 CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575 CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921 CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618 CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622 CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650 CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657 CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271 CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275 CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414 CVE-2023-39443 CVE-2023-39444} [buster] - gtkwave 3.3.98+really3.3.118-0+deb10u1 = data/dla-needed.txt = @@ -200,9 +200,6 @@ pdns-recursor NOTE: 20240306: Added by Front-Desk (opal) NOTE: 20240319: Upload postponed due to #1067124 (dleidert) -- -pillow (Adrian Bunk) - NOTE: 20240403: Added by Front-Desk (lamby) --- putty NOTE: 20231224: Added by Front-Desk (ta) NOTE: 20230104: massive code change against bullseye. May be better to backport bullseye (rouca) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe652259af53fc2fda7d8f671581ebc31745d60 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe652259af53fc2fda7d8f671581ebc31745d60 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: reference freeimage discussion
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 93fc6fbe by Sylvain Beucler at 2024-04-10T19:33:00+02:00 dla: reference freeimage discussion - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -81,6 +81,7 @@ freeimage (Ola Lundqvist) NOTE: 20240320: lots of postponed issue could be fixed as well NOTE: 20240325: Lack of upstream activity, NOTE: 20240325: postponed issues are "Revisit when fixed upstream (bunk) + NOTE: 20240410: See discussion at: https://lists.debian.org/debian-lts/2024/04/threads.html#00012 -- frr NOTE: 20231119: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93fc6fbee3eb497bb51b61989e9a3ac8349af250 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93fc6fbee3eb497bb51b61989e9a3ac8349af250 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two more CVEs allocated by Linux kernel CNA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 776a51c2 by Salvatore Bonaccorso at 2024-04-10T16:37:55+02:00 Add two more CVEs allocated by Linux kernel CNA - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-26816 [x86, relocs: Ignore relocations in .notes section] + - linux + NOTE: https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1) +CVE-2024-26815 [net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1) CVE-2024-3447 - qemu NOTE: https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/776a51c263a110680392a9b1cca8555609a5cd9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/776a51c263a110680392a9b1cca8555609a5cd9f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 79711349 by Moritz Muehlenhoff at 2024-04-10T16:03:25+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -134,9 +134,9 @@ CVE-2024-22450 (Dell Alienware Command Center, versions prior to 6.2.7.0, contai CVE-2024-22448 (Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authe ...) NOT-FOR-US: Dell CVE-2024-21509 (Versions of the package mysql2 before 3.9.4 are vulnerable to Prototyp ...) - TODO: check + NOT-FOR-US: Node mysql2 CVE-2024-21507 (Versions of the package mysql2 before 3.9.3 are vulnerable to Improper ...) - TODO: check + NOT-FOR-US: Node mysql2 CVE-2024-1780 (The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-1042 (The WP Radio \u2013 Worldwide Online Radio Stations Directory for Word ...) @@ -234,13 +234,13 @@ CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30703 (An arbitrary file upload vulnerability has been discovered in ROS2 (Ro ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30702 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30262 (Contao is an open source content management system. Prior to version 4 ...) NOT-FOR-US: Contao CMS CVE-2024-30191 (A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1 ...) @@ -926,43 +926,43 @@ CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and befo NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...) - TODO:
[Git][security-tracker-team/security-tracker][master] new sngrep issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b071555a by Moritz Muehlenhoff at 2024-04-10T15:54:23+02:00 new sngrep issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -58,9 +58,11 @@ CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) - TODO: check + - sngrep + NOTE: https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809 (v1.8.1) CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) - TODO: check + - sngrep + NOTE: https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1) CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) NOT-FOR-US: WordPress plugin CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b071555a24a2eecac6870fc08b8f05c7715e1eda -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b071555a24a2eecac6870fc08b8f05c7715e1eda You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 610e323d by Moritz Muehlenhoff at 2024-04-10T15:48:31+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62,51 +62,51 @@ CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of s CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) TODO: check CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30716 (An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30715 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30713 (An OS command injection vulnerability has been discovered in ROS2 Dash ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30712 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30711 (An issue was discovered in the default configurations of ROS2 Dashing ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30710 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30708 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either
[Git][security-tracker-team/security-tracker][master] new qemu issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 60689f78 by Moritz Muehlenhoff at 2024-04-10T14:14:16+02:00 new qemu issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2024-3447 + - qemu + NOTE: https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/ + NOTE: https://patchew.org/QEMU/20240409145524.27913-1-phi...@linaro.org/ + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813 CVE-2024-2905 NOT-FOR-US: rpm-ostree CVE-2024-2243 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60689f785da928526ae14b74fc08e0cab4201867 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60689f785da928526ae14b74fc08e0cab4201867 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs from Red Hat
