[Git][security-tracker-team/security-tracker][master] Reference commit from github mirror for CVE-2023-6349/libvpx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9cd1ffa by Salvatore Bonaccorso at 2024-05-27T22:53:47+02:00 Reference commit from github mirror for CVE-2023-6349/libvpx - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49,7 +49,7 @@ CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Comman CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) - libvpx 1.13.1-2 NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642 - NOTE: https://chromium.googlesource.com/webm/libvpx/+/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) + NOTE: Fixed by: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) TODO: check CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9cd1ffa9842382959a39721e79e2196b8919b73 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9cd1ffa9842382959a39721e79e2196b8919b73 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-6349/libvpx
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8751b782 by Salvatore Bonaccorso at 2024-05-27T22:39:55+02:00 Add CVE-2023-6349/libvpx - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,7 +47,9 @@ CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulne CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) - TODO: check + - libvpx 1.13.1-2 + NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1642 + NOTE: https://chromium.googlesource.com/webm/libvpx/+/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) TODO: check CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8751b782ff8ca6e23bad23a8bc31e8e84bd41fe0 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8751b782ff8ca6e23bad23a8bc31e8e84bd41fe0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e46e56a2 by Salvatore Bonaccorso at 2024-05-27T22:36:45+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code injection thro ...) - TODO: check + NOT-FOR-US: RhinOS CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) - TODO: check + NOT-FOR-US: WinNMP CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) - TODO: check + NOT-FOR-US: WinNMP CVE-2024-3381 REJECTED CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6.0.3. ...) @@ -15,19 +15,19 @@ CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6 CVE-2024-36105 (dbt enables data analysts and engineers to transform their data using ...) TODO: check CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-35238 (Minder by Stacklok is an open source software supply chain security pl ...) - TODO: check + NOT-FOR-US: Minder by Stacklok CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js that ve ...) - TODO: check + NOT-FOR-US: MIT IdentiBot CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...) TODO: check CVE-2024-35231 (rack-contrib provides contributed rack middleware and utilities for Ra ...) TODO: check CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...) - TODO: check + NOT-FOR-US: ZKsync Era CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries (SDK gener ...) TODO: check CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the desig ...) @@ -35,7 +35,7 @@ CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the CVE-2024-35181 (Meshery is an open source, cloud native manager that enables the desig ...) TODO: check CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, ...) - TODO: check + NOT-FOR-US: Avocent DSR2030 Appliance firmware CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows l ...) TODO: check CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...) @@ -43,7 +43,7 @@ CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relati CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...) TODO: check CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulnerable ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) TODO: check CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46e56a25c12b44222a7ee274f4c363ca88b3733 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e46e56a25c12b44222a7ee274f4c363ca88b3733 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60065691 by security tracker role at 2024-05-27T20:12:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,57 @@ +CVE-2024-5409 (RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in ...) + TODO: check +CVE-2024-5408 (Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "sea ...) + TODO: check +CVE-2024-5407 (A vulnerability in RhinOS 3.0-1190 could allow PHP code injection thro ...) + TODO: check +CVE-2024-5406 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) + TODO: check +CVE-2024-5405 (A vulnerability had been discovered in WinNMP 19.02 consisting of an X ...) + TODO: check +CVE-2024-3381 + REJECTED +CVE-2024-36383 (An issue was discovered in Logpoint SAML Authentication before 6.0.3. ...) + TODO: check +CVE-2024-36105 (dbt enables data analysts and engineers to transform their data using ...) + TODO: check +CVE-2024-36037 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) + TODO: check +CVE-2024-36036 (Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthor ...) + TODO: check +CVE-2024-35238 (Minder by Stacklok is an open source software supply chain security pl ...) + TODO: check +CVE-2024-35237 (MIT IdentiBot is an open-source Discord bot written in Node.js that ve ...) + TODO: check +CVE-2024-35236 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...) + TODO: check +CVE-2024-35231 (rack-contrib provides contributed rack middleware and utilities for Ra ...) + TODO: check +CVE-2024-35229 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...) + TODO: check +CVE-2024-35219 (OpenAPI Generator allows generation of API client libraries (SDK gener ...) + TODO: check +CVE-2024-35182 (Meshery is an open source, cloud native manager that enables the desig ...) + TODO: check +CVE-2024-35181 (Meshery is an open source, cloud native