[Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 32fbd66e by Salvatore Bonaccorso at 2024-04-11T07:55:39+02:00 Track fixed version for chromium issues fixed via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,11 +11,11 @@ CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) TODO: check CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) - - chromium + - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) - - chromium + - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) @@ -37,7 +37,7 @@ CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that e CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) TODO: check CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) - - chromium + - chromium 123.0.6312.122-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32fbd66ec08bca0fb8f2405b538225aa12c9aad2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32fbd66ec08bca0fb8f2405b538225aa12c9aad2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] claim tiff
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 86186d77 by Thorsten Alteholz at 2024-04-10T23:14:50+02:00 claim tiff - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -264,7 +264,7 @@ suricata (Adrian Bunk) NOTE: 20231016: Still reviewing+testing CVEs. (bunk) NOTE: 20231120: DLA coming soon. (bunk) -- -tiff +tiff (Thorsten Alteholz) NOTE: 20240314: Added by coordinator (roberto) NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and NOTE: 20240314: bookworm. Uploads to spu and ospu should be coordinated. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86186d77c378aa6782dd4a42248b59d1293291eb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86186d77c378aa6782dd4a42248b59d1293291eb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-2794/ofono
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c1e870e2 by Salvatore Bonaccorso at 2024-04-10T22:53:06+02:00 Add CVE-2023-2794/ofono - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -243,7 +243,8 @@ CVE-2023-6916 (Audit records for OpenAPI requests may include sensitive informat CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBo ...) TODO: check CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack ...) - TODO: check + - ofono + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387 CVE-2021-47219 (In the Linux kernel, the following vulnerability has been resolved: s ...) - linux 5.15.5-1 [bullseye] - linux 5.10.84-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e870e25a559c6efc76d0f27ff56b75511af871 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1e870e25a559c6efc76d0f27ff56b75511af871 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
730aeaaa by Salvatore Bonaccorso at 2024-04-10T22:32:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -21,19 +21,19 @@ CVE-2024-3515 (Use after free in Dawn in Google Chrome
prior to 123.0.6312.122 a
CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In
this v ...)
TODO: check
CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto
Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto
Networks Pan ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto
Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS
software en ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a
remote ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software
processes da ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that
enable ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with
manage ...)
TODO: check
CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome
prior to 1 ...)
@@ -47,21 +47,21 @@ CVE-2024-3098 (A vulnerability was identified in the
`exec_utils` class of the `
CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal
attacks due ...)
TODO: check
CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20,
15.5.4, an ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual
wikis, tran ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version
2.4-mil ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version
3.0.1 a ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize
WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize
USPS Shipp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy
Import any X ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW
EWWW Im ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
uses uninit ...)
NOT-FOR-US: IBM
CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
contains ha ...)
@@ -71,71 +71,71 @@ CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0
through 10.0.7 could
CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7
could allow ...)
NOT-FOR-US: IBM
CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2024-31492 (An external control of file name or path vulnerability
[CWE-73] in Fo ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version
5.0-rc- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version
5.0-rc- ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-31461 (Plane, an open-source project management tool, has a
Server-Side Reque ...)
- TODO: check
+ NOT-FOR-US: Plane
CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777
WOLF \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu
Ishikawa X ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars
Rating ...)
- TODO: check
+ NOT-FOR-US: Saleswonder.Biz 5 Stars Rating Funnel
CVE-2024-31356 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-31355 (Improper
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3567/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 52716cd6 by Salvatore Bonaccorso at 2024-04-10T22:31:24+02:00 Add CVE-2024-3567/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,9 @@ CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-la CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...) TODO: check CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...) - TODO: check + - qemu + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274339 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2273 CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) TODO: check CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52716cd680b14106709c80ce593dd43df2e76d61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52716cd680b14106709c80ce593dd43df2e76d61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fc63739 by Salvatore Bonaccorso at 2024-04-10T22:23:01+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61,13 +61,13 @@ CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) TODO: check CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) TODO: check CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc63739eba522e04640726f41ad3ec3399b8690 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc63739eba522e04640726f41ad3ec3399b8690 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Tagged a few CVEs for freeimage as postponed.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: d20822ee by Ola Lundqvist at 2024-04-10T22:19:21+02:00 Tagged a few CVEs for freeimage as postponed. Postponed because they are of DoS class and all reverse dependencies are tools used by a human that should know the input data. One can even question whether that should even be considered a security issue. In any case it is nothing that warrant any immediate attention. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6974,6 +6974,7 @@ CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) @@ -6999,6 +7000,7 @@ CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) @@ -7009,31 +7011,37 @@ CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage (bug #1068461) @@ -7044,6 +7052,7 @@ CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 - freeimage (bug #1068461) [bookworm] - freeimage (Revisit when fixed upstream) [bullseye] - freeimage (Revisit when fixed upstream) + [buster] - freeimage (Revisit when fixed upstream, low severity DoS in tool) NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...) - freeimage
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 287988f5 by Salvatore Bonaccorso at 2024-04-10T22:18:20+02:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -13,6 +13,8 @@ If needed, specify the release by adding a slash after the name of the source pa apache2 -- +chromium (dilinger) +-- cryptojs -- dav1d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/287988f58adaa504027138148636699d107bc827 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/287988f58adaa504027138148636699d107bc827 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e278fd9 by Salvatore Bonaccorso at 2024-04-10T22:17:19+02:00 Add new chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,9 +9,13 @@ CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) TODO: check CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) - TODO: check + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) - TODO: check + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) TODO: check CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) @@ -31,7 +35,9 @@ CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that e CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) TODO: check CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) - TODO: check + - chromium + [bullseye] - chromium (see #1061268) + [buster] - chromium (see DSA 5046) CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) TODO: check CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `llama ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e278fd9b7b1b7f964bb66c4371b3b48dd1179a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e278fd9b7b1b7f964bb66c4371b3b48dd1179a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2611a4fb by security tracker role at 2024-04-10T20:11:54+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,173 +1,411 @@ -CVE-2021-47219 [scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()] +CVE-2024-3570 (A stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...) + TODO: check +CVE-2024-3569 (A Denial of Service (DoS) vulnerability exists in the mintplex-labs/an ...) + TODO: check +CVE-2024-3568 (The huggingface/transformers library is vulnerable to arbitrary code e ...) + TODO: check +CVE-2024-3567 (A flaw was found in QEMU. An assertion failure was present in the upda ...) + TODO: check +CVE-2024-3566 (A command inject vulnerability allows an attacker to perform command i ...) + TODO: check +CVE-2024-3516 (Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 ...) + TODO: check +CVE-2024-3515 (Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowe ...) + TODO: check +CVE-2024-3448 (Users with low privileges can perform certain AJAX actions. In this v ...) + TODO: check +CVE-2024-3388 (A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN ...) + TODO: check +CVE-2024-3387 (A weak (low bit strength) device certificate in Palo Alto Networks Pan ...) + TODO: check +CVE-2024-3386 (An incorrect string comparison vulnerability in Palo Alto Networks PAN ...) + TODO: check +CVE-2024-3385 (A packet processing mechanism in Palo Alto Networks PAN-OS software en ...) + TODO: check +CVE-2024-3384 (A vulnerability in Palo Alto Networks PAN-OS software enables a remote ...) + TODO: check +CVE-2024-3383 (A vulnerability in how Palo Alto Networks PAN-OS software processes da ...) + TODO: check +CVE-2024-3382 (A memory leak exists in Palo Alto Networks PAN-OS software that enable ...) + TODO: check +CVE-2024-3283 (A vulnerability in mintplex-labs/anything-llm allows users with manage ...) + TODO: check +CVE-2024-3157 (Out of bounds memory access in Compositing in Google Chrome prior to 1 ...) + TODO: check +CVE-2024-3101 (In mintplex-labs/anything-llm, an improper input validation vulnerabil ...) + TODO: check +CVE-2024-3098 (A vulnerability was identified in the `exec_utils` class of the `llama ...) + TODO: check +CVE-2024-3025 (mintplex-labs/anything-llm is vulnerable to path traversal attacks due ...) + TODO: check +CVE-2024-31984 (Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, an ...) + TODO: check +CVE-2024-31983 (XWiki Platform is a generic wiki platform. In multilingual wikis, tran ...) + TODO: check +CVE-2024-31982 (XWiki Platform is a generic wiki platform. Starting in version 2.4-mil ...) + TODO: check +CVE-2024-31981 (XWiki Platform is a generic wiki platform. Starting in version 3.0.1 a ...) + TODO: check +CVE-2024-31944 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerc ...) + TODO: check +CVE-2024-31943 (Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipp ...) + TODO: check +CVE-2024-31939 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any X ...) + TODO: check +CVE-2024-31924 (Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Im ...) + TODO: check +CVE-2024-31874 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninit ...) + TODO: check +CVE-2024-31873 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains ha ...) + TODO: check +CVE-2024-31872 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) + TODO: check +CVE-2024-31871 (IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow ...) + TODO: check +CVE-2024-31819 (An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker ...) + TODO: check +CVE-2024-31492 (An external control of file name or path vulnerability [CWE-73] in Fo ...) + TODO: check +CVE-2024-31465 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) + TODO: check +CVE-2024-31464 (XWiki Platform is a generic wiki platform. Starting in version 5.0-rc- ...) + TODO: check +CVE-2024-31461 (Plane, an open-source project management tool, has a Server-Side Reque ...) + TODO: check +CVE-2024-31430 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) + TODO: check +CVE-2024-31386 (Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X ...) + TODO: check +CVE-2024-31358 (Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating ...) + TODO: check +CVE-2024-31356
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81f80a42 by Salvatore Bonaccorso at 2024-04-10T21:52:59+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,169 @@ +CVE-2021-47219 [scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/f347c26836c270199de1599c3cd466bb7747caa9 (5.16-rc1) +CVE-2021-47218 [selinux: fix NULL-pointer dereference when hashtab allocation fails] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dc27f3c5d10c58069672215787a96b4fae01818b (5.16-rc3) +CVE-2021-47217 [x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/daf972118c517b91f74ff1731417feb4270625a4 (5.16-rc2) +CVE-2021-47216 [scsi: advansys: Fix kernel pointer leak] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/d4996c6eac4c81b8872043e9391563f67f13e406 (5.16-rc1) +CVE-2021-47215 [net/mlx5e: kTLS, Fix crash in RX resync flow] + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6 (5.16-rc2) +CVE-2021-47214 [hugetlb, userfaultfd: fix reservation restore on userfaultfd error] + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cc30042df6fcc82ea18acf0dace831503e60a0b7 (5.16-rc2) +CVE-2021-47213 [NFSD: Fix exposure in nfsd4_decode_bitmap()] + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2) +CVE-2021-47212 [net/mlx5: Update error handler for UCTX and UMEM] + - linux 5.15.5-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ba50cd9451f6c49cf0841c0a4a146ff6a2822699 (5.16-rc2) +CVE-2021-47211 [ALSA: usb-audio: fix null pointer dereference on pointer cs_desc] + - linux 5.15.5-1 + NOTE: https://git.kernel.org/linus/b97053df0f04747c3c1e021ecbe99db675342954 (5.16-rc1) +CVE-2021-47210 [usb: typec: tipd: Remove WARN_ON in tps6598x_block_read] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/b7a0a63f3fed57d413bb857de164ea9c3984bc4e (5.16-rc1) +CVE-2021-47209 [sched/fair: Prevent dead task groups from regaining cfs_rq's] + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b027789e5e50494c2325cc70c8642e7fd6059479 (5.16-rc1) +CVE-2021-47207 [ALSA: gus: fix null pointer dereference on pointer block] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/a0d21bb3279476c777434c40d969ea88ca64f9aa (5.16-rc1) +CVE-2021-47206 [usb: host: ohci-tmio: check return value after calling platform_get_resource()] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/9eff2b2e59fda25051ab36cd1cb5014661df657b (5.16-rc1) +CVE-2021-47205 [clk: sunxi-ng: Unregister clocks/resets when unbinding] + - linux 5.15.5-1 + NOTE: https://git.kernel.org/linus/9bec2b9c6134052994115d2d3374e96f2ccb9b9d (5.16-rc1) +CVE-2021-47204 [net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/9b5a333272a48c2f8b30add7a874e46e8b26129c (5.16-rc2) +CVE-2021-47203 [scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/99154581b05c8fb22607afb7c3d66c1bace6aa5d (5.16-rc1) +CVE-2021-47202 [thermal: Fix NULL pointer dereferences in of_thermal_ functions] + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/96cfe05051fd8543cdedd6807ec59a0e6c409195 (5.16-rc1) +CVE-2021-47201 [iavf: free q_vectors before queues in iavf_disable_vf] + - linux 5.15.5-1 +
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3786-1 for pillow
Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cbe65225 by Adrian Bunk at 2024-04-10T22:18:37+03:00
Reserve DLA-3786-1 for pillow
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[10 Apr 2024] DLA-3786-1 pillow - security update
+ {CVE-2024-28219}
+ [buster] - pillow 5.4.1-2+deb10u6
[09 Apr 2024] DLA-3785-1 gtkwave - security update
{CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703 CVE-2023-35704
CVE-2023-35955 CVE-2023-35956 CVE-2023-35957 CVE-2023-35958 CVE-2023-35959
CVE-2023-35960 CVE-2023-35961 CVE-2023-35962 CVE-2023-35963 CVE-2023-35964
CVE-2023-35969 CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994
CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746 CVE-2023-36747
CVE-2023-36861 CVE-2023-36864 CVE-2023-36915 CVE-2023-36916 CVE-2023-37282
CVE-2023-37416 CVE-2023-37417 CVE-2023-37418 CVE-2023-37419 CVE-2023-37420
CVE-2023-37442 CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446
CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575 CVE-2023-37576
CVE-2023-37577 CVE-2023-37578 CVE-2023-37921 CVE-2023-37922 CVE-2023-37923
CVE-2023-38583 CVE-2023-38618 CVE-2023-38619 CVE-2023-38620 CVE-2023-38621
CVE-2023-38622 CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650
CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657 CVE-2023-39234
CVE-2023-39235 CVE-2023-39270 CVE-2023-39271 CVE-2023-39272 CVE-2023-39273
CVE-2023-39274 CVE-2023-39275 CVE-2023-39316 CVE-2023-39317 CVE-2023-39413
CVE-2023-39414 CVE-2023-39443 CVE-2023-39444}
[buster] - gtkwave 3.3.98+really3.3.118-0+deb10u1
=
data/dla-needed.txt
=
@@ -200,9 +200,6 @@ pdns-recursor
NOTE: 20240306: Added by Front-Desk (opal)
NOTE: 20240319: Upload postponed due to #1067124 (dleidert)
--
-pillow (Adrian Bunk)
- NOTE: 20240403: Added by Front-Desk (lamby)
---
putty
NOTE: 20231224: Added by Front-Desk (ta)
NOTE: 20230104: massive code change against bullseye. May be better to
backport bullseye (rouca)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe652259af53fc2fda7d8f671581ebc31745d60
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbe652259af53fc2fda7d8f671581ebc31745d60
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: reference freeimage discussion
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: 93fc6fbe by Sylvain Beucler at 2024-04-10T19:33:00+02:00 dla: reference freeimage discussion - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -81,6 +81,7 @@ freeimage (Ola Lundqvist) NOTE: 20240320: lots of postponed issue could be fixed as well NOTE: 20240325: Lack of upstream activity, NOTE: 20240325: postponed issues are "Revisit when fixed upstream (bunk) + NOTE: 20240410: See discussion at: https://lists.debian.org/debian-lts/2024/04/threads.html#00012 -- frr NOTE: 20231119: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93fc6fbee3eb497bb51b61989e9a3ac8349af250 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93fc6fbee3eb497bb51b61989e9a3ac8349af250 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two more CVEs allocated by Linux kernel CNA
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 776a51c2 by Salvatore Bonaccorso at 2024-04-10T16:37:55+02:00 Add two more CVEs allocated by Linux kernel CNA - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-26816 [x86, relocs: Ignore relocations in .notes section] + - linux + NOTE: https://git.kernel.org/linus/aaa8736370db1a78f0e8434344a484f9fd20be3b (6.9-rc1) +CVE-2024-26815 [net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check] + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/343041b59b7810f9cdca371f445dd43b35c740b1 (6.9-rc1) CVE-2024-3447 - qemu NOTE: https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/776a51c263a110680392a9b1cca8555609a5cd9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/776a51c263a110680392a9b1cca8555609a5cd9f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 79711349 by Moritz Muehlenhoff at 2024-04-10T16:03:25+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -134,9 +134,9 @@ CVE-2024-22450 (Dell Alienware Command Center, versions prior to 6.2.7.0, contai CVE-2024-22448 (Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authe ...) NOT-FOR-US: Dell CVE-2024-21509 (Versions of the package mysql2 before 3.9.4 are vulnerable to Prototyp ...) - TODO: check + NOT-FOR-US: Node mysql2 CVE-2024-21507 (Versions of the package mysql2 before 3.9.3 are vulnerable to Improper ...) - TODO: check + NOT-FOR-US: Node mysql2 CVE-2024-1780 (The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2024-1042 (The WP Radio \u2013 Worldwide Online Radio Stations Directory for Word ...) @@ -234,13 +234,13 @@ CVE-2024-31368 (Missing Authorization vulnerability in PenciDesign Soledad.This CVE-2024-31367 (Missing Authorization vulnerability in PenciDesign Soledad.This issue ...) NOT-FOR-US: WordPress plugin CVE-2024-30706 (An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30704 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30703 (An arbitrary file upload vulnerability has been discovered in ROS2 (Ro ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30702 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30262 (Contao is an open source content management system. Prior to version 4 ...) NOT-FOR-US: Contao CMS CVE-2024-30191 (A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1 ...) @@ -926,43 +926,43 @@ CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and befo NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71 CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERS ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30697 (An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 a ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30696 (OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_ ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30695 (An issue was discovered in the default configurations of ROS2 Galactic ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30694 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30692 (A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30691 (An issue was discovered in ROS2 Galactic Geochelone in version ROS_VER ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30690 (An unauthorized node injection vulnerability has been identified in RO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30688 (An arbitrary file upload vulnerability has been discovered in ROS2 Iro ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30687 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30686 (An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ...) - TODO:
[Git][security-tracker-team/security-tracker][master] new sngrep issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b071555a by Moritz Muehlenhoff at 2024-04-10T15:54:23+02:00 new sngrep issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -58,9 +58,11 @@ CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) NOT-FOR-US: WordPress plugin CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) - TODO: check + - sngrep + NOTE: https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809 (v1.8.1) CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) - TODO: check + - sngrep + NOTE: https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1) CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) NOT-FOR-US: WordPress plugin CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b071555a24a2eecac6870fc08b8f05c7715e1eda -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b071555a24a2eecac6870fc08b8f05c7715e1eda You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 610e323d by Moritz Muehlenhoff at 2024-04-10T15:48:31+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -62,51 +62,51 @@ CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of s CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) TODO: check CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30716 (An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSIO ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30715 (A buffer overflow vulnerability has been discovered in the C++ compone ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30713 (An OS command injection vulnerability has been discovered in ROS2 Dash ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30712 (A shell injection vulnerability was discovered in ROS2 (Robot Operatin ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30711 (An issue was discovered in the default configurations of ROS2 Dashing ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30710 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30708 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ...) - TODO: check + NOTE: Bogus report on ROS, lacks all details and apparently never reported either
[Git][security-tracker-team/security-tracker][master] new qemu issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 60689f78 by Moritz Muehlenhoff at 2024-04-10T14:14:16+02:00 new qemu issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,8 @@ +CVE-2024-3447 + - qemu + NOTE: https://patchew.org/QEMU/20240404085549.16987-1-phi...@linaro.org/ + NOTE: https://patchew.org/QEMU/20240409145524.27913-1-phi...@linaro.org/ + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813 CVE-2024-2905 NOT-FOR-US: rpm-ostree CVE-2024-2243 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60689f785da928526ae14b74fc08e0cab4201867 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60689f785da928526ae14b74fc08e0cab4201867 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs from Red Hat
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 604d35a9 by Moritz Muehlenhoff at 2024-04-10T14:11:31+02:00 NFUs from Red Hat - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-2905 + NOT-FOR-US: rpm-ostree +CVE-2024-2243 + NOT-FOR-US: csmock CVE-2024-3556 REJECTED CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) @@ -137,7 +141,7 @@ CVE-2024-0159 (Dell Alienware Command Center, versions 5.5.52.0 and prior, conta CVE-2023-6385 (The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does ...) NOT-FOR-US: WordPress plugin CVE-2023-6236 (A flaw was found in JBoss EAP. When an OIDC app that serves multiple t ...) - TODO: check + NOT-FOR-US: JBoss EAP CVE-2023-50347 (HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnera ...) NOT-FOR-US: HCL CVE-2023-40148 (Server-side request forgery (SSRF) in PingFederate allows unauthentica ...) @@ -702,7 +706,7 @@ CVE-2024-21447 (Windows Authentication Elevation of Privilege Vulnerability) CVE-2024-21424 (Azure Compute Gallery Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21409 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) - NOT-FOR-US: Microsoft + NOT-FOR-US: Microsoft .NET CVE-2024-21324 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-21323 (Microsoft Defender for IoT Remote Code Execution Vulnerability) @@ -993,7 +997,7 @@ CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerExcepti CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...) - TODO: check + NOT-FOR-US: JBoss EAP CVE-2024-0083 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) NOT-FOR-US: NVIDIA ChatRTX CVE-2024-0082 (NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604d35a9213ce2c8c2243a91182f6841b6a09fd6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/604d35a9213ce2c8c2243a91182f6841b6a09fd6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1951277c by Moritz Muehlenhoff at 2024-04-10T10:30:57+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,53 +1,53 @@ CVE-2024-3556 REJECTED CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3541 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3540 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3539 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3538 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3537 (A vulnerability was found in Campcodes Church Management System 1.0 an ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3536 (A vulnerability has been found in Campcodes Church Management System 1 ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3535 (A vulnerability, which was classified as critical, was found in Campco ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3534 (A vulnerability, which was classified as critical, has been found in C ...) - TODO: check + NOT-FOR-US: Campcodes Church Management System CVE-2024-3533 (A vulnerability classified as problematic was found in Campcodes Compl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3532 (A vulnerability classified as problematic has been found in Campcodes ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3531 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3530 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3529 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3528 (A vulnerability was found in Campcodes Complete Online Student Managem ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Student Management System CVE-2024-3526 (A vulnerability has been found in Campcodes Online Event Management Sy ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3525 (A vulnerability, which was classified as problematic, was found in Cam ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3524 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3523 (A vulnerability classified as critical was found in Campcodes Online E ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3522 (A vulnerability classified as critical has been found in Campcodes Onl ...) - TODO: check + NOT-FOR-US: Campcodes Complete Online Event Management System CVE-2024-3521 (A vulnerability was found in Byzoro Smart S80 Management Platform up t ...) - TODO: check + NOT-FOR-US: Byzoro CVE-2024-3313 (SUBNET Solutions Inc. has identified vulnerabilities in third-party c ...) - TODO: check + NOT-FOR-US: PowerSYSTEM Server CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) TODO: check CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) @@ -99,49 +99,49 @@ CVE-2024-30708 (An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION CVE-2024-30707 (Unauthorized node injection vulnerability in ROS2 Dashing Diademata in ...) TODO: check CVE-2024-2736 (The Bold Page Builder plugin for WordPress is vulnerable to
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84fde809 by security tracker role at 2024-04-10T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,147 @@ +CVE-2024-3556 + REJECTED +CVE-2024-3542 (A vulnerability classified as problematic was found in Campcodes Churc ...) + TODO: check +CVE-2024-3541 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-3540 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3539 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3538 (A vulnerability was found in Campcodes Church Management System 1.0. I ...) + TODO: check +CVE-2024-3537 (A vulnerability was found in Campcodes Church Management System 1.0 an ...) + TODO: check +CVE-2024-3536 (A vulnerability has been found in Campcodes Church Management System 1 ...) + TODO: check +CVE-2024-3535 (A vulnerability, which was classified as critical, was found in Campco ...) + TODO: check +CVE-2024-3534 (A vulnerability, which was classified as critical, has been found in C ...) + TODO: check +CVE-2024-3533 (A vulnerability classified as problematic was found in Campcodes Compl ...) + TODO: check +CVE-2024-3532 (A vulnerability classified as problematic has been found in Campcodes ...) + TODO: check +CVE-2024-3531 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3530 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3529 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3528 (A vulnerability was found in Campcodes Complete Online Student Managem ...) + TODO: check +CVE-2024-3526 (A vulnerability has been found in Campcodes Online Event Management Sy ...) + TODO: check +CVE-2024-3525 (A vulnerability, which was classified as problematic, was found in Cam ...) + TODO: check +CVE-2024-3524 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-3523 (A vulnerability classified as critical was found in Campcodes Online E ...) + TODO: check +CVE-2024-3522 (A vulnerability classified as critical has been found in Campcodes Onl ...) + TODO: check +CVE-2024-3521 (A vulnerability was found in Byzoro Smart S80 Management Platform up t ...) + TODO: check +CVE-2024-3313 (SUBNET Solutions Inc. has identified vulnerabilities in third-party c ...) + TODO: check +CVE-2024-3235 (The Essential Grid Gallery WordPress Plugin plugin for WordPress is vu ...) + TODO: check +CVE-2024-3210 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...) + TODO: check +CVE-2024-3120 (A stack-buffer overflow vulnerability exists in all versions of sngrep ...) + TODO: check +CVE-2024-3119 (A buffer overflow vulnerability exists in all versions of sngrep since ...) + TODO: check +CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up to and ...) + TODO: check +CVE-2024-30737 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30736 (An insecure deserialization vulnerability has been identified in ROS K ...) + TODO: check +CVE-2024-30735 (An arbitrary file upload vulnerability has been discovered in ROS Kine ...) + TODO: check +CVE-2024-30733 (A buffer overflow vulnerability has been discovered in the C++ compone ...) + TODO: check +CVE-2024-30730 (An insecure logging vulnerability has been identified within ROS Kinet ...) + TODO: check +CVE-2024-30729 (An OS command injection vulnerability has been discovered in ROS Kinet ...) + TODO: check +CVE-2024-30727 (An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSIO ...) + TODO: check +CVE-2024-30726 (A shell injection vulnerability was discovered in ROS (Robot Operating ...) + TODO: check +CVE-2024-30724 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30723 (An unauthorized node injection vulnerability has been identified in RO ...) + TODO: check +CVE-2024-30722 (An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_P ...) + TODO: check +CVE-2024-30721 (An arbitrary file upload vulnerability has been discovered in ROS2 Das ...) + TODO: check +CVE-2024-30719 (An insecure deserialization vulnerability has been identified in ROS2 ...) + TODO: check +CVE-2024-30718 (An issue was discovered in ROS2 Dashing Diademata in
[Git][security-tracker-team/security-tracker][master] 2 commits: Updates link to "triage new security issues" procedure:
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cbe3287 by Cyrille Bollu at 2024-04-09T14:09:15+02:00 Updates link to triage new security issues procedure: do not use old wiki.debian.org link, but rather the new lts-team.pages.debian.net Signed-off-by: Cyrille Bollu cyrille@debian-BULLSEYE-live-builder-AMD64 - - - - - 5b1a1621 by Salvatore Bonaccorso at 2024-04-10T07:10:18+00:00 Merge branch master into master Updates link to triage new security issues procedure: See merge request security-tracker-team/security-tracker!169 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -15,7 +15,7 @@ testing procedures, programming language, etc.). To work on a package, simply add your name behind it. To learn more about how this list is updated have a look at -https://wiki.debian.org/LTS/Development#Triage_new_security_issues +https://lts-team.pages.debian.net/wiki/Development.html#triage-new-security-issues To make it easier to see the entire history of an update, please append notes rather than remove/replace existing ones. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23af76fd71890567745cf29448fef58a03f7bf73...5b1a16213058f9bfe2303891728e58e10cd0817d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23af76fd71890567745cf29448fef58a03f7bf73...5b1a16213058f9bfe2303891728e58e10cd0817d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 23af76fd by Salvatore Bonaccorso at 2024-04-10T08:37:50+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -239,7 +239,7 @@ CVE-2024-2027 (The Real Media Library: Media Library Folder & File Manager plugi CVE-2024-2026 (The Passster plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: WordPress plugin CVE-2024-2018 (The WP Activity Log Premium plugin for WordPress is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29993 (Azure CycleCloud Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-29992 (Azure Identity Library for .NET Information Disclosure Vulnerability) @@ -582,167 +582,167 @@ CVE-2024-20669 (Secure Boot Security Feature Bypass Vulnerability) CVE-2024-20665 (BitLocker Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2024-1999 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1991 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1990 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1984 (The Graphene theme for WordPress is vulnerable to unauthorized access ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1974 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1960 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1948 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1934 (The WP Compress \u2013 Image Optimizer plugin for WordPress is vulnera ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1904 (The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1893 (The Easy Property Listings plugin for WordPress is vulnerable to time- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1852 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1850 (The AI Post Generator | AutoWriter plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1813 (The Simple Job Board plugin for WordPress is vulnerable to PHP Object ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1812 (The Everest Forms plugin for WordPress is vulnerable to Server-Side Re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1794 (The Forminator plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1792 (The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1790 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1774 (The Customily Product Personalizer plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1641 (The Accordion plugin for WordPress is vulnerable to unauthorized acces ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1637 (The 360 Javascript Viewer plugin for WordPress is vulnerable to unauth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1587 (The Newsmatic theme for WordPress is vulnerable to Sensitive Informati ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2024-1571 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1498 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1466 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1465 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1464 (The Elementor Addons by Livemesh plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-22949/libjfreechart-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f9c65c6d by Salvatore Bonaccorso at 2024-04-10T08:13:05+02:00 Add CVE-2024-22949/libjfreechart-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -845,7 +845,7 @@ CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointer CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - jgrapht CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) - TODO: check + - libjfreechart-java CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) TODO: check CVE-2024-1233 (A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, wher ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9c65c6def23ea1ed5bdec10e3ff25c9bd08e5b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9c65c6def23ea1ed5bdec10e3ff25c9bd08e5b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-23079/jgrapht
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f0f89af by Salvatore Bonaccorso at 2024-04-10T08:10:46+02:00 Add CVE-2024-23079/jgrapht - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -843,7 +843,7 @@ CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoun CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...) TODO: check CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) - TODO: check + - jgrapht CVE-2024-22949 (JFreeChart v1.5.4 was discovered to contain a NullPointerException via ...) TODO: check CVE-2024-1664 (The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f0f89afb2176f5208256a8c790bec1222476394 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f0f89afb2176f5208256a8c790bec1222476394 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-23084/libapfloat-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0742b554 by Salvatore Bonaccorso at 2024-04-10T08:10:13+02:00 Add CVE-2024-23084/libapfloat-java - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -839,7 +839,7 @@ CVE-2024-25646 (Due to improper validation,SAP BusinessObject Business Intellige CVE-2024-23584 (The NMAP Importer service may expose data store credentials to authori ...) NOT-FOR-US: HCL CVE-2024-23084 (Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsExce ...) - TODO: check + - libapfloat-java CVE-2024-23081 (ThreeTen Backport v1.6.8 was discovered to contain a NullPointerExcept ...) TODO: check CVE-2024-23079 (JGraphT Core v1.5.2 was discovered to contain a NullPointerException v ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0742b55455252ddb3cdc38d67f54302148b29f33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0742b55455252ddb3cdc38d67f54302148b29f33 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-31047/openexr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36b57caa by Salvatore Bonaccorso at 2024-04-10T08:08:35+02:00
Add CVE-2024-31047/openexr
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -766,7 +766,10 @@ CVE-2024-31366 (Missing Authorization vulnerability in
Themify Post Type Builder
CVE-2024-31365 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2024-31047 (An issue in Academy Software Foundation openexr v.3.2.3 and
before all ...)
- TODO: check
+ - openexr
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1680
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1681
+ NOTE: Fixed by:
https://github.com/AcademySoftwareFoundation/openexr/commit/7aa89e1d09b09d9f5dbb96976ee083a331ab9d71
CVE-2024-30701 (An insecure logging vulnerability in ROS2 Galactic Geochelone
ROS_VERS ...)
TODO: check
CVE-2024-30699 (A buffer overflow vulnerability has been discovered in the C++
compone ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b57caa654e734c4b540ecbcd93061a639bec72
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36b57caa654e734c4b540ecbcd93061a639bec72
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-22423/yt-dlp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2898b65c by Salvatore Bonaccorso at 2024-04-10T08:05:44+02:00
Add CVE-2024-22423/yt-dlp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -544,7 +544,11 @@ CVE-2024-23671 (A improper limitation of a pathname to a
restricted directory ('
CVE-2024-23662 (An exposure of sensitive information to an unauthorized actor
in Forti ...)
NOT-FOR-US: FortiGuard
CVE-2024-22423 (yt-dlp is a youtube-dl fork with additional features and
fixes. The pa ...)
- TODO: check
+ - yt-dlp (Windows-specific)
+ NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p
+ NOTE: Fixed by:
https://github.com/yt-dlp/yt-dlp/commit/ff07792676f4046ee61b5638c9dc1a33a37a
(2024.04.09)
+ NOTE: https://github.com/yt-dlp/yt-dlp/releases/tag/2024.04.09
+ NOTE: Issue exists because of incomplete fix to address CVE-2023-40581
CVE-2024-21756 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: FortiGuard
CVE-2024-21755 (A improper neutralization of special elements used in an os
command (' ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2898b65c9ebba804a9aa88c2d465620bfb83e1e4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2898b65c9ebba804a9aa88c2d465620bfb83e1e4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9cc97337 by Salvatore Bonaccorso at 2024-04-10T08:05:00+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -35,7 +35,7 @@ CVE-2024-3064 (The Elementor Addons, Widgets and Enhancements
\u2013 Stax plugin
CVE-2024-3053 (The Forminator \u2013 Contact Form, Payment Form & Custom Form
Builder ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3046 (In Eclipse Kura LogServlet component included in versions 5.0.0
to 5.4 ...)
- TODO: check
+ NOT-FOR-US: Eclipse Kura LogServlet
CVE-2024-31978 (A vulnerability has been identified in SINEC NMS (All versions
< V2.0 ...)
NOT-FOR-US: Siemens
CVE-2024-31868 (Improper Encoding or Escaping of Output vulnerability in
Apache Zeppel ...)
@@ -63,7 +63,7 @@ CVE-2024-31506 (Sourcecodester Online Graduate Tracer System
v1.0 is vulnerable
CVE-2024-31487 (A improper limitation of a pathname to a restricted directory
('path t ...)
NOT-FOR-US: FortiGuard
CVE-2024-31457 (gin-vue-admin is a backstage management system based on vue
and gin, w ...)
- TODO: check
+ NOT-FOR-US: gin-vue-admin
CVE-2024-31455 (Minder by Stacklok is an open source software supply chain
security pl ...)
NOT-FOR-US: Minder by Stacklok
CVE-2024-31454 (PsiTransfer is an open source, self-hosted file sharing
solution. Prio ...)
@@ -141,103 +141,103 @@ CVE-2024-2536 (The Rank Math SEO with AI SEO Tools
plugin for WordPress is vulne
CVE-2024-2513 (The WP Chat App plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2024-2507 (The JetWidgets For Elementor plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2504 (The Page Builder: Pagelayer \u2013 Drag and Drop website
builder plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2501 (The Hubbub Lite \u2013 Fast, Reliable Social Sharing Buttons
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2492 (The PowerPack Addons for Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2457 (The Modal Window \u2013 create popup modal window plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2456 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2436 (The Lightweight Accordion plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2423 (The UsersWP \u2013 Front-end login form, User Registration,
User Profi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2348 (The Gum Elementor Addon plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2347 (The Astra theme for WordPress is vulnerable to Stored
Cross-Site Scrip ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2344 (The Avada theme for WordPress is vulnerable to SQL Injection
via the ' ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2343 (The Avada | Website Builder For WordPress & WooCommerce theme
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2342 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2341 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2340 (The Avada theme for WordPress is vulnerable to Sensitive
Information E ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2336 (The Popup Maker \u2013 Popup for opt-ins, lead gen, & more
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2335 (The Elements Plus! plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2334 (The Template Kit \u2013 Import plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2327 (The Global Elementor Buttons plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2325 (The Link Library plugin for WordPress is vulnerable to
Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-2311 (The Avada theme for WordPress is vulnerable to Stored
Cross-Site Scrip ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-2306 (The Revslider plugin for WordPress is vulnerable to Stored