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 604d35a9 by Moritz Muehlenhoff at 2024-04-10T14:11:31+02:00 NFUs from Red Hat - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-2905 + NOT-FOR-US: rpm-ostree +CVE-2024-2243 + NOT-FOR-US: csmock CVE-2024-3556 REJECTED CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) @@ -137,7 +141,7 @@ CVE-2024-0159 (Dell Alienware Command Center, versions 5.5.52.0 and prior, conta CVE-2023-6385 (The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does ...) NOT-FOR-US: WordPress plugin CVE-2023-6236 (A flaw was found in JBoss EAP. When an OIDC app that serves multiple t ...) - TODO: check + NOT-FOR-US: JBoss EAP CVE-2023-50347 (HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnera ...) NOT-FOR-US: HCL CVE-2023-40148 (Server-side request forgery (SSRF) in PingFederate allows unauthentica ...) @@ -702,7 +706,7 @@ CVE-2024-21447 (Windows Authentication Elevation of Privilege Vulnerability) CVE-2024-21424 (Azure Compute Gallery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21409 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) - NOT-FOR-US: Microsoft + NOT-FOR-US: Microsoft .NET CVE-2024-21324 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21323 (Microsoft Defender for IoT Remote Code Execution Vulnerability) @@ -993,7 +997,7 @@ CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerExcepti CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...) - TODO: check + NOT-FOR-US: JBoss EAP CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) NOT-FOR-US: NVIDIA ChatRTX CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604d35a9213ce2c8c2243a91182f6841b6a09fd6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604d35a9213ce2c8c2243a91182f6841b6a09fd6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1951277c by Moritz Muehlenhoff at 2024-04-10T10:30:57+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,53 +1,53 @@ CVE-2024-3556 REJECTED CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3541 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3540 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3539 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3538 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3537 (A vulnerability was found in Campcodes Church Management System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3536 (A vulnerability has been found in Campcodes Church Management System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3535 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3534 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3533 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3532 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3531 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3530 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3529 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3528 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3526 (A vulnerability has been found in Campcodes Online Event Management Sy ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3525 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3524 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3523 (A vulnerability classified as critical was found in Campcodes Online E ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3522 (A vulnerability classified as critical has been found in Campcodes Onl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3521 (A vulnerability was found in Byzoro Smart S80 Management Platform up t ...) - TODO: check + NOT-FOR-US: Byzoro CVE-2024-3313 (SUBNET Solutions Inc. has identified vulnerabilities in third-party c ...) - TODO: check + NOT-FOR-US: PowerSYSTEM Server CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) TODO: check CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) @@ -99,49 +99,49 @@ CVE-2024-30708 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION CVE-2024-30707 (Unauthorized node injection vulnerability in ROS2 Dashing Diademata in ...) TODO: check CVE-2024-2736 (The Bold Page Builder plugin for WordPress is vulnerable to
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84fde809 by security tracker role at 2024-04-10T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,147 @@ +CVE-2024-3556 + REJECTED +CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) + TODO: check +CVE-2024-3541 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-3540 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3539 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3538 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3537 (A vulnerability was found in Campcodes Church Management System 1.0 an ...) + TODO: check +CVE-2024-3536 (A vulnerability has been found in Campcodes Church Management System 1 ...) + TODO: check +CVE-2024-3535 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-3534 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-3533 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-3532 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-3531 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3530 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3529 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3528 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3526 (A vulnerability has been found in Campcodes Online Event Management Sy ...) + TODO: check +CVE-2024-3525 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-3524 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3523 (A vulnerability classified as critical was found in Campcodes Online E ...) + TODO: check +CVE-2024-3522 (A vulnerability classified as critical has been found in Campcodes Onl ...) + TODO: check +CVE-2024-3521 (A vulnerability was found in Byzoro Smart S80 Management Platform up t ...) + TODO: check +CVE-2024-3313 (SUBNET Solutions Inc. has identified vulnerabilities in third-party c ...) + TODO: check +CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress is vu ...) + TODO: check +CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) + TODO: check +CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) + TODO: check +CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) + TODO: check +CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) + TODO: check +CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...) + TODO: check +CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...) + TODO: check +CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...) + TODO: check +CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...) + TODO: check +CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...) + TODO: check +CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...) + TODO: check +CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...) + TODO: check +CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...) + TODO: check +CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...) + TODO: check +CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in
[Git][security-tracker-team/security-tracker][master] 2 commits: Updates link to "triage new security issues" procedure:
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cbe3287 by Cyrille Bollu at 2024-04-09T14:09:15+02:00 Updates link to triage new security issues procedure: do not use old wiki.debian.org link, but rather the new lts-team.pages.debian.net Signed-off-by: Cyrille Bollu cyrille@debian-BULLSEYE-live-builder-AMD64 - - - - - 5b1a1621 by Salvatore Bonaccorso at 2024-04-10T07:10:18+00:00 Merge branch master into master Updates link to triage new security issues procedure: See merge request security-tracker-team/security-tracker!169 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -15,7 +15,7 @@ testing procedures, programming language, etc.). To work on a package, simply add your name behind it. To learn more about how this list is updated have a look at -https://wiki.debian.org/LTS/Development#Triage_new_security_issues +https://lts-team.pages.debian.net/wiki/Development.html#triage-new-security-issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23af76fd71890567745cf29448fef58a03f7bf73...5b1a16213058f9bfe2303891728e58e10cd0817d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23af76fd71890567745cf29448fef58a03f7bf73...5b1a16213058f9bfe2303891728e58e10cd0817d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23af76fd by Salvatore Bonaccorso at 2024-04-10T08:37:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -239,7 +239,7 @@ CVE-2024-2027 (The Real Media Library: Media Library Folder & File Manager plugi CVE-2024-2026 (The Passster plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-2018 (The WP Activity Log Premium plugin for WordPress is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29993 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29992 (Azure Identity Library for .NET Information Disclosure Vulnerability) @@ -582,167 +582,167 @@ CVE-2024-20669 (Secure Boot Security Feature Bypass Vulnerability) CVE-2024-20665 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1999 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1991 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1990 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1984 (The Graphene theme for WordPress is vulnerable to unauthorized access ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1974 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1960 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1948 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1934 (The WP Compress \u2013 Image Optimizer plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1904 (The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1893 (The Easy Property Listings plugin for WordPress is vulnerable to time- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1852 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1850 (The AI Post Generator | AutoWriter plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1813 (The Simple Job Board plugin for WordPress is vulnerable to PHP Object ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1812 (The Everest Forms plugin for WordPress is vulnerable to Server-Side Re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1794 (The Forminator plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1792 (The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1790 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1774 (The Customily Product Personalizer plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1641 (The Accordion plugin for WordPress is vulnerable to unauthorized acces ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1637 (The 360 Javascript Viewer plugin for WordPress is vulnerable to unauth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1587 (The Newsmatic theme for WordPress is vulnerable to Sensitive Informati ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1571 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1498 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1466 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1465 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1464 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-22949/libjfreechart-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f9c65c6d by Salvatore Bonaccorso at 2024-04-10T08:13:05+02:00 Add CVE-2024-22949/libjfreechart-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -845,7 +845,7 @@ CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointer CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - jgrapht CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) - TODO: check + - libjfreechart-java CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) TODO: check CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9c65c6def23ea1ed5bdec10e3ff25c9bd08e5b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9c65c6def23ea1ed5bdec10e3ff25c9bd08e5b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-23079/jgrapht
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f0f89af by Salvatore Bonaccorso at 2024-04-10T08:10:46+02:00 Add CVE-2024-23079/jgrapht - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -843,7 +843,7 @@ CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoun CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...) TODO: check CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - TODO: check + - jgrapht CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) TODO: check CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f0f89afb2176f5208256a8c790bec1222476394 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f0f89afb2176f5208256a8c790bec1222476394 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-23084/libapfloat-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0742b554 by Salvatore Bonaccorso at 2024-04-10T08:10:13+02:00 Add CVE-2024-23084/libapfloat-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -839,7 +839,7 @@ CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intellige CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...) NOT-FOR-US: HCL CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...) - TODO: check + - libapfloat-java CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...) TODO: check CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0742b55455252ddb3cdc38d67f54302148b29f33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0742b55455252ddb3cdc38d67f54302148b29f33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-31047/openexr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36b57caa by Salvatore Bonaccorso at 2024-04-10T08:08:35+02:00 Add CVE-2024-31047/openexr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -766,7 +766,10 @@ CVE-2024-31366 (Missing Authorization vulnerability in Themify Post Type Builder CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: WordPress plugin CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and before all ...) - TODO: check + - openexr + NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1680 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681 + NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...) TODO: check CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b57caa654e734c4b540ecbcd93061a639bec72 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b57caa654e734c4b540ecbcd93061a639bec72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-22423/yt-dlp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2898b65c by Salvatore Bonaccorso at 2024-04-10T08:05:44+02:00 Add CVE-2024-22423/yt-dlp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -544,7 +544,11 @@ CVE-2024-23671 (A improper limitation of a pathname to a restricted directory (' CVE-2024-23662 (An exposure of sensitive information to an unauthorized actor in Forti ...) NOT-FOR-US: FortiGuard CVE-2024-22423 (yt-dlp is a youtube-dl fork with additional features and fixes. The pa ...) - TODO: check + - yt-dlp (Windows-specific) + NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p + NOTE: Fixed by: https://github.com/yt-dlp/yt-dlp/commit/ff07792676f4046ee61b5638c9dc1a33a37a (2024.04.09) + NOTE: https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09 + NOTE: Issue exists because of incomplete fix to address CVE-2023-40581 CVE-2024-21756 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: FortiGuard CVE-2024-21755 (A improper neutralization of special elements used in an os command (' ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2898b65c9ebba804a9aa88c2d465620bfb83e1e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2898b65c9ebba804a9aa88c2d465620bfb83e1e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9cc97337 by Salvatore Bonaccorso at 2024-04-10T08:05:00+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,7 +35,7 @@ CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) NOT-FOR-US: WordPress plugin CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4 ...) - TODO: check + NOT-FOR-US: Eclipse Kura LogServlet CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions < V2.0 ...) NOT-FOR-US: Siemens CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in Apache Zeppel ...) @@ -63,7 +63,7 @@ CVE-2024-31506 (Sourcecodester Online Graduate Tracer System v1.0 is vulnerable CVE-2024-31487 (A improper limitation of a pathname to a restricted directory ('path t ...) NOT-FOR-US: FortiGuard CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue and gin, w ...) - TODO: check + NOT-FOR-US: gin-vue-admin CVE-2024-31455 (Minder by Stacklok is an open source software supply chain security pl ...) NOT-FOR-US: Minder by Stacklok CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...) @@ -141,103 +141,103 @@ CVE-2024-2536 (The Rank Math SEO with AI SEO Tools plugin for WordPress is vulne CVE-2024-2513 (The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Sit ...) NOT-FOR-US: WordPress plugin CVE-2024-2507 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2504 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2501 (The Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2492 (The PowerPack Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2457 (The Modal Window \u2013 create popup modal window plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2456 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2436 (The Lightweight Accordion plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2423 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2348 (The Gum Elementor Addon plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2347 (The Astra theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2344 (The Avada theme for WordPress is vulnerable to SQL Injection via the ' ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2343 (The Avada | Website Builder For WordPress & WooCommerce theme for Word ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2342 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2341 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2340 (The Avada theme for WordPress is vulnerable to Sensitive Information E ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2336 (The Popup Maker \u2013 Popup for opt-ins, lead gen, & more plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2335 (The Elements Plus! plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2334 (The Template Kit \u2013 Import plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2327 (The Global Elementor Buttons plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2325 (The Link Library plugin for WordPress is vulnerable to Reflected Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2311 (The Avada theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-2306 (The Revslider plugin for WordPress is vulnerable to Stored