manager that enables the desig ...) + TODO: check +CVE-2024-34923 (In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, ...) + TODO: check +CVE-2024-34477 (configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows l ...) + TODO: check +CVE-2024-32978 (Kaminari is a paginator for web app frameworks and object relational m ...) + TODO: check +CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF because some ...) + TODO: check +CVE-2024-27310 (Zoho ManageEngineADSelfService Plus versions below6401 are vulnerable ...) + TODO: check +CVE-2024-0851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-6349 (A heap overflow vulnerability exists in libvpx -Encoding a frame that ...) + TODO: check +CVE-2023-50977 (In GNOME Shell through 45.2, unauthenticated remote code execution can ...) + TODO: check +CVE-2022-4969 (A vulnerability, which was classified as critical, has been found in b ...) + TODO: check CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) NOT-FOR-US: ASKEY CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) @@ -1527,6 +1581,7 @@ CVE-2024-3268 (The YouTube Video Gallery by YouTube Showcase \u2013 Video Galler CVE-2024-36052 (RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the s ...) NOT-FOR-US: WinRAR CVE-2024-36039 (PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON ...) + {DLA-3822-1} - python-pymysql (bug #1071628) NOTE: https://github.com/advisories/GHSA-v9hf-5j83-6xpp NOTE: https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c (v1.1.1) @@ -17012,7 +17067,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vul CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...) NOT-FOR-US: WordPress plugin CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...) - {DSA-5679-1} + {DSA-5679-1 DLA-3823-1} - less 590-2.1 (bug #1068938) NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5 NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 @@ -20962,7 +21017,8 @@ CVE-2024-3209 (A vulnerability was found in UPX up to 4.2.2. It has been rated a TODO: check upstream report status, seems not filled as issue CVE-2024-3207 (A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been ...) NOT-FOR-US: ermig1979
[Git][security-tracker-team/security-tracker][master] Remove notes from rejected CVEs which were duplicates
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80b3452c by Salvatore Bonaccorso at 2024-05-27T21:34:28+02:00 Remove notes from rejected CVEs which were duplicates - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72808,10 +72808,8 @@ CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorr NOT-FOR-US: Shopware CVE-2023-33567 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-33566 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...) @@ -73168,7 +73166,6 @@ CVE-2023-34012 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pr NOT-FOR-US: WordPress plugin CVE-2023-33565 REJECTED - NOTE: Duplicate of CVE-2021-38425 CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEx ...) NOT-FOR-US: WordPress plugin CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80b3452c11a11495ca412bc7b4e8cbeb741d9d07 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80b3452c11a11495ca412bc7b4e8cbeb741d9d07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-33427
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a9fedad by Salvatore Bonaccorso at 2024-05-27T21:32:51+02:00 Remove notes from CVE-2024-33427 Further investigation showed that this was not a security issue for squid. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -230,11 +230,6 @@ CVE-2024-33470 (An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4 NOT-FOR-US: AVTECH Room Alert CVE-2024-33427 REJECTED - - squid (unimportant) - - squid3 (unimportant) - NOTE: https://github.com/squid-cache/squid/pull/1763 - NOTE: https://github.com/squid-cache/squid/commit/1891ce596237b45e0a675f75c49a5f6a840d - NOTE: OOB read in config file parsing, doesn't cross any reasonable security boundary CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) - liboqs NOTE: https://github.com/liang-junkai/Fault-injection-of-ML-DSA View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9fedad946f8706599700577c5d6876adcaa1ae -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9fedad946f8706599700577c5d6876adcaa1ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3823-1 for less
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker Commits: 0cae9749 by Guilhem Moulin at 2024-05-27T21:29:40+02:00 Reserve DLA-3823-1 for less - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -33352,7 +33352,6 @@ CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy Server CVE-2022-48624 (close_altfile in filename.c in less before 606 omits shell_quote calls ...) {DSA-5679-1} - less 590-2.1 (bug #1064293) - [buster] - less (Minor issue) NOTE: https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 (v606) CVE-2020-36774 (plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x b ...) - glade 3.38.2-1 = data/DLA/list = @@ -1,3 +1,6 @@ +[27 May 2024] DLA-3823-1 less - security update + {CVE-2022-48624 CVE-2024-32487} + [buster] - less 487-0.1+deb10u1 [27 May 2024] DLA-3822-1 python-pymysql - security update {CVE-2024-36039} [buster] - python-pymysql 0.9.3-1+deb10u1 = data/dla-needed.txt = @@ -132,11 +132,6 @@ jenkins-htmlunit-core-js NOTE: 20231231: … TransformerFactory without setting the ~secure flag, so it may NOTE: 20231231: … indeed be vulnerable. (lamby) -- -less (guilhem) - NOTE: 20240418: Added by Front-Desk (apo) - NOTE: 20240506: Pushed CVE-2022-48624 fix to git repo. (abhijith) - NOTE: 20240523: https://salsa.debian.org/debian/less/-/tree/buster-LTS-fix (abhijith) --- libmojolicious-perl NOTE: 20240421: Added by Front-Desk (apo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cae97496c1169143e5851b65357aa667a635476 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cae97496c1169143e5851b65357aa667a635476 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: retake
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: ab3323f5 by Adrian Bunk at 2024-05-27T21:35:50+03:00 dla: retake - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,7 +47,7 @@ cacti NOTE: 20240519: I'd have postponed them but let's fix it before buster NOTE: 20240519: goes EOL. (utkarsh) -- -dcmtk +dcmtk (Adrian Bunk) NOTE: 20240428: Added by Front-Desk (ta) -- dlt-daemon (utkarsh) @@ -292,7 +292,7 @@ squid NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo) -- -suricata +suricata (Adrian Bunk) NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie, NOTE: 20230620: I'd suggest reviewing the CVEs, precise the triage (postponed/ignored), View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3323f5a1815d67a28aacc719b9cbf9169403a2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab3323f5a1815d67a28aacc719b9cbf9169403a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-1135/gunicorn via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 31dbe789 by Salvatore Bonaccorso at 2024-05-27T20:23:55+02:00 Track fixed version for CVE-2024-1135/gunicorn via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16490,7 +16490,7 @@ CVE-2024-1456 (An S3 bucket takeover vulnerability was identified in the h2oai/h CVE-2024-1183 (An SSRF (Server-Side Request Forgery) vulnerability exists in the grad ...) NOT-FOR-US: Gradio CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, leading ...) - - gunicorn (bug #1069126) + - gunicorn 22.0.0-1 (bug #1069126) [bookworm] - gunicorn (Minor issue) [bullseye] - gunicorn (Minor issue) [buster] - gunicorn (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dbe78998411673120f9945931ce15c4ca4acc5 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31dbe78998411673120f9945931ce15c4ca4acc5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim netty and ghostscript.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 65d93243 by Markus Koschany at 2024-05-27T19:22:27+02:00 Reclaim netty and ghostscript. This is almost done, I am currently testing the update. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -99,7 +99,7 @@ freeimage NOTE: 20240412: ELTS also have a need to update this package. NOTE: 20240412: We should open upstream bug reports and push fixes. See above email discussion. (ola) -- -ghostscript +ghostscript (Markus Koschany) NOTE: 20240510: Added by Front-Desk (ta) -- git (Sean Whitton) @@ -178,7 +178,7 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- -netty +netty (Markus Koschany) NOTE: 20240511: Added by (apo) -- nodejs View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d932438e75896daea6ea31815cd434a741f163 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65d932438e75896daea6ea31815cd434a741f163 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update version number to 5.9.6-1 for CVE-2022-4967
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d01c980 by Salvatore Bonaccorso at 2024-05-27T17:54:50+02:00 Update version number to 5.9.6-1 for CVE-2022-4967 The change is only contained in 5.9.6-1 and 5.6.4-1 did not carry the patch separately. Bump thus the version to the 5.9.6 based one. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7161,7 +7161,7 @@ CVE-2023-49781 (NocoDB is software for building databases as spreadsheets. Prior CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAP ...) NOT-FOR-US: Nordic Semiconductor nRF Sniffer for Bluetooth CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...) - - strongswan 5.9.4-1 + - strongswan 5.9.6-1 [bullseye] - strongswan (Introduced in 5.9.2) [buster] - strongswan (Introduced in 5.9.2) NOTE: https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d01c9809671926a1e572f0114bea08d303acd6f -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d01c9809671926a1e572f0114bea08d303acd6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update references for CVE-2024-2486{2,3}/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 27cbdd4c by Salvatore Bonaccorso at 2024-05-27T17:43:17+02:00 Update references for CVE-2024-2486{2,3}/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16985,9 +16985,15 @@ CVE-2024-3651 [potential DoS via resource consumption via specially crafted inpu CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) - linux NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8750 CVE-2024-24862 (In function pci1_spi_probe, there is a potential null pointer that ...) - - linux + - linux 6.8.9-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/1f886a7bfb3faf4c1021e73f045538008ce7634e (6.9-rc3) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8748 + NOTE: Duplicate of CVE-2024-35883. CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27cbdd4c2ccee194f310e09f2ed7b5601ac0f717 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27cbdd4c2ccee194f310e09f2ed7b5601ac0f717 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: ac90b4d2 by Roberto C. Sánchez at 2024-05-27T11:34:08-04:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Roberto C. Sánchez robe...@connexer.com - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -47,7 +47,7 @@ cacti NOTE: 20240519: I'd have postponed them but let's fix it before buster NOTE: 20240519: goes EOL. (utkarsh) -- -dcmtk (Adrian Bunk) +dcmtk NOTE: 20240428: Added by Front-Desk (ta) -- dlt-daemon (utkarsh) @@ -56,7 +56,7 @@ dlt-daemon (utkarsh) NOTE: 20240519: can postpone these but I am in split mind. Will take it myself NOTE: 20240519: and decide further. (utkarsh) -- -dnsmasq (dleidert) +dnsmasq NOTE: 20240303: Added by Front-Desk (apo) NOTE: 20240325: Automatically unassigned (lamby) NOTE: 20240327: Claimed by lamby, started thread on deblts-team. (lamby) @@ -99,7 +99,7 @@ freeimage NOTE: 20240412: ELTS also have a need to update this package. NOTE: 20240412: We should open upstream bug reports and push fixes. See above email discussion. (ola) -- -ghostscript (Markus Koschany) +ghostscript NOTE: 20240510: Added by Front-Desk (ta) -- git (Sean Whitton) @@ -178,10 +178,10 @@ linux (Ben Hutchings) linux-5.10 NOTE: 20231005: perma-added for LTS package-specific delegation (bwh) -- -netty (Markus Koschany) +netty NOTE: 20240511: Added by (apo) -- -nodejs (guilhem) +nodejs NOTE: 20240406: Added by Front-Desk (lamby) -- nova @@ -292,7 +292,7 @@ squid NOTE: 20240109: I ask for another pair of eyes for CVE-2023-5824. The fix NOTE: 20240109: appears to be intrusive. I could not locate the fix for CVE-2023-49288 yet. (apo) -- -suricata (Adrian Bunk) +suricata NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie, NOTE: 20230620: I'd suggest reviewing the CVEs, precise the triage (postponed/ignored), View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac90b4d2c99f12a8d60c65011166d77545dcf4d7 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac90b4d2c99f12a8d60c65011166d77545dcf4d7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] iperf3 fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c02db07b by Moritz Muehlenhoff at 2024-05-27T16:48:48+02:00 iperf3 fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7230,7 +7230,7 @@ CVE-2024-2299 (A stored Cross-Site Scripting (XSS) vulnerability exists in the p CVE-2024-29212 (Due to an unsafe de-serialization method used by the Veeam Service Pr ...) NOT-FOR-US: Veeam CVE-2024-26306 (iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ...) - - iperf3 (bug #1071751) + - iperf3 3.17.1-1 (bug #1071751) [bookworm] - iperf3 (Minor issue) [bullseye] - iperf3 (Minor issue) [buster] - iperf3 (Minor issue; can be fixed in next update) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02db07b1a0ef83005f4d3bf50103e4849130797 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c02db07b1a0ef83005f4d3bf50103e4849130797 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new linux issues via OpenAnolis
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3be714d1 by Moritz Muehlenhoff at 2024-05-27T16:47:18+02:00 new linux issues via OpenAnolis - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16983,9 +16983,11 @@ CVE-2024-3651 [potential DoS via resource consumption via specially crafted inpu NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274779 NOTE: Fixed by: https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 (v3.7) CVE-2024-24863 (In malidp_mw_connector_reset, new memory is allocated with kzalloc, bu ...) - TODO: check + - linux + NOTE: https://git.kernel.org/linus/a1f95aede6285dba6dd036d907196f35ae3a11ea (6.10-rc1) CVE-2024-24862 (In function pci1_spi_probe, there is a potential null pointer that ...) - TODO: check + - linux + NOTE: https://git.kernel.org/linus/1f886a7bfb3faf4c1021e73f045538008ce7634e (6.9-rc3) CVE-2024-3740 (A vulnerability, which was classified as critical, has been found in c ...) NOT-FOR-US: cym1102 nginxWebUI CVE-2024-3739 (A vulnerability classified as critical was found in cym1102 nginxWebUI ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3be714d1f0878024d1e1e70b4bed46898837d6d2 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3be714d1f0878024d1e1e70b4bed46898837d6d2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new acpica-unix non issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b65f9915 by Moritz Muehlenhoff at 2024-05-27T16:37:29+02:00 new acpica-unix non issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15158,7 +15158,11 @@ CVE-2024-29035 (Umbraco is an ASP.NET CMS. Failing webhooks logs are available w CVE-2024-28073 (SolarWinds Serv-U was found to be susceptible to a Directory Traversal ...) NOT-FOR-US: SolarWinds CVE-2024-24856 (The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee ...) - TODO: check + - acpica-unix (unimportant) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8764 + NOTE: https://github.com/acpica/acpica/pull/946 + NOTE: https://github.com/acpica/acpica/commit/4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 + NOTE: Crash in CLI tool, no security impact CVE-2024-21990 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1. ...) NOT-FOR-US: ONTAP / NetAPP CVE-2024-21989 (ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65f9915392bdb928b91728c29ab93adc117f697 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65f9915392bdb928b91728c29ab93adc117f697 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new strongswan issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d53c47aa by Moritz Muehlenhoff at 2024-05-27T16:20:18+02:00 new strongswan issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -873,7 +873,7 @@ CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable NOT-FOR-US: WordPress plugin CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...) - lighttpd 1.4.52-1 - TODO: check details (will be only pubished on July 9th, 2024), but said to be an issue fixed by maintainer in 2018 in version 1.4.51 + NOTE: will only be published on July 9th, 2024, but said to be an issue fixed by maintainer in 2018 in version 1.4.51 CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...) NOT-FOR-US: WordPress plugin CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...) @@ -7161,7 +7161,11 @@ CVE-2023-49781 (NocoDB is software for building databases as spreadsheets. Prior CVE-2023-46870 (extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAP ...) NOT-FOR-US: Nordic Semiconductor nRF Sniffer for Bluetooth CVE-2022-4967 (strongSwan versions 5.9.2 through 5.9.5 are affected by authorization ...) - TODO: check + - strongswan 5.9.4-1 + [bullseye] - strongswan (Introduced in 5.9.2) + [buster] - strongswan (Introduced in 5.9.2) + NOTE: https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html + NOTE: https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136 (5.9.6rc1) CVE-2024-27401 (In the Linux kernel, the following vulnerability has been resolved: f ...) - linux 6.8.11-1 NOTE: https://git.kernel.org/linus/38762a0763c10c24a4915feee722d7aa6e73eb98 (6.9-rc7) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d53c47aa0e68dba09629401cb0ec280463b60608 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d53c47aa0e68dba09629401cb0ec280463b60608 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new zabbix issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 864b4999 by Moritz Muehlenhoff at 2024-05-27T16:13:36+02:00 new zabbix issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5157,7 +5157,8 @@ CVE-2024-22145 (Improper Privilege Management vulnerability in InstaWP Team Inst CVE-2024-22139 (Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordP ...) NOT-FOR-US: WordPress plugin CVE-2024-22120 (Zabbix server can perform command execution for configured scripts. Af ...) - TODO: check + - zabbix + NOTE: https://support.zabbix.com/browse/ZBX-24505 CVE-2024-21746 (Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate R ...) NOT-FOR-US: WordPress plugin CVE-2023-5597 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/864b49992e955bf680f54b313b9d4ef0c52e3309 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/864b49992e955bf680f54b313b9d4ef0c52e3309 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new python-aiosmtpd issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 275fe914 by Moritz Muehlenhoff at 2024-05-27T16:12:34+02:00 new python-aiosmtpd issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4359,7 +4359,9 @@ CVE-2024-3658 (The Build App Online plugin for WordPress is vulnerable to authen CVE-2024-36043 (question_image.ts in SurveyJS Form Library before 1.10.4 allows conten ...) NOT-FOR-US: SurveyJS Form Library CVE-2024-34083 (aiosmptd is a reimplementation of the Python stdlib smtpd.py based on ...) - TODO: check + - python-aiosmtpd + NOTE: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8 + NOTE: https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda (v1.4.6) CVE-2024-31879 (IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbit ...) NOT-FOR-US: IBM CVE-2024-5069 (A vulnerability, which was classified as critical, has been found in S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/275fe914c624a16781f70c8ca04110b8dc6ade87 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/275fe914c624a16781f70c8ca04110b8dc6ade87 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new liboqs issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 15438022 by Moritz Muehlenhoff at 2024-05-27T16:10:42+02:00 new liboqs issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -236,7 +236,8 @@ CVE-2024-33427 NOTE: https://github.com/squid-cache/squid/commit/1891ce596237b45e0a675f75c49a5f6a840d NOTE: OOB read in config file parsing, doesn't cross any reasonable security boundary CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) - TODO: check + - liboqs + NOTE: https://github.com/liang-junkai/Fault-injection-of-ML-DSA CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) NOT-FOR-US: Kwik CVE-2023-49575 (A vulnerability has been discovered in VX Search Enterprise affecting ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1543802267a19d1a8642e8f98baf793de142b129 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1543802267a19d1a8642e8f98baf793de142b129 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] add PHP references
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6c543caa by Moritz Muehlenhoff at 2024-05-27T15:36:40+02:00 add PHP references - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15215,6 +15215,8 @@ CVE-2024-2961 (The iconv() function in the GNU C Library versions 2.39 and older NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004 NOTE: Introduced by: https://sourceware.org/git?p=glibc.git;a=commit;h=755104edc75c53f4a0e7440334e944ad3c6b32fc (cvs/libc-2_1_94) NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=f9dc609e06b1136bb0408be9605ce7973a767ada + NOTE: https://www.ambionics.io/blog/iconv-cve-2024-2961-p1 + NOTE: https://github.com/ambionics/cnext-exploits/ CVE-2024-26920 (In the Linux kernel, the following vulnerability has been resolved: t ...) {DSA-5681-1} - linux 6.7.7-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c543caa3a3e130534922b1860329b984fc4f669 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c543caa3a3e130534922b1860329b984fc4f669 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3dd3e771 by Moritz Muehlenhoff at 2024-05-27T13:44:02+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81,7 +81,7 @@ CVE-2024-30657 CVE-2024-27314 (Zoho ManageEngineServiceDesk Plus versions below14730,ServiceDesk Plus ...) NOT-FOR-US: Zoho CVE-2024-26289 (Deserialization of Untrusted Data vulnerability in PMB Services PMB al ...) - TODO: check + NOT-FOR-US: PMB Services PMB CVE-2024-5375 (A vulnerability has been found in Kashipara College Management System ...) NOT-FOR-US: Kashipara College Management System CVE-2024-5374 (A vulnerability, which was classified as problematic, was found in Kas ...) @@ -163,7 +163,7 @@ CVE-2024-5337 (A vulnerability was found in Ruijie RG-UAC up to 20240516 and cla CVE-2024-5336 (A vulnerability has been found in Ruijie RG-UAC up to 20240516 and cla ...) NOT-FOR-US: Ruijie RG-UAC CVE-2024-30056 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-5229 (The Primary Addon for Elementor plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-5220 (The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...) @@ -181,7 +181,7 @@ CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly sanitize CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Exec ...) NOT-FOR-US: Mocodo Mocodo Online CVE-2024-35232 (github.com/huandu/facebook is a Go package that fully supports the Fac ...) - TODO: check + NOT-FOR-US: Huando/Facebook CVE-2024-5318 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab (Vulnerable code introduced later) CVE-2024-5315 (Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and al ...) @@ -238,7 +238,7 @@ CVE-2024-33427 CVE-2024-31510 (An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker t ...) TODO: check CVE-2024-22588 (Kwik commit 745fd4e2 does not discard unused encryption keys.) - TODO: check + NOT-FOR-US: Kwik CVE-2023-49575 (A vulnerability has been discovered in VX Search Enterprise affecting ...) NOT-FOR-US: VX Search Enterprise CVE-2023-49574 (A vulnerability has been discovered in VX Search Enterprise affecting ...) @@ -250,7 +250,7 @@ CVE-2023-49572 (A vulnerability has been discovered in VX Search Enterprise affe CVE-2023-47710 (IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2023-46442 (An infinite loop in the retrieveActiveBody function of Soot before v4. ...) - TODO: check + NOT-FOR-US: Soot CVE-2023-52880 (In the Linux kernel, the following vulnerability has been resolved: t ...) - linux 6.6.8-1 [bookworm] - linux 6.1.85-1 @@ -7015,9 +7015,9 @@ CVE-2024-34706 (Valtimo is an open source business process and case management p CVE-2024-34704 (era-compiler-solidity is the ZKsync compiler for Solidity. The proble ...) NOT-FOR-US: era-compiler-solidity CVE-2024-34701 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) - TODO: check + NOT-FOR-US: CreateWiki MediaWiki extension CVE-2024-34699 (GZ::CTF is a capture the flag platform. Prior to 0.20.1, unprivileged ...) - TODO: check + NOT-FOR-US: GZ::CTF CVE-2024-34698 (FreeScout is a free, self-hosted help desk and shared mailbox. Version ...) NOT-FOR-US: FreeScout CVE-2024-34697 (FreeScout is a free, self-hosted help desk and shared mailbox. A store ...) @@ -7037,7 +7037,7 @@ CVE-2024-34416 (Unrestricted Upload of File with Dangerous Type vulnerability in CVE-2024-34411 (Unrestricted Upload of File with Dangerous Type vulnerability in Thoma ...) NOT-FOR-US: WordPress plugin CVE-2024-34353 (The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is a ...) - TODO: check + NOT-FOR-US: matrix-sdk-crypto Rust crate CVE-2024-34340 (Cacti provides an operational monitoring and fault management framewor ...) - cacti 1.2.27+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m @@ -90576,7 +90576,7 @@ CVE-2023-27298 (Uncontrolled search path in the WULT software maintained by Inte CVE-2023-25772 (Improper input validation in the Intel(R) Retail Edge Mobile Android a ...) NOT-FOR-US: Intel CVE-2023-24460 (Incorrect default permissions in some Intel(R) GPA software installers ...) - TODO: check + NOT-FOR-US: Intel CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/network int ...) NOT-FOR-US: Epson CVE-2023-1151 (A vulnerability was found in
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3822-1 for python-pymysql
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: c84857fb by Chris Lamb at 2024-05-27T10:40:56+01:00 Reserve DLA-3822-1 for python-pymysql - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[27 May 2024] DLA-3822-1 python-pymysql - security update + {CVE-2024-36039} + [buster] - python-pymysql 0.9.3-1+deb10u1 [26 May 2024] DLA-3821-1 libreoffice - security update {CVE-2024-3044} [buster] - libreoffice 1:6.1.5-3+deb10u12 = data/dla-needed.txt = @@ -241,9 +241,6 @@ python-asyncssh NOTE: 20240116: Added by Front-Desk (lamby) NOTE: 20240131: Patch for CVE-2023-46445 and CVE-2023-46446 backported and in Git, but one test is failing. Waiting for feedback before release. (dleidert) -- -python-pymysql (Chris Lamb) - NOTE: 20240523: Added by Front-Desk (lamby) --- rails NOTE: 20220909: Re-added due to regression (abhijith) NOTE: 20220909: Regression on 2:5.2.2.1+dfsg-1+deb10u4 (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84857fb2dafb199fb68d864e7111db852794169 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c84857fb2dafb199fb68d864e7111db852794169 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 292b400b by Moritz Muehlenhoff at 2024-05-27T10:51:35+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,85 +1,85 @@ CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) - TODO: check + NOT-FOR-US: ASKEY CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) - TODO: check + NOT-FOR-US: Openfind Mail2000 CVE-2024-5399 (Openfind Mail2000 does not properly filter parameters of specific API. ...) - TODO: check + NOT-FOR-US: Openfind Mail2000 CVE-2024-5397 (A vulnerability classified as critical was found in itsourcecode Onlin ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5396 (A vulnerability classified as critical has been found in itsourcecode ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5395 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5394 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5393 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5392 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5391 (A vulnerability has been found in itsourcecode Online Student Enrollme ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5390 (A vulnerability, which was classified as critical, was found in itsour ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5385 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-5384 (A vulnerability classified as critical was found in SourceCodester Fac ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-5383 (A vulnerability classified as problematic has been found in lakernote ...) - TODO: check + NOT-FOR-US: lakernote EasyAdmin CVE-2024-5381 (A vulnerability classified as critical was found in itsourcecode Stude ...) - TODO: check + NOT-FOR-US: itsourcecode Online Student Enrollment System CVE-2024-5380 (A vulnerability classified as problematic has been found in jsy-1 shor ...) - TODO: check + NOT-FOR-US: jsy-1 short-url CVE-2024-5379 (A vulnerability was found in JFinalCMS up to 20240111. It has been rat ...) - TODO: check + NOT-FOR-US: JFinalCMS CVE-2024-5378 (A vulnerability was found in SourceCodester School Intramurals Student ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-5377 (A vulnerability was found in SourceCodester Vehicle Management System ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2024-5376 (A vulnerability was found in Kashipara College Management System 1.0 a ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5035 (The affected device expose a network service called "rftest" that is v ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2024-4535 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4534 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4533 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4532 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4531 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4530 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4529 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-4286 (Mintplex-Labs' anything-llm application is vulnerable to improper neut ...) - TODO: check + NOT-FOR-US: anything-llm CVE-2024-3939 (The Ditty WordPress plugin before 3.1.36 does not
[Git][security-tracker-team/security-tracker][master] lots of bogus ROS CVEs finally rejected
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e1f125f7 by Moritz Muehlenhoff at 2024-05-27T10:47:13+02:00 lots of bogus ROS CVEs finally rejected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17373,7 +17373,6 @@ CVE-2024-30271 (Illustrator versions 28.3, 27.9.2 and earlier are affected by an NOT-FOR-US: Adobe CVE-2024-29454 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-25852 (Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution v ...) NOT-FOR-US: Linksys CVE-2024-22722 (Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1. ...) @@ -17490,7 +17489,6 @@ CVE-2024-30878 (A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43 NOT-FOR-US: RageFrame2 CVE-2024-30728 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-2966 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...) NOT-FOR-US: WordPress plugin CVE-2024-29903 (Cosign provides code signing and transparency for containers and binar ...) @@ -17503,37 +17501,26 @@ CVE-2024-29460 (An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipul NOT-FOR-US: PX4 Autopilot CVE-2024-29455 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29452 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29450 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29449 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29448 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29447 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29445 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29444 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29443 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29441 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29439 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-29399 (An issue was discovered in GNU Savane v.3.13 and before, allows a remo ...) NOT-FOR-US: GNU Savane CVE-2024-29220 (Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerabili ...) @@ -18066,70 +18053,48 @@ CVE-2024-3020 (The plugin is vulnerable to PHP Object Injection in versions up t NOT-FOR-US: WordPress plugin CVE-2024-30737 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30736 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30735 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30733 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30730 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30729 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30727 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30726 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30724 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30723 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30722 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30721 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30719 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30718 REJECTED - NOTE: Bogus report on ROS, lacks all details and apparently never reported either CVE-2024-30716 REJECTED - NOTE: Bogus report on ROS, lacks all
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7ebb9273 by security tracker role at 2024-05-27T08:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,87 @@ +CVE-2024-5403 (ASKEY 5G NR Small Cell fails to properly filter user input for certain ...) + TODO: check +CVE-2024-5400 (Openfind Mail2000 does not properly filter parameters of specific CGI. ...) + TODO: check +CVE-2024-5399 (Openfind Mail2000 does not properly filter parameters of specific API. ...) + TODO: check +CVE-2024-5397 (A vulnerability classified as critical was found in itsourcecode Onlin ...) + TODO: check +CVE-2024-5396 (A vulnerability classified as critical has been found in itsourcecode ...) + TODO: check +CVE-2024-5395 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5394 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5393 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5392 (A vulnerability was found in itsourcecode Online Student Enrollment Sy ...) + TODO: check +CVE-2024-5391 (A vulnerability has been found in itsourcecode Online Student Enrollme ...) + TODO: check +CVE-2024-5390 (A vulnerability, which was classified as critical, was found in itsour ...) + TODO: check +CVE-2024-5385 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2024-5384 (A vulnerability classified as critical was found in SourceCodester Fac ...) + TODO: check +CVE-2024-5383 (A vulnerability classified as problematic has been found in lakernote ...) + TODO: check +CVE-2024-5381 (A vulnerability classified as critical was found in itsourcecode Stude ...) + TODO: check +CVE-2024-5380 (A vulnerability classified as problematic has been found in jsy-1 shor ...) + TODO: check +CVE-2024-5379 (A vulnerability was found in JFinalCMS up to 20240111. It has been rat ...) + TODO: check +CVE-2024-5378 (A vulnerability was found in SourceCodester School Intramurals Student ...) + TODO: check +CVE-2024-5377 (A vulnerability was found in SourceCodester Vehicle Management System ...) + TODO: check +CVE-2024-5376 (A vulnerability was found in Kashipara College Management System 1.0 a ...) + TODO: check +CVE-2024-5035 (The affected device expose a network service called "rftest" that is v ...) + TODO: check +CVE-2024-4535 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) + TODO: check +CVE-2024-4534 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not hav ...) + TODO: check +CVE-2024-4533 (The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not san ...) + TODO: check +CVE-2024-4532 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4531 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4530 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4529 (The Business Card WordPress plugin through 1.0.0 does not have CSRF ch ...) + TODO: check +CVE-2024-4286 (Mintplex-Labs' anything-llm application is vulnerable to improper neut ...) + TODO: check +CVE-2024-3939 (The Ditty WordPress plugin before 3.1.36 does not sanitise and escape ...) + TODO: check +CVE-2024-3933 (In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, w ...) + TODO: check +CVE-2024-36384 (Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is rel ...) + TODO: check +CVE-2024-36056 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-36055 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-36054 (Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user ...) + TODO: check +CVE-2024-35297 (Cross-site scripting vulnerability exists in WP Booking versions prior ...) + TODO: check +CVE-2024-35291 (Cross-site scripting vulnerability exists in Splunk Config Explorer ve ...) + TODO: check +CVE-2024-34454 (Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SS ...) + TODO: check +CVE-2024-30658 + REJECTED +CVE-2024-30657 + REJECTED +CVE-2024-27314 (Zoho ManageEngineServiceDesk Plus versions below14730,ServiceDesk Plus ...) + TODO: check +CVE-2024-26289 (Deserialization of Untrusted Data vulnerability in PMB Services PMB al ...) + TODO: check CVE-2024-5375 (A vulnerability has been found in
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d3184040 by Salvatore Bonaccorso at 2024-05-27T10:09:25+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,11 +29,11 @@ CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCo CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5358 (A vulnerability was found in PHPGurukul Zoo Management System 2.1 and ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5272 (Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fa ...) - mattermost-server (bug #823556) CVE-2024-5270 (Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and ...) @@ -91,7 +91,7 @@ CVE-2024-4858 (The Testimonial Carousel For Elementor plugin for WordPress is vu CVE-2024-4045 (The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, ...) NOT-FOR-US: WordPress plugin CVE-2024-36079 (An issue was discovered in Vaultize 21.07.27. When uploading files, th ...) - TODO: check + NOT-FOR-US: Vaultize CVE-2024-35374 (Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sq ...) NOT-FOR-US: Mocodo Mocodo Online CVE-2024-35373 (Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Exec ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3184040736d09d03f3fbee22ce6e74096497343 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3184040736d09d03f3fbee22ce6e74096497343 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae7b7e68 by Salvatore Bonaccorso at 2024-05-27T08:49:15+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-5375 (A vulnerability has been found in Kashipara College Management System ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5374 (A vulnerability, which was classified as problematic, was found in Kas ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5373 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5372 (A vulnerability classified as problematic was found in Kashipara Colle ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5371 (A vulnerability classified as problematic has been found in Kashipara ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5370 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5369 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5368 (A vulnerability was found in Kashipara College Management System 1.0. ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5367 (A vulnerability was found in Kashipara College Management System 1.0 a ...) - TODO: check + NOT-FOR-US: Kashipara College Management System CVE-2024-5366 (A vulnerability has been found in SourceCodester Best House Rental Man ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5365 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5364 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5363 (A vulnerability classified as critical was found in SourceCodester Bes ...) - TODO: check + NOT-FOR-US: SourceCodester Best House Rental Management System CVE-2024-5362 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Online Hospital Management System CVE-2024-5361 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) - TODO: check + NOT-FOR-US: PHPGurukul Zoo Management System CVE-2024-5360 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) TODO: check CVE-2024-5359 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae7b7e687b6251981c280dc7b8dcfa2e32759020 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae7b7e687b6251981c280dc7b8dcfa2e32759020 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits