[Git][security-tracker-team/security-tracker][master] Reserve DSA number for linux update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6af4bcdc by Salvatore Bonaccorso at 2024-04-13T07:06:04+02:00 Reserve DSA number for linux update - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[13 Apr 2024] DSA-5658-1 linux - security update + {CVE-2023-47233 CVE-2024-2201 CVE-2024-24857 CVE-2024-24858 CVE-2024-26584 CVE-2024-26585 CVE-2024-26642 CVE-2024-26643 CVE-2024-26654 CVE-2024-26800 CVE-2024-26809 CVE-2024-26810 CVE-2024-26811 CVE-2024-26812 CVE-2024-26813 CVE-2024-26814 CVE-2024-26815 CVE-2024-26816 CVE-2024-27437} + [bookworm] - linux 6.1.85-1 [12 Apr 2024] DSA-5657-1 xorg-server - security update {CVE-2024-31080 CVE-2024-31081 CVE-2024-31083} [bullseye] - xorg-server 2:1.20.11-1+deb11u13 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6af4bcdc63d09454e455b3c76e6e128e84401e49 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6af4bcdc63d09454e455b3c76e6e128e84401e49 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: take zabbix
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab0d5b23 by Adrian Bunk at 2024-04-13T02:56:59+03:00 dla: take zabbix - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -309,7 +309,7 @@ xorg-server (Adrian Bunk) NOTE: 20240404: (may) affect xorg-server in LTS. (lamby) NOTE: 20240408: CVE fixes caused regression in unstable: https://bugs.debian.org/1068470 (bunk) -- -zabbix +zabbix (Adrian Bunk) NOTE: 20240212: Added by Front-Desk (utkarsh) -- zookeeper (rouca) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0d5b235753cf1201658b6e8e3e5e2ede31a932 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab0d5b235753cf1201658b6e8e3e5e2ede31a932 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim bind9
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d2ce1cd by Ola Lundqvist at 2024-04-13T00:26:56+02:00 Claim bind9 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -36,7 +36,7 @@ atril NOTE: 20240319: package ready at: https://people.debian.org/~utkarsh/lts/atril/ NOTE: 20240319: needs testing as the backport was a bit sensitive. (utkarsh) -- -bind9 +bind9 (Ola Lundqvist) NOTE: 20240218: Added by Front-Desk (lamby) NOTE: 20240218: CVE-2023-4408 CVE-2023-50387 CVE-2023-50868 CVE-2023-5517 CVE-2023-5679 already fixed in bullseye. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d2ce1cd8b0b7dc24c00ea1cece130990252c1de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d2ce1cd8b0b7dc24c00ea1cece130990252c1de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Minor date correction.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 4325ceef by Ola Lundqvist at 2024-04-13T00:25:56+02:00 Minor date correction. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -178,7 +178,7 @@ nova nss NOTE: 20240121: Added by Front-Desk (apo) NOTE: 20240310: CVE-2023-6135: Upstream suggests to wait until they have a patch for 3.90 (their LTS version) available and backport from there. - NOTE: 20230310: see also: Message-ID: (tobi) + NOTE: 20240310: see also: Message-ID: (tobi) -- nvidia-cuda-toolkit NOTE: 20230514: Added by Front-Desk (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4325ceef64852c98c2180b7ce5ab1dd91464f0d5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4325ceef64852c98c2180b7ce5ab1dd91464f0d5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Take shim
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 32613d6b by Bastien Roucariès at 2024-04-12T21:08:32+00:00 Take shim - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -256,7 +256,7 @@ sendmail (rouca) NOTE: 20240311: please coordinate with the package maintainer to help make this happen. (Beuc/front-desk) NOTE: 20240324: some issue coordinate with myself and security team (rouca) -- -shim +shim (rouca) NOTE: 20240306: Added by Front-Desk (opal) -- squid View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32613d6bad4ecc56dc9a6b4b74c198359afdd174 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32613d6bad4ecc56dc9a6b4b74c198359afdd174 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Retake putty
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker Commits: 6200f8de by Bastien Roucariès at 2024-04-12T20:57:04+00:00 Retake putty - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -204,11 +204,12 @@ pdns-recursor NOTE: 20240306: Added by Front-Desk (opal) NOTE: 20240319: Upload postponed due to #1067124 (dleidert) -- -putty +putty (rouca) NOTE: 20231224: Added by Front-Desk (ta) - NOTE: 20230104: massive code change against bullseye. May be better to backport bullseye (rouca) - NOTE: 20230324: Backport is straighforward (rouca) - NOTE: 20230324: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/104 + NOTE: 20240104: massive code change against bullseye. May be better to backport bullseye (rouca) + NOTE: 20240324: Backport is straighforward (rouca) + NOTE: 20240324: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/104 + NOTE: 20240412: Wait for comments by maintainer -- python-asyncssh NOTE: 20240116: Added by Front-Desk (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6200f8de9fa42cac646c81ad4b2c79a60bbea4d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6200f8de9fa42cac646c81ad4b2c79a60bbea4d7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for rust-h2 issue (RUSTSEC-2024-0332)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a73ce7c7 by Salvatore Bonaccorso at 2024-04-12T22:47:39+02:00 Update information for rust-h2 issue (RUSTSEC-2024-0332) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2350,8 +2350,9 @@ CVE-2024-25029 (IBM Personal Communications 14.0.6 through 15.0.1 includes a Win CVE-2024-22328 (IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2024- [RUSTSEC-2024-0332: Degradation of service in h2 servers with CONTINUATION Flood] - - rust-h2 + - rust-h2 0.4.4-1 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0332.html + NOTE: https://github.com/advisories/GHSA-q6cp-qfwq-4gcv CVE-2024-3362 (A vulnerability was found in SourceCodester Online Library System 1.0 ...) NOT-FOR-US: SourceCodester Online Library System CVE-2024-3361 (A vulnerability has been found in SourceCodester Online Library System ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73ce7c7f46a0d65b89a227cbb43e1f889c1de52 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73ce7c7f46a0d65b89a227cbb43e1f889c1de52 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-2397/tcpdump
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30682ab0 by Salvatore Bonaccorso at 2024-04-12T22:42:48+02:00 Add CVE-2024-2397/tcpdump - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -141,7 +141,9 @@ CVE-2024-30381 (An Exposure of Sensitive Information to an Unauthorized Actor vu CVE-2024-30210 (IO-1020 Micro ELD uses a default WIFI password that could allow an adj ...) NOT-FOR-US: IO-1020 Micro ELD CVE-2024-2397 (Due to a bug in packet data buffers management, the PPP printer in tcp ...) - TODO: check + - tcpdump + NOTE: Introduced by: https://github.com/the-tcpdump-group/tcpdump/commit/0d4083ee8687a9f6578e26a1407bd9f2a9d27885 + NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 CVE-2024-29461 (An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote a ...) NOT-FOR-US: Floodlight CVE-2024-28878 (IO-1020 Micro ELD downloads source code or an executable from an adja ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30682ab0fd23ddb3478f8f286a2adc5a4f706a18 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30682ab0fd23ddb3478f8f286a2adc5a4f706a18 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for xorg-server update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 44506406 by Salvatore Bonaccorso at 2024-04-12T22:26:16+02:00 Reserve DSA number for xorg-server update - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -3639,6 +3639,8 @@ CVE-2024-31083 (A use-after-free vulnerability was found in the ProcRenderAddGly NOTE: Followup to fix regression: https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc0168a7b978be4c3447650b04 CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the X.org ser ...) - xorg-server 2:21.1.11-3 (unimportant) + [bookworm] - xorg-server 2:21.1.7-3+deb12u7 + [bullseye] - xorg-server 2:1.20.11-1+deb11u13 NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd41c727f0ef0744517580864cef NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component = data/DSA/list = @@ -1,3 +1,7 @@ +[12 Apr 2024] DSA-5657-1 xorg-server - security update + {CVE-2024-31080 CVE-2024-31081 CVE-2024-31083} + [bullseye] - xorg-server 2:1.20.11-1+deb11u13 + [bookworm] - xorg-server 2:21.1.7-3+deb12u7 [11 Apr 2024] DSA-5656-1 chromium - security update {CVE-2024-3157 CVE-2024-3515 CVE-2024-3516} [bookworm] - chromium 123.0.6312.122-1~deb12u1 = data/dsa-needed.txt = @@ -96,9 +96,5 @@ webkit2gtk (berto) -- wpa -- -xorg-server (carnil) - Regression by last round: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659 - Holding back update until addressed, cf. #1068470 --- zabbix -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44506406315b832ed6de260c1c8125bb87bdcf71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44506406315b832ed6de260c1c8125bb87bdcf71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cdf05aa by Salvatore Bonaccorso at 2024-04-12T22:23:37+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,157 +1,157 @@ CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3705 (Unrestricted file upload vulnerability in OpenGnsys affecting version ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3704 (SQL Injection Vulnerability has been found on OpenGnsys product affect ...) - TODO: check + NOT-FOR-US: OpenGnsys CVE-2024-3698 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3697 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3696 (A vulnerability was found in Campcodes House Rental Management System ...) - TODO: check + NOT-FOR-US: Campcodes House Rental Management System CVE-2024-3695 (A vulnerability has been found in SourceCodester Computer Laboratory M ...) - TODO: check + NOT-FOR-US: SourceCodester Computer Laboratory Management System CVE-2024-3691 (A vulnerability, which was classified as critical, has been found in P ...) - TODO: check + NOT-FOR-US: PHPGurukul Small CRM CVE-2024-3690 (A vulnerability classified as critical was found in PHPGurukul Small C ...) - TODO: check + NOT-FOR-US: PHPGurukul Small CRM CVE-2024-3689 (A vulnerability classified as problematic has been found in Zhejiang L ...) - TODO: check + NOT-FOR-US: Zhejiang Land Zongheng Network Technology O2OA CVE-2024-3688 (A vulnerability was found in Xiamen Four-Faith RMP Router Management P ...) - TODO: check + NOT-FOR-US: Xiamen Four-Faith RMP Router Management Platform CVE-2024-3687 (A vulnerability was found in bihell Dice 3.1.0 and classified as probl ...) - TODO: check + NOT-FOR-US: bihell Dice CVE-2024-3686 (A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3685 (A vulnerability, which was classified as critical, was found in DedeCM ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) TODO: check CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) - TODO: check + NOT-FOR-US: tiagorlampert CHAOS CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) - TODO: check + NOT-FOR-US: DerbyNet CVE-2024-31372 (Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31371 (Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Eve ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31364 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31363 (Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31362 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31360 (Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31354 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31305 (Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.T ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31303 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31301 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-31293 (Cross-Site Request Forgery (CSR
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7d6274ca by Salvatore Bonaccorso at 2024-04-12T22:15:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -149,17 +149,17 @@ CVE-2024-28878 (IO-1020 Micro ELD downloads source code or an executable from an CVE-2024-28718 (An issue in OpenStack magnum yoga-eom version allows a remote attacker ...) TODO: check CVE-2024-27261 (IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could al ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-25545 (An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to e ...) TODO: check CVE-2024-22359 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22358 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22339 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-22334 (IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-21618 (An Access of Memory Location After End of Buffer vulnerability in the ...) TODO: check CVE-2024-21615 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...) @@ -187,7 +187,7 @@ CVE-2023-51499 (Missing Authorization vulnerability in WooCommerce WooCommerce S CVE-2023-51409 (Unrestricted Upload of File with Dangerous Type vulnerability in Jordy ...) TODO: check CVE-2023-47714 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1 ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-31391 (Insertion of Sensitive Information into Log File vulnerability in the ...) NOT-FOR-US: Apache Solr Operator CVE-2024-3625 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6274ca0d0ad496a8cda3c44b427bdd4c29e265 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6274ca0d0ad496a8cda3c44b427bdd4c29e265 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4567ee24 by security tracker role at 2024-04-12T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,194 @@ -CVE-2024-31391 +CVE-2024-3707 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) + TODO: check +CVE-2024-3706 (Information exposure vulnerability in OpenGnsys affecting version 1.1. ...) + TODO: check +CVE-2024-3705 (Unrestricted file upload vulnerability in OpenGnsys affecting version ...) + TODO: check +CVE-2024-3704 (SQL Injection Vulnerability has been found on OpenGnsys product affect ...) + TODO: check +CVE-2024-3698 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3697 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3696 (A vulnerability was found in Campcodes House Rental Management System ...) + TODO: check +CVE-2024-3695 (A vulnerability has been found in SourceCodester Computer Laboratory M ...) + TODO: check +CVE-2024-3691 (A vulnerability, which was classified as critical, has been found in P ...) + TODO: check +CVE-2024-3690 (A vulnerability classified as critical was found in PHPGurukul Small C ...) + TODO: check +CVE-2024-3689 (A vulnerability classified as problematic has been found in Zhejiang L ...) + TODO: check +CVE-2024-3688 (A vulnerability was found in Xiamen Four-Faith RMP Router Management P ...) + TODO: check +CVE-2024-3687 (A vulnerability was found in bihell Dice 3.1.0 and classified as probl ...) + TODO: check +CVE-2024-3686 (A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified ...) + TODO: check +CVE-2024-3685 (A vulnerability, which was classified as critical, was found in DedeCM ...) + TODO: check +CVE-2024-3211 (The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-3054 (WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR ...) + TODO: check +CVE-2024-32000 (matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging ...) + TODO: check +CVE-2024-31839 (Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allo ...) + TODO: check +CVE-2024-31818 (Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote at ...) + TODO: check +CVE-2024-31372 (Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bo ...) + TODO: check +CVE-2024-31371 (Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Eve ...) + TODO: check +CVE-2024-31364 (Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX W ...) + TODO: check +CVE-2024-31363 (Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issu ...) + TODO: check +CVE-2024-31362 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGr ...) + TODO: check +CVE-2024-31360 (Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC ...) + TODO: check +CVE-2024-31354 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) + TODO: check +CVE-2024-31305 (Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.T ...) + TODO: check +CVE-2024-31303 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) + TODO: check +CVE-2024-31301 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) + TODO: check +CVE-2024-31293 (Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downlo ...) + TODO: check +CVE-2024-31289 (Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Ele ...) + TODO: check +CVE-2024-31279 (Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Gener ...) + TODO: check +CVE-2024-31272 (Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ...) + TODO: check +CVE-2024-31271 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate ...) + TODO: check +CVE-2024-31269 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...) + TODO: check +CVE-2024-31268 (Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team App ...) + TODO: check +CVE-2024-31265 (Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This is ...) + TODO: check +CVE-2024-31264 (Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counte ...) + TODO: check +CVE-2024-31263 (Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repaymen ...) + TODO: check +CVE-2024-31262 (Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-31391 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: db1cdd90 by Salvatore Bonaccorso at 2024-04-12T21:21:15+02:00 Add CVE-2024-31391 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2024-31391 + NOT-FOR-US: Apache Solr Operator CVE-2024-3625 NOT-FOR-US: mirror-registry for Quay CVE-2024-3624 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db1cdd90f7d420854d6e5eec82e4f1b2a8c0db44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db1cdd90f7d420854d6e5eec82e4f1b2a8c0db44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream commit for regression fix for CVE-2024-31083
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2110f34 by Salvatore Bonaccorso at 2024-04-12T21:17:49+02:00 Reference upstream commit for regression fix for CVE-2024-31083 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3444,6 +3444,7 @@ CVE-2024-31083 (A use-after-free vulnerability was found in the ProcRenderAddGly [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/bdca6c3d1f5057eeb31609b1280fc93237b00c77 NOTE: https://lists.x.org/archives/xorg-announce/2024-April/003497.html + NOTE: Followup to fix regression: https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc0168a7b978be4c3447650b04 CVE-2024-31082 (A heap-based buffer over-read vulnerability was found in the X.org ser ...) - xorg-server 2:21.1.11-3 (unimportant) NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd41c727f0ef0744517580864cef View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2110f34284c417c8ca2d49b6fc085539b735156 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2110f34284c417c8ca2d49b6fc085539b735156 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-49528/ffmpeg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8813c4c8 by Salvatore Bonaccorso at 2024-04-12T21:07:47+02:00 Add CVE-2023-49528/ffmpeg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33,7 +33,11 @@ CVE-2024-22357 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 thr CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) NOT-FOR-US: IBM CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, al ...) - TODO: check + - ffmpeg + [bullseye] - ffmpeg (Vulnerable code not present) + [buster] - ffmpeg (Vulnerable code not present) + NOTE: https://trac.ffmpeg.org/ticket/10691 + NOTE: Introduced after: https://github.com/FFmpeg/FFmpeg/commit/f05c52985cf80d565c6e91fb4749e57dd8977d3e (n5.1) CVE-2023-48865 (An issue discovered in Reportico Till 8.1.0 allows attackers to obtain ...) NOT-FOR-US: Reportico Till CVE-2023-45186 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8813c4c89f0b63dc54b236f53767dd1da1a27ebc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8813c4c89f0b63dc54b236f53767dd1da1a27ebc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-28458/swftools
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62eb92f0 by Salvatore Bonaccorso at 2024-04-12T20:58:39+02:00 Add CVE-2024-28458/swftools - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2024-2137 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for W CVE-2024-29400 (An issue was discovered in RuoYi v4.5.1, allows attackers to obtain se ...) NOT-FOR-US: RuoYi CVE-2024-28458 (Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 al ...) - TODO: check + - swftools CVE-2024-27592 (Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows a ...) NOT-FOR-US: Corezoid Process Engine CVE-2024-25376 (An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBA ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62eb92f06f7ff3662600c0cc2d2178bb5d7423d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62eb92f06f7ff3662600c0cc2d2178bb5d7423d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for php issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4ef0ef16 by Salvatore Bonaccorso at 2024-04-12T20:50:47+02:00 Update status for php issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51,29 +51,31 @@ CVE-2023-44853 (\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, all CVE-2023-44852 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2024-1874 - - php8.2 8.2.18-1 - - php7.4 - - php7.3 - NOTE: Fixed in: 8.2.18 - TODO: fill in with GHSA security advisory references and further details + - php8.2 8.2.18-1 (unimportant) + - php7.4 (unimportant) + - php7.3 (unimportant) + NOTE: Fixed in: 8.2.18, 8.1.28 + NOTE: https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 + NOTE: Only affects improper handling of command line arguments on Windows CVE-2024-2756 - php8.2 8.2.18-1 - php7.4 - php7.3 - NOTE: Fixed in: 8.2.18 - TODO: fill in with GHSA security advisory references and further details + NOTE: Fixed in: 8.2.18, 8.1.28 + NOTE: https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 CVE-2024-3096 - php8.2 8.2.18-1 - php7.4 - php7.3 - NOTE: Fixed in: 8.2.18 - TODO: fill in with GHSA security advisory references and further details + NOTE: Fixed in: 8.2.18, 8.1.28 + NOTE: https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr CVE-2024-2757 - php8.2 8.2.18-1 - php7.4 - php7.3 NOTE: Fixed in: 8.2.18 - TODO: fill in with GHSA security advisory references and further details + NOTE: https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq + TODO: re-check, might be actually only in 8.3.y series. CVE-2024-27309 (While an Apache Kafka cluster is being migrated from ZooKeeper mode to ...) - kafka (bug #786460) CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ef0ef1632a15588c62648060162fadbbc1dac28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ef0ef1632a15588c62648060162fadbbc1dac28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: re-assign 22nd April FD slot
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: d586da79 by Roberto C. Sánchez at 2024-04-12T10:32:01-04:00 LTS: re-assign 22nd April FD slot - - - - - 1 changed file: - org/lts-frontdesk.2024.txt Changes: = org/lts-frontdesk.2024.txt = @@ -14,7 +14,7 @@ From 25-03 to 31-03:Utkarsh Gupta From 01-04 to 07-04:Chris Lamb From 08-04 to 14-04:Emilio Pozuelo Monfort From 15-04 to 21-04:Markus Koschany -From 22-04 to 28-04:Ola Lundqvist +From 22-04 to 28-04:Thorsten Alteholz From 29-04 to 05-05:Sylvain Beucler From 06-05 to 12-05:Thorsten Alteholz From 13-05 to 19-05:Utkarsh Gupta View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d586da7983eb729ddef3ac666de43f7e7e60ec80 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d586da7983eb729ddef3ac666de43f7e7e60ec80 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1e809393 by Salvatore Bonaccorso at 2024-04-12T14:55:30+02:00 Process some NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,49 +7,49 @@ CVE-2024-3623 CVE-2024-3622 NOT-FOR-US: mirror-registry for Quay CVE-2024-3400 (A command injection vulnerability in the GlobalProtect feature of Palo ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to exe ...) - TODO: check + NOT-FOR-US: tiagorlampert CHAOS CVE-2024-30614 (An issue in Ametys CMS v4.5.0 and before allows attackers to obtain se ...) - TODO: check + NOT-FOR-US: Ametys CMS CVE-2024-2801 (The Shopkeeper Extender plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2137 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-29400 (An issue was discovered in RuoYi v4.5.1, allows attackers to obtain se ...) - TODO: check + NOT-FOR-US: RuoYi CVE-2024-28458 (Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 al ...) TODO: check CVE-2024-27592 (Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows a ...) - TODO: check + NOT-FOR-US: Corezoid Process Engine CVE-2024-25376 (An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBA ...) - TODO: check + NOT-FOR-US: Thesycon CVE-2024-22734 (An issue was discovered in AMCS Group Trux Waste Management Software b ...) - TODO: check + NOT-FOR-US: AMCS Group Trux Waste Management Software CVE-2024-22526 (Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows loca ...) - TODO: check + NOT-FOR-US: bandisoft bandiview CVE-2024-22357 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, al ...) TODO: check CVE-2023-48865 (An issue discovered in Reportico Till 8.1.0 allows attackers to obtain ...) - TODO: check + NOT-FOR-US: Reportico Till CVE-2023-45186 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) - TODO: check + NOT-FOR-US: IBM CVE-2023-44857 (An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker ...) - TODO: check + NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44856 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) - TODO: check + NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44855 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) - TODO: check + NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44854 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) - TODO: check + NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44853 (\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a ...) - TODO: check + NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2023-44852 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) - TODO: check + NOT-FOR-US: Cobham SAILOR VSAT Ku CVE-2024-1874 - php8.2 8.2.18-1 - php7.4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e80939334c567f0f8eb1cee57f45323987150e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e80939334c567f0f8eb1cee57f45323987150e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs from Red Hat
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e39482e by Moritz Muehlenhoff at 2024-04-12T11:34:53+02:00 NFUs from Red Hat - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2024-3625 + NOT-FOR-US: mirror-registry for Quay +CVE-2024-3624 + NOT-FOR-US: mirror-registry for Quay +CVE-2024-3623 + NOT-FOR-US: mirror-registry for Quay +CVE-2024-3622 + NOT-FOR-US: mirror-registry for Quay CVE-2024-3400 (A command injection vulnerability in the GlobalProtect feature of Palo ...) TODO: check CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to exe ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e39482ece86c8e7cb723b7530606969b75bdd26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e39482ece86c8e7cb723b7530606969b75bdd26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Added some notes about freeimage.
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: 98b77fac by Ola Lundqvist at 2024-04-12T10:37:34+02:00 Added some notes about freeimage. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -84,6 +84,8 @@ freeimage NOTE: 20240410: See discussion at: https://lists.debian.org/debian-lts/2024/04/threads.html#00012 NOTE: 20240411: Added some postpone tags for DoS class and removed some where NOTE: 20240411: patch is available and has arbitrary code exec class. (ola) + NOTE: 20240412: ELTS also have a need to update this package. + NOTE: 20240412: We should open upstream bug reports and push fixes. See above email discussion. (ola) -- frr NOTE: 20231119: Added by Front-Desk (apo) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98b77fac09855d3eb79dee7d218c1f58f5285b9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98b77fac09855d3eb79dee7d218c1f58f5285b9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60b95ffd by security tracker role at 2024-04-12T08:11:50+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2024-3400 (A command injection vulnerability in the GlobalProtect feature of Palo ...) + TODO: check +CVE-2024-30850 (An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to exe ...) + TODO: check +CVE-2024-30614 (An issue in Ametys CMS v4.5.0 and before allows attackers to obtain se ...) + TODO: check +CVE-2024-2801 (The Shopkeeper Extender plugin for WordPress is vulnerable to Stored C ...) + TODO: check +CVE-2024-2137 (The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPr ...) + TODO: check +CVE-2024-29400 (An issue was discovered in RuoYi v4.5.1, allows attackers to obtain se ...) + TODO: check +CVE-2024-28458 (Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 al ...) + TODO: check +CVE-2024-27592 (Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows a ...) + TODO: check +CVE-2024-25376 (An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBA ...) + TODO: check +CVE-2024-22734 (An issue was discovered in AMCS Group Trux Waste Management Software b ...) + TODO: check +CVE-2024-22526 (Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows loca ...) + TODO: check +CVE-2024-22357 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-50307 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-49528 (Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, al ...) + TODO: check +CVE-2023-48865 (An issue discovered in Reportico Till 8.1.0 allows attackers to obtain ...) + TODO: check +CVE-2023-45186 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6 ...) + TODO: check +CVE-2023-44857 (An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker ...) + TODO: check +CVE-2023-44856 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44855 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44854 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check +CVE-2023-44853 (\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a ...) + TODO: check +CVE-2023-44852 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...) + TODO: check CVE-2024-1874 - php8.2 8.2.18-1 - php7.4 @@ -22,7 +66,7 @@ CVE-2024-2757 - php7.3 NOTE: Fixed in: 8.2.18 TODO: fill in with GHSA security advisory references and further details -CVE-2024-27309 +CVE-2024-27309 (While an Apache Kafka cluster is being migrated from ZooKeeper mode to ...) - kafka (bug #786460) CVE-2024-3344 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...) NOT-FOR-US: WordPress plugin @@ -124,13 +168,13 @@ CVE-2023-32295 (Missing Authorization vulnerability in Alex Tselegidis Easy!Appo NOT-FOR-US: WordPress plugin CVE-2023-32228 (A firmware bug which may lead to misinterpretation of data in the AMC2 ...) NOT-FOR-US: Bosch -CVE-2024-3092 +CVE-2024-3092 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab -CVE-2024-2279 +CVE-2024-2279 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab -CVE-2023-6489 +CVE-2023-6489 (A denial of service vulnerability was identified in GitLab CE/EE, vers ...) - gitlab -CVE-2023-6678 +CVE-2023-6678 (An issue has been discovered in GitLab EE affecting all versions befor ...) - gitlab CVE-2024-3652 (The Libreswan Project was notified of an issue causing libreswan to re ...) - libreswan View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b95ffd5838d72b879cc3f921af681abde47452 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60b95ffd5838d72b879cc3f921af681abde47452 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits