[Git][security-tracker-team/security-tracker][master] Update information on CVE-2024-45845 and CVE-2024-45593
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b7eeed35 by Salvatore Bonaccorso at 2024-09-11T22:39:56+02:00 Update information on CVE-2024-45845 and CVE-2024-45593 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -339,7 +339,10 @@ CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows an CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...) NOT-FOR-US: WordPress plugin CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a symlink in a ...) - TODO: check + - nix (Vulnerable code introduced later) + NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 + NOTE: https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59 + NOTE: Duplicate of CVE-2024-45593 CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL databas ...) NOT-FOR-US: Directus CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting D-Tal ...) @@ -347,6 +350,7 @@ CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug in Ni ...) - nix (Vulnerable code introduced later) NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 + NOTE: https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59 CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, integrates audi ...) NOT-FOR-US: auditor-bundle / DoctrineAuditBundle CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes the hi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7eeed351e85dbfcfb9fa645a0856ceb86cc3700 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7eeed351e85dbfcfb9fa645a0856ceb86cc3700 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7a49d0e by Salvatore Bonaccorso at 2024-09-11T22:37:59+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -31,13 +31,13 @@ CVE-2024-7609 (Improper Limitation of a Pathname to a
Restricted Directory ('Pat
CVE-2024-7312 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
NOT-FOR-US: Payara Platform Payara Server
CVE-2024-6091 (A vulnerability in significant-gravitas/autogpt version 0.5.1
allows a ...)
- TODO: check
+ NOT-FOR-US: significant-gravitas/autogpt
CVE-2024-5760 (The Samsung Universal Print Driver for Windows is potentially
vulnerab ...)
NOT-FOR-US: Samsung
CVE-2024-5416 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4465 (An access control vulnerability was discovered in the Reports
section ...)
- TODO: check
+ NOT-FOR-US: Guardian/CMC
CVE-2024-45790 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to miss ...)
NOT-FOR-US: Reedos aiM-Star
CVE-2024-45789 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to impr ...)
@@ -49,29 +49,29 @@ CVE-2024-45787 (This vulnerability exists in Reedos
aiM-Star version 2.0.1 due t
CVE-2024-45786 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to impr ...)
NOT-FOR-US: Reedos aiM-Star
CVE-2024-45327 (An improper authorization vulnerability [CWE-285] in FortiSOAR
version ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-44851 (A stored cross-site scripting (XSS) vulnerability in the
Discussion se ...)
- TODO: check
+ NOT-FOR-US: Perfex CRM
CVE-2024-44577 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a
command injec ...)
- TODO: check
+ NOT-FOR-US: Relyum RELY-PCIe
CVE-2024-44575 (RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute
for sen ...)
- TODO: check
+ NOT-FOR-US: Relyum RELY-PCIe
CVE-2024-44574 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a
command injec ...)
- TODO: check
+ NOT-FOR-US: Relyum RELY-PCIe
CVE-2024-44573 (A stored cross-site scripting (XSS) vulnerability in the VLAN
configur ...)
- TODO: check
+ NOT-FOR-US: Relyum RELY-PCIe
CVE-2024-44572 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a
command injec ...)
- TODO: check
+ NOT-FOR-US: Relyum RELY-PCIe
CVE-2024-44571 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain
incorrect acces ...)
- TODO: check
+ NOT-FOR-US: Relyum RELY-PCIe
CVE-2024-44570 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code
injectio ...)
- TODO: check
+ NOT-FOR-US: Relyum RELY-PCIe
CVE-2024-44541 (evilnapsis Inventio Lite Versions v4 and before is vulnerable
to SQL I ...)
- TODO: check
+ NOT-FOR-US: evilnapsis Inventio Lite
CVE-2024-44466 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability
in functi ...)
- TODO: check
+ NOT-FOR-US: COMFAST CF-XR11
CVE-2024-43793 (Halo is an open source website building tool. A security
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2024-42760 (SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a
remote at ...)
TODO: check
CVE-2024-41868 (Audition versions 24.4.1, 23.6.6 and earlier are affected by
an out-of ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7a49d0e581d4b67cc13c386d80d58848be79237
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7a49d0e581d4b67cc13c386d80d58848be79237
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a4041e1 by Salvatore Bonaccorso at 2024-09-11T22:23:07+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,53 +1,53 @@
CVE-2024-8693 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Kaon CG3000
CVE-2024-8692 (A vulnerability classified as critical was found in TDuckCloud
TDuckPr ...)
- TODO: check
+ NOT-FOR-US: TDuckCloud TDuckPro
CVE-2024-8691 (A vulnerability in the GlobalProtect portal in Palo Alto
Networks PAN- ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2024-8690 (A problem with a detection mechanism in the Palo Alto Networks
Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-8689 (A problem with the ActiveMQ integration for both Cortex XSOAR
and Cort ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-8688 (An improper neutralization of matching symbols vulnerability in
the Pa ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-8687 (An information exposure vulnerability exists in Palo Alto
Networks PAN ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-8686 (A command injection vulnerability in Palo Alto Networks PAN-OS
softwar ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2024-8646 (In Eclipse Glassfish versions prior to 7.0.10, a URL
redirection vulne ...)
TODO: check
CVE-2024-8642 (In Eclipse Dataspace Components, from version 0.5.0 and before
version ...)
TODO: check
CVE-2024-8306 (CWE-269: Improper Privilege Management vulnerability exists
that could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2024-8277 (The WooCommerce Photo Reviews Premium plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8097 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Payara Platform Payara Server
CVE-2024-7805
REJECTED
CVE-2024-7609 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Vidco Software VOC TESTER
CVE-2024-7312 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
- TODO: check
+ NOT-FOR-US: Payara Platform Payara Server
CVE-2024-6091 (A vulnerability in significant-gravitas/autogpt version 0.5.1
allows a ...)
TODO: check
CVE-2024-5760 (The Samsung Universal Print Driver for Windows is potentially
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-5416 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-4465 (An access control vulnerability was discovered in the Reports
section ...)
TODO: check
CVE-2024-45790 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to miss ...)
- TODO: check
+ NOT-FOR-US: Reedos aiM-Star
CVE-2024-45789 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to impr ...)
- TODO: check
+ NOT-FOR-US: Reedos aiM-Star
CVE-2024-45788 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to miss ...)
- TODO: check
+ NOT-FOR-US: Reedos aiM-Star
CVE-2024-45787 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to tran ...)
- TODO: check
+ NOT-FOR-US: Reedos aiM-Star
CVE-2024-45786 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to impr ...)
- TODO: check
+ NOT-FOR-US: Reedos aiM-Star
CVE-2024-45327 (An improper authorization vulnerability [CWE-285] in FortiSOAR
version ...)
TODO: check
CVE-2024-44851 (A stored cross-site scripting (XSS) vulnerability in the
Discussion se ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a4041e1e8b783157ec5d1bcd6a6007e1c6d621d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a4041e1e8b783157ec5d1bcd6a6007e1c6d621d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5232bca3 by security tracker role at 2024-09-11T20:12:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,95 +1,203 @@
-CVE-2024-46672 [wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion]
+CVE-2024-8693 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2024-8692 (A vulnerability classified as critical was found in TDuckCloud
TDuckPr ...)
+ TODO: check
+CVE-2024-8691 (A vulnerability in the GlobalProtect portal in Palo Alto
Networks PAN- ...)
+ TODO: check
+CVE-2024-8690 (A problem with a detection mechanism in the Palo Alto Networks
Cortex ...)
+ TODO: check
+CVE-2024-8689 (A problem with the ActiveMQ integration for both Cortex XSOAR
and Cort ...)
+ TODO: check
+CVE-2024-8688 (An improper neutralization of matching symbols vulnerability in
the Pa ...)
+ TODO: check
+CVE-2024-8687 (An information exposure vulnerability exists in Palo Alto
Networks PAN ...)
+ TODO: check
+CVE-2024-8686 (A command injection vulnerability in Palo Alto Networks PAN-OS
softwar ...)
+ TODO: check
+CVE-2024-8646 (In Eclipse Glassfish versions prior to 7.0.10, a URL
redirection vulne ...)
+ TODO: check
+CVE-2024-8642 (In Eclipse Dataspace Components, from version 0.5.0 and before
version ...)
+ TODO: check
+CVE-2024-8306 (CWE-269: Improper Privilege Management vulnerability exists
that could ...)
+ TODO: check
+CVE-2024-8277 (The WooCommerce Photo Reviews Premium plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-8097 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-7805
+ REJECTED
+CVE-2024-7609 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-7312 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
+ TODO: check
+CVE-2024-6091 (A vulnerability in significant-gravitas/autogpt version 0.5.1
allows a ...)
+ TODO: check
+CVE-2024-5760 (The Samsung Universal Print Driver for Windows is potentially
vulnerab ...)
+ TODO: check
+CVE-2024-5416 (The Elementor Website Builder \u2013 More than Just a Page
Builder plu ...)
+ TODO: check
+CVE-2024-4465 (An access control vulnerability was discovered in the Reports
section ...)
+ TODO: check
+CVE-2024-45790 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to miss ...)
+ TODO: check
+CVE-2024-45789 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to impr ...)
+ TODO: check
+CVE-2024-45788 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to miss ...)
+ TODO: check
+CVE-2024-45787 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to tran ...)
+ TODO: check
+CVE-2024-45786 (This vulnerability exists in Reedos aiM-Star version 2.0.1 due
to impr ...)
+ TODO: check
+CVE-2024-45327 (An improper authorization vulnerability [CWE-285] in FortiSOAR
version ...)
+ TODO: check
+CVE-2024-44851 (A stored cross-site scripting (XSS) vulnerability in the
Discussion se ...)
+ TODO: check
+CVE-2024-44577 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2024-44575 (RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute
for sen ...)
+ TODO: check
+CVE-2024-44574 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2024-44573 (A stored cross-site scripting (XSS) vulnerability in the VLAN
configur ...)
+ TODO: check
+CVE-2024-44572 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a
command injec ...)
+ TODO: check
+CVE-2024-44571 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain
incorrect acces ...)
+ TODO: check
+CVE-2024-44570 (RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code
injectio ...)
+ TODO: check
+CVE-2024-44541 (evilnapsis Inventio Lite Versions v4 and before is vulnerable
to SQL I ...)
+ TODO: check
+CVE-2024-44466 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability
in functi ...)
+ TODO: check
+CVE-2024-43793 (Halo is an open source website building tool. A security
vulnerability ...)
+ TODO: check
+CVE-2024-42760 (SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a
remote at ...)
+ TODO: check
+CVE-2024-41868 (Audition versions 24.4.1, 23.6.6 and earlier are affected by
an out-of ...)
+ TODO: check
+CVE-2024-39378 (Audition versions 24.4.1, 23.6.6 and earlier are affected by
an out-of ...)
+ TODO: check
+CVE-2024-27115 (A unauthenticated Remote Code Execution (RCE) vulnerability is
found i ...)
+ TODO: che
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-38531/nix via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 32aa9ad1 by Salvatore Bonaccorso at 2024-09-11T22:05:29+02:00 Track fixed version for CVE-2024-38531/nix via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17273,7 +17273,7 @@ CVE-2024-3800 (Sites managed in S@M CMS (Concept Intermedia) might be vulnerable CVE-2024-39704 (Soft Circle French-Bread Melty Blood: Actress Again: Current Code thro ...) NOT-FOR-US: Soft Circle French-Bread Melty Blood: Actress Again CVE-2024-38531 (Nix is a package manager for Linux and other Unix systems that makes p ...) - - nix + - nix 2.23.3+dfsg-1 [bookworm] - nix (Minor issue) [bullseye] - nix (Minor issue) NOTE: https://github.com/NixOS/nix/pull/10501 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32aa9ad10bb09f59f330f7ca1c57f656d8dc5255 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32aa9ad10bb09f59f330f7ca1c57f656d8dc5255 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-45593/nix
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 88a9eafd by Salvatore Bonaccorso at 2024-09-11T22:01:09+02:00 Add CVE-2024-45593/nix - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -237,7 +237,8 @@ CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL d CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting D-Tal ...) NOT-FOR-US: D-Tale CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug in Ni ...) - TODO: check + - nix (Vulnerable code introduced later) + NOTE: https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, integrates audi ...) NOT-FOR-US: auditor-bundle / DoctrineAuditBundle CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes the hi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88a9eafdcba9c8eed9df216d37d43c5d3b65b5b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88a9eafdcba9c8eed9df216d37d43c5d3b65b5b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-44070/frr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34439179 by Salvatore Bonaccorso at 2024-09-11T20:42:28+02:00
Update status for CVE-2024-44070/frr
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5025,9 +5025,10 @@ CVE-2024-44073 (The Miniscript (aka rust-miniscript)
library before 12.2.0 for R
NOT-FOR-US: Miniscript (aka rust-miniscript)
CVE-2024-44070 (An issue was discovered in FRRouting (FRR) through 10.1.
bgp_attr_enca ...)
{DLA-3865-1}
- - frr (bug #1079649)
+ - frr 10.1-0.2 (bug #1079649)
NOTE: https://github.com/FRRouting/frr/pull/16497
- NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/3d56a1b4387c759b2c943e41d312ae0e6a7160b9
+ NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/0998b38e4d61179441f90dd7e7fd6a3a8b7bd8c5
(master)
+ NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/b29169073bf38ff98fcfdd1e115a64203be13073
(frr-10.1)
CVE-2024-44069 (Pi-hole before 6 allows unauthenticated
admin/api.php?setTempUnit= cal ...)
NOT-FOR-US: Pi-hole
CVE-2024-44067 (The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head
XuanTie C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/344391799342ba2b9ff9a8e8a32f9c94400b53ed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/344391799342ba2b9ff9a8e8a32f9c94400b53ed
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add reference to upstream tag for CVE-2024-43800
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2851dbd3 by Salvatore Bonaccorso at 2024-09-11T20:23:07+02:00
Add reference to upstream tag for CVE-2024-43800
- - - - -
1c6b6b09 by Salvatore Bonaccorso at 2024-09-11T20:27:30+02:00
Add CVE-2024-837{2,3}/angular.js
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -282,8 +282,8 @@ CVE-2024-44087 (A vulnerability has been identified in
Automation License Manage
CVE-2024-43800 (serve-static serves static files. serve-static passes
untrusted user i ...)
- node-serve-static
NOTE:
https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
- NOTE:
https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
(1.x)
- NOTE:
https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
(v2.1.0)
+ NOTE:
https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
(1.16.0)
+ NOTE:
https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
(2.1.0)
CVE-2024-43799 (Send is a library for streaming files from the file system as
a http r ...)
- node-send
NOTE:
https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg
@@ -663,9 +663,11 @@ CVE-2024-8604 (A vulnerability classified as problematic
has been found in Sourc
CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software
versions p ...)
NOT-FOR-US: TechExcel Back Office Software
CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in
+ NOTE:
https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
CVE-2024-8372 (Improper sanitization of the value of the '[srcset]' attribute
in Angu ...)
- TODO: check
+ - angular.js
+ NOTE:
https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and
August 14, ...)
NOT-FOR-US: Rapid7 Insight Platform
CVE-2024-7341 (A session fixation issue was discovered in the SAML adapters
provided ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aa8f0d38b504f2b821af6c161ac28f9882eeab11...1c6b6b093dc954ffb9aaaf4b4586602c3d23876a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aa8f0d38b504f2b821af6c161ac28f9882eeab11...1c6b6b093dc954ffb9aaaf4b4586602c3d23876a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2024-43799 commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b4e1762 by Salvatore Bonaccorso at 2024-09-11T17:47:19+02:00 Add upstream tag reference for CVE-2024-43799 commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -284,7 +284,7 @@ CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted CVE-2024-43799 (Send is a library for streaming files from the file system as a http r ...) - node-send NOTE: https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg - NOTE: https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 + NOTE: https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 (0.19.0) CVE-2024-43796 (Express.js minimalist web framework for node. In express < 4.20.0, pas ...) - node-express NOTE: https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b4e1762cb56f04a86e604bb4d9803c850d5ee6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b4e1762cb56f04a86e604bb4d9803c850d5ee6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 849f7f01 by Salvatore Bonaccorso at 2024-09-11T17:26:45+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,97 @@ +CVE-2024-46672 [wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion] + - linux 6.10.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 (6.11-rc4) +CVE-2024-45030 [igb: cope with large MAX_SKB_FRAGS] + - linux 6.10.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8aba27c4a5020abdf60149239198297f88338a8d (6.11-rc5) +CVE-2024-45029 [i2c: tegra: Do not mark ACPI devices as irq safe] + - linux 6.10.7-1 + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/14d069d92951a3e150c0a81f2ca3b93e54da913b (6.11-rc4) +CVE-2024-45028 [mmc: mmc_test: Fix NULL dereference on allocation failure] + - linux 6.10.7-1 + NOTE: https://git.kernel.org/linus/a1e627af32ed60713941cbfc8075d44cad07f6dd (6.11-rc5) +CVE-2024-45027 [usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()] + - linux 6.10.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 (6.11-rc4) +CVE-2024-45026 [s390/dasd: fix error recovery leading to data corruption on ESE devices] + - linux 6.10.7-1 + NOTE: https://git.kernel.org/linus/7db4042336580dfd75cb5faa82c12cd51098c90b (6.11-rc4) +CVE-2024-45025 [fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE] + - linux 6.10.7-1 + NOTE: https://git.kernel.org/linus/9a2fa1472083580b6c66bdaf291f591e1170123a (6.11-rc4) +CVE-2024-45024 [mm/hugetlb: fix hugetlb vs. core-mm PT locking] + - linux 6.10.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5f75cfbd6bb02295ddaed48adf667b6c828ce07b (6.11-rc4) +CVE-2024-45023 [md/raid1: Fix data corruption for degraded array with slow disk] + - linux 6.10.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c916ca35308d3187c9928664f9be249b22a3a701 (6.11-rc4) +CVE-2024-45022 [mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0] + - linux 6.10.7-1 + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/61ebe5a747da649057c37be1c37eb934b4af79ca (6.11-rc4) +CVE-2024-45021 [memcg_write_event_control(): fix a user-triggerable oops] + - linux 6.10.7-1 + NOTE: https://git.kernel.org/linus/046667c4d3196938e992fba0dfcde570aa85cd0e (6.11-rc4) +CVE-2024-45020 [bpf: Fix a kernel verifier crash in stacksafe()] + - linux 6.10.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/bed2eb964c70b780fb55925892a74f26cb590b25 (6.11-rc4) +CVE-2024-45019 [net/mlx5e: Take state lock during tx timeout reporter] + - linux 6.10.7-1 + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 (6.11-rc4) +CVE-2024-45018 [netfilter: flowtable: initialise extack before use] + - linux 6.10.7-1 + NOTE: https://git.kernel.org/linus/e9767137308daf906496613fd879808a07f006a2 (6.11-rc4) +CVE-2024-45017 [net/mlx5: Fix IPsec RoCE MPV trace call] + - linux 6.10.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/607e1df7bd47fe91cab85a97f57870a26d066137 (6.11-rc5) +CVE-2024-45016 [netem: fix return value if duplicate enqueue fails] + - linux 6.10.7-1 + NOTE: https://git.kernel.org/linus/c07ff8592d57ed258afee5a5e04991a48dbaf382 (6.11-rc5) +CVE-2024-45015 [drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()] + - linux 6.10.7-1 + NOTE: https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5) +CVE-2024-45014 [s390/boot: Avoid possible physmem_info segment corruption] + - linux 6.10.7-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d7fd2941ae9a67423d1c7bee985f2
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d141112 by Salvatore Bonaccorso at 2024-09-11T10:47:06+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,21 +25,21 @@ CVE-2024-7721 (The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block p CVE-2024-7716 (The Logo Slider WordPress plugin before 3.6.9 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2024-7626 (The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Deli ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-45597 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) TODO: check CVE-2024-44107 (DLL hijacking in the management console of Ivanti Workspace Control ve ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-44106 (Insufficient server-side controls in the management console of Ivanti ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-44105 (Cleartext transmission of sensitive information in the management cons ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-44104 (An incorrectly implemented authentication scheme that is subjected to ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-44103 (DLL hijacking in the management console of Ivanti Workspace Control ve ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-43690 (Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in t ...) - TODO: check + NOT-FOR-US: Gallagher CVE-2024-40662 (In scheme of Uri.java, there is a possible way to craft a malformed Ur ...) TODO: check CVE-2024-40659 (In getRegistration of RemoteProvisioningService.java, there is a possi ...) @@ -145,7 +145,7 @@ CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users hosting CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A bug in Ni ...) TODO: check CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle, integrates audi ...) - TODO: check + NOT-FOR-US: auditor-bundle / DoctrineAuditBundle CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API exposes the hi ...) NOT-FOR-US: XWiki CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...) @@ -155,9 +155,9 @@ CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by provi CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a SAML au ...) TODO: check CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight. Clients that ...) - TODO: check + NOT-FOR-US: Sunshine CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video and ima ...) - TODO: check + NOT-FOR-US: Computer Vision Annotation Tool (CVAT) CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR Manager ...) NOT-FOR-US: FortiGuard CVE-2024-45044 (Bareos is open source software for backup, archiving, and recovery of ...) @@ -178,9 +178,9 @@ CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read vuln CVE-2024-44815 (Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a ph ...) NOT-FOR-US: Hathway Skyworth Router CM5100 CVE-2024-44677 (eladmin v2.7 and before is vulnerable to Server-Side Request Forgery ( ...) - TODO: check + NOT-FOR-US: eladmin CVE-2024-44676 (eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) wh ...) - TODO: check + NOT-FOR-US: eladmin CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628 ...) NOT-FOR-US: Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router CVE-2024-44087 (A vulnerability has been identified in Automation License Manager V5 ( ...) @@ -194,9 +194,9 @@ CVE-2024-43796 (Express.js minimalist web framework for node. In express < 4.20. CVE-2024-43781 (A vulnerability has been identified in SINUMERIK 828D V4 (All versions ...) NOT-FOR-US: Siemens CVE-2024-43647 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 ( ...) - TODO: check + NOT-FOR-US: Siemens CVE-2024-43495 (Windows libarchive Remote Code Execution Vulnerability) - TODO: check + NOT-FOR-US: Microsoft CVE-2024-43492 (Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2024-43491 (Microsoft is aware of a vulnerability in Servicing Stack that has roll ...) @@ -256,59 +256,59 @@ CVE-2024-43386 (A low privileged remote attacker can trigger the execution of ar CVE-2024-43385 (A low privileged remote attacker can trigger theexecution of arbitrary ...) TODO: check CVE-2024-43040 (Renwoxing Enterprise Inte
[Git][security-tracker-team/security-tracker][master] Process batch of NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 110e2172 by Salvatore Bonaccorso at 2024-09-11T10:37:43+02:00 Process batch of NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,29 +1,29 @@ CVE-2024-8441 (An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6 ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-8440 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8322 (Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-8321 (Missing authentication in Network Isolation of Ivanti EPM before 2022 ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-8320 (Missing authentication in Network Isolation of Ivanti EPM before 2022 ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-8253 (The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8191 (SQL injection in the management console of Ivanti EPM before 2022 SU6, ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-8190 (An OS command injection vulnerability in Ivanti Cloud Services Applian ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-8045 (The Advanced WordPress Backgrounds plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8012 (An authentication bypass weakness in the message broker service of Iva ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2024-7727 (The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7721 (The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7716 (The Logo Slider WordPress plugin before 3.6.9 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7626 (The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Deli ...) TODO: check CVE-2024-45597 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/110e217231ddc20832a95bd57ab6496bbe4f14d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/110e217231ddc20832a95bd57ab6496bbe4f14d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0bc45027 by Salvatore Bonaccorso at 2024-09-11T10:13:14+02:00 Add fixed version for chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91,16 +91,16 @@ CVE-2024-23984 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910 CVE-2024-8639 - - chromium + - chromium 128.0.6613.137-1 [bullseye] - chromium (see #1061268) CVE-2024-8638 - - chromium + - chromium 128.0.6613.137-1 [bullseye] - chromium (see #1061268) CVE-2024-8637 - - chromium + - chromium 128.0.6613.137-1 [bullseye] - chromium (see #1061268) CVE-2024-8636 - - chromium + - chromium 128.0.6613.137-1 [bullseye] - chromium (see #1061268) CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...) NOT-FOR-US: Mercury MNVR816 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc4502779aa7b0af6eb12c85b072a0191292d7a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bc4502779aa7b0af6eb12c85b072a0191292d7a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7b4d88b6 by security tracker role at 2024-09-11T08:11:58+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,79 @@ +CVE-2024-8441 (An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6 ...) + TODO: check +CVE-2024-8440 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...) + TODO: check +CVE-2024-8322 (Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, ...) + TODO: check +CVE-2024-8321 (Missing authentication in Network Isolation of Ivanti EPM before 2022 ...) + TODO: check +CVE-2024-8320 (Missing authentication in Network Isolation of Ivanti EPM before 2022 ...) + TODO: check +CVE-2024-8253 (The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-8191 (SQL injection in the management console of Ivanti EPM before 2022 SU6, ...) + TODO: check +CVE-2024-8190 (An OS command injection vulnerability in Ivanti Cloud Services Applian ...) + TODO: check +CVE-2024-8045 (The Advanced WordPress Backgrounds plugin for WordPress is vulnerable ...) + TODO: check +CVE-2024-8012 (An authentication bypass weakness in the message broker service of Iva ...) + TODO: check +CVE-2024-7727 (The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block plugin ...) + TODO: check +CVE-2024-7721 (The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block plugin ...) + TODO: check +CVE-2024-7716 (The Logo Slider WordPress plugin before 3.6.9 does not sanitise and e ...) + TODO: check +CVE-2024-7626 (The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Deli ...) + TODO: check +CVE-2024-45597 (Pluto is a superset of Lua 5.4 with a focus on general-purpose program ...) + TODO: check +CVE-2024-44107 (DLL hijacking in the management console of Ivanti Workspace Control ve ...) + TODO: check +CVE-2024-44106 (Insufficient server-side controls in the management console of Ivanti ...) + TODO: check +CVE-2024-44105 (Cleartext transmission of sensitive information in the management cons ...) + TODO: check +CVE-2024-44104 (An incorrectly implemented authentication scheme that is subjected to ...) + TODO: check +CVE-2024-44103 (DLL hijacking in the management console of Ivanti Workspace Control ve ...) + TODO: check +CVE-2024-43690 (Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in t ...) + TODO: check +CVE-2024-40662 (In scheme of Uri.java, there is a possible way to craft a malformed Ur ...) + TODO: check +CVE-2024-40659 (In getRegistration of RemoteProvisioningService.java, there is a possi ...) + TODO: check +CVE-2024-40658 (In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible ...) + TODO: check +CVE-2024-40657 (In addPreferencesForType of AccountTypePreferenceLoader.java, there is ...) + TODO: check +CVE-2024-40656 (In handleCreateConferenceComplete of ConnectionServiceWrapper.java, th ...) + TODO: check +CVE-2024-40655 (In bindAndGetCallIdentification of CallScreeningServiceHelper.java, th ...) + TODO: check +CVE-2024-40654 (In multiple locations, there is a possible permission bypass due to a ...) + TODO: check +CVE-2024-40652 (In onCreate of SettingsHomepageActivity.java, there is a possible way ...) + TODO: check +CVE-2024-40650 (In wifi_item_edit_content of styles.xml , there is a possible FRP bypa ...) + TODO: check +CVE-2024-3899 (The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does ...) + TODO: check +CVE-2024-39808 (Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 ...) + TODO: check +CVE-2024-31336 (Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severi ...) + TODO: check +CVE-2024-24972 (Buffer Copy without Checking Size of Input (CWE-120) in the Controller ...) + TODO: check +CVE-2024-23906 (Improper Neutralization of Input During Web Page Generation (CWE-79) i ...) + TODO: check +CVE-2024-23716 (In DevmemIntPFNotify of devicemem_server.c, there is a possible use-af ...) + TODO: check +CVE-2024-21529 (Versions of the package dset before 3.1.4 are vulnerable to Prototype ...) + TODO: check +CVE-2024-1656 (Affected versions of Octopus Server had a weak content security policy ...) + TODO: check CVE-2024-8096 [OCSP stapling bypass with GnuTLS] - curl [bookworm] - curl (Minor issue) @@ -99,7 +175,7 @@ CVE-2024-44871 (An arbitrary file upload vulnerability in the component /admin/i NOT-FOR-US: moziloCMS CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read vulnerabil ...)
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-8096/curl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71a3b219 by Salvatore Bonaccorso at 2024-09-11T08:06:40+02:00 Add CVE-2024-8096/curl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,9 @@ +CVE-2024-8096 [OCSP stapling bypass with GnuTLS] + - curl + [bookworm] - curl (Minor issue) + NOTE: https://curl.se/docs/CVE-2024-8096.html + NOTE: Introduced with: https://github.com/curl/curl/commit/f13669a375f5bfd14797bda91642cabe076974fa (curl-7_41_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/aeb1a281cab13c7ba791cb104e556b20e713941f (curl-8_10_0) CVE-2024-24968 - intel-microcode (bug #1081363) [bookworm] - intel-microcode (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71a3b21997c995b0041df24a16c406aeb3e77329 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71a3b21997c995b0041df24a16c406aeb3e77329 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove firefox-esr entry form dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20103b8c by Salvatore Bonaccorso at 2024-09-11T07:52:16+02:00
Remove firefox-esr entry form dsa-needed list
I forgot to remove it when addint the DSA entry.
Fixes: 095180b791e3 ("Add entry for DSA-5765-1/firefox-esr")
- - - - -
1 changed file:
- data/dsa-needed.txt
Changes:
=
data/dsa-needed.txt
=
@@ -20,8 +20,6 @@ dnsmasq
expat
Maintainer proposed debdiffs for review
--
-firefox-esr (jmm)
---
frr
coordination with the maintainer ongoing
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20103b8c2192a4c42060858080d321153d20dcfb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20103b8c2192a4c42060858080d321153d20dcfb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for intel-microcode issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9962e207 by Salvatore Bonaccorso at 2024-09-11T07:51:06+02:00 Add Debian bug reference for intel-microcode issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,10 +1,10 @@ CVE-2024-24968 - - intel-microcode + - intel-microcode (bug #1081363) [bookworm] - intel-microcode (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910 CVE-2024-23984 - - intel-microcode + - intel-microcode (bug #1081363) [bookworm] - intel-microcode (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9962e20714aa436683a8628bc83c90558c97d0d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9962e20714aa436683a8628bc83c90558c97d0d1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird issues fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a31b8966 by Salvatore Bonaccorso at 2024-09-11T07:47:00+02:00
Track fixed version for thunderbird issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -744,7 +744,7 @@ CVE-2024-8509 (A vulnerability was found in Forklift
Controller. There is no ver
CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8394 (When aborting the verification of an OTR chat session, an
attacker cou ...)
- - thunderbird
+ - thunderbird 1:128.2.0esr-1
[bookworm] - thunderbird (Vulnerable code not present)
[bullseye] - thunderbird (Vulnerable code not present)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8394
@@ -1587,21 +1587,21 @@ CVE-2024-8388 (Multiple prompts and panels from both
Firefox and the Android OS
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8388
CVE-2024-8387 (Memory safety bugs present in Firefox 129, Firefox ESR 128.1,
and Thun ...)
- firefox 130.0-1
- - thunderbird
+ - thunderbird 1:128.2.0esr-1
[bookworm] - thunderbird (Vulnerable code not present)
[bullseye] - thunderbird (Vulnerable code not present)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8387
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8387
CVE-2024-8386 (If a site had been granted the permission to open popup
windows, it co ...)
- firefox 130.0-1
- - thunderbird
+ - thunderbird 1:128.2.0esr-1
[bookworm] - thunderbird (Vulnerable code not present)
[bullseye] - thunderbird (Vulnerable code not present)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8386
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8386
CVE-2024-8385 (A difference in the handling of StructFields and ArrayTypes in
WASM co ...)
- firefox 130.0-1
- - thunderbird
+ - thunderbird 1:128.2.0esr-1
[bookworm] - thunderbird (Vulnerable code not present)
[bullseye] - thunderbird (Vulnerable code not present)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
@@ -1610,7 +1610,7 @@ CVE-2024-8384 (The JavaScript garbage collector could
mis-color cross-compartmen
{DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- - thunderbird
+ - thunderbird 1:128.2.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
@@ -1625,7 +1625,7 @@ CVE-2024-8382 (Internal browser event interfaces were
exposed to web content whe
{DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- - thunderbird
+ - thunderbird 1:128.2.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8382
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8382
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
@@ -1634,7 +1634,7 @@ CVE-2024-8381 (A potentially exploitable type confusion
could be triggered when
{DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- - thunderbird
+ - thunderbird 1:128.2.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8381
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8381
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8381
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a31b896643ec9a8acea0ff4e0388b1b5ef8ce0dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a31b896643ec9a8acea0ff4e0388b1b5ef8ce0dc
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add two new intel-microcode issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e17a70b by Salvatore Bonaccorso at 2024-09-11T07:09:39+02:00 Add two new intel-microcode issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,13 @@ +CVE-2024-24968 + - intel-microcode + [bookworm] - intel-microcode (Minor issue) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910 +CVE-2024-23984 + - intel-microcode + [bookworm] - intel-microcode (Minor issue) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910 CVE-2024-8639 - chromium [bullseye] - chromium (see #1061268) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e17a70b74f39be6d26c884af9742a62f44fdd76 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e17a70b74f39be6d26c884af9742a62f44fdd76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference oss-security post for CVE-2024-6655
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fafaa04 by Salvatore Bonaccorso at 2024-09-11T06:56:11+02:00 Reference oss-security post for CVE-2024-6655 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14237,6 +14237,7 @@ CVE-2024-6655 (A flaw was found in the GTK library. Under certain conditions, it [bookworm] - gtk+2.0 2.24.33-2+deb12u1 [bullseye] - gtk+2.0 2.24.33-2+deb11u1 NOTE: https://gitlab.gnome.org/GNOME/gtk/-/issues/6786 + NOTE: https://www.openwall.com/lists/oss-security/2024/09/09/1 CVE-2024-6664 REJECTED CVE-2024-6663 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fafaa04e890dc11c74ec5084e063de94ba2a45a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fafaa04e890dc11c74ec5084e063de94ba2a45a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 134b50d8 by Salvatore Bonaccorso at 2024-09-11T06:49:22+02:00 Add chromium to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +chromium (dilinger) -- dnsmasq Lee Garrett showed interest to prepare an update for review View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/134b50d8d7b0c6d9b23cae0f88957e0a4d062fa5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/134b50d8d7b0c6d9b23cae0f88957e0a4d062fa5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new set of chromium issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6a176b05 by Salvatore Bonaccorso at 2024-09-11T06:47:30+02:00 Add new set of chromium issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,15 @@ +CVE-2024-8639 + - chromium + [bullseye] - chromium (see #1061268) +CVE-2024-8638 + - chromium + [bullseye] - chromium (see #1061268) +CVE-2024-8637 + - chromium + [bullseye] - chromium (see #1061268) +CVE-2024-8636 + - chromium + [bullseye] - chromium (see #1061268) CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...) NOT-FOR-US: Mercury MNVR816 CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leading to ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a176b05b585b244fc9e1379b127f71c7e06dd67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a176b05b585b244fc9e1379b127f71c7e06dd67 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add expat to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2425b7c by Salvatore Bonaccorso at 2024-09-11T06:43:41+02:00 Add expat to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -15,6 +15,9 @@ If needed, specify the release by adding a slash after the name of the source pa dnsmasq Lee Garrett showed interest to prepare an update for review -- +expat + Maintainer proposed debdiffs for review +-- firefox-esr (jmm) -- frr View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2425b7cb68e423f8483e0b6c231c6b9d9de3d72 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2425b7cb68e423f8483e0b6c231c6b9d9de3d72 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-27082
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c5dd2fb by Salvatore Bonaccorso at 2024-09-11T06:38:39+02:00 Update status for CVE-2024-27082 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -33256,6 +33256,7 @@ CVE-2024-28276 (Sourcecodester School Task Manager 1.0 is vulnerable to Cross Si CVE-2024-27082 (Cacti provides an operational monitoring and fault management framewor ...) - cacti 1.2.27+ds1-1 [bookworm] - cacti (Minor issue) + [bullseye] - cacti (Vulnerable code not present) NOTE: GitHub GHSA: https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h NOTE: bug: https://github.com/Cacti/cacti/issues/5798 NOTE: Commit [1/6] https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc @@ -33264,6 +33265,8 @@ CVE-2024-27082 (Cacti provides an operational monitoring and fault management fr NOTE: Commit [4/6] https://github.com/Cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b NOTE: Commit [5/6] https://github.com/Cacti/cacti/commit/9c75f8da5b609d17c8c031fd46362f730358b792 NOTE: Commit [6/6] https://github.com/Cacti/cacti/commit/6a82fa1abe81d96238a87727087572ff749d0a8d + NOTE: Main commit for CVE-2024-27082 is considered [3/6], the other commits are either related + NOTE: as pre-requisites and relating to other present CVEs. CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content Fusion v6.1 ...) NOT-FOR-US: Oxygen XML Web Author and Oxygen Content Fusion CVE-2024-25641 (Cacti provides an operational monitoring and fault management framewor ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c5dd2fbd2d278f12612a4fe84d7c17dd75283f8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c5dd2fbd2d278f12612a4fe84d7c17dd75283f8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync three CVEs for linux with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b5d88798 by Salvatore Bonaccorso at 2024-09-11T06:08:02+02:00 Sync three CVEs for linux with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5398,6 +5398,7 @@ CVE-2024-42272 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-42271 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.10.4-1 [bookworm] - linux 6.1.106-1 + [bullseye] - linux (s390x not supported in LTS) NOTE: https://git.kernel.org/linus/f558120cd709682b739207b48cf7479fd9568431 (6.11-rc2) CVE-2024-42270 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.10.4-1 @@ -5417,6 +5418,7 @@ CVE-2024-42268 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-42267 (In the Linux kernel, the following vulnerability has been resolved: r ...) - linux 6.10.4-1 [bookworm] - linux 6.1.106-1 + [bullseye] - linux (riscv64 not a release architecture and supported in LTS) NOTE: https://git.kernel.org/linus/0c710050c47d45eb77b28c271cddefc5c785cb40 (6.11-rc2) CVE-2024-42266 (In the Linux kernel, the following vulnerability has been resolved: b ...) - linux 6.10.4-1 @@ -9565,6 +9567,7 @@ CVE-2024-42127 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-42126 (In the Linux kernel, the following vulnerability has been resolved: p ...) - linux 6.9.9-1 [bookworm] - linux 6.1.98-1 + [bullseye] - linux (Affected architectures not supported in LTS) NOTE: https://git.kernel.org/linus/0db880fc865ffb522141ced4bfa66c12ab1fbb70 (6.10-rc1) CVE-2024-42125 (In the Linux kernel, the following vulnerability has been resolved: w ...) - linux 6.9.9-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5d8879841d2c4030c3478a1a5f704c3903594a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5d8879841d2c4030c3478a1a5f704c3903594a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-45044/bareos
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f61370d5 by Salvatore Bonaccorso at 2024-09-10T22:45:16+02:00 Add CVE-2024-45044/bareos - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55,7 +55,10 @@ CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video a CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR Manager ...) NOT-FOR-US: FortiGuard CVE-2024-45044 (Bareos is open source software for backup, archiving, and recovery of ...) - TODO: check + - bareos + NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-jfww-q346-r2r8 + NOTE: https://github.com/bareos/bareos/pull/1875 + NOTE: Fixed by (merge commit): https://github.com/bareos/bareos/commit/2a026698b87d13bd1c6275726b5e826702f81dd5 CVE-2024-45032 (A vulnerability has been identified in Industrial Edge Management Pro ...) NOT-FOR-US: Industrial Edge Management CVE-2024-44893 (An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f61370d576d094aac3daffd5e999f87cbd07b1cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f61370d576d094aac3daffd5e999f87cbd07b1cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-8654/mongodb
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 790fc3d4 by Salvatore Bonaccorso at 2024-09-10T22:44:28+02:00 Add CVE-2024-8654/mongodb - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has b ...) NOT-FOR-US: Mercury MNVR816 CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leading to ...) - TODO: check + - mongodb CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...) - wireshark 4.2.6-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/790fc3d4cc7276633fe49cd7e049575c600c7983 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/790fc3d4cc7276633fe49cd7e049575c600c7983 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
451b1395 by Salvatore Bonaccorso at 2024-09-10T22:44:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,5 +1,5 @@
CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5.
It has b ...)
- TODO: check
+ NOT-FOR-US: Mercury MNVR816
CVE-2024-8654 (MongoDB Server may access non-initialized region of memory
leading to ...)
TODO: check
CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to
4.0.15 a ...)
@@ -7,21 +7,21 @@ CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to
4.0.5 and 4.0.0 to 4.0
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19559
CVE-2024-8543 (The Slider comparison image before and after plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8504 (An attacker with authenticated access to VICIdial as an "agent"
can ex ...)
- TODO: check
+ NOT-FOR-US: VICIdial
CVE-2024-8503 (An unauthenticated attacker can leverage a time-based SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: VICIdial
CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in
Electron ...)
TODO: check
CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could
allow an ...)
- TODO: check
+ NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2024-7770 (The Bit File Manager \u2013 100% Free & Open Source File
Manager and C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7699 (An low privileged remote attacker can execute OS commands with
root pr ...)
TODO: check
CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens
of highe ...)
@@ -29,11 +29,11 @@ CVE-2024-7698 (A low privileged remote attacker canget
access to CSRF tokens of
CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows
an loca ...)
TODO: check
CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle,
Conditio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a
symlink in a ...)
TODO: check
CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users
hosting D-Tal ...)
TODO: check
CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A
bug in Ni ...)
@@ -41,7 +41,7 @@ CVE-2024-45593 (Nix is a package manager for Linux and other
Unix systems. A bug
CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle,
integrates audi ...)
TODO: check
CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API
exposes the hi ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser
<1.20.3 is ...)
TODO: check
CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by
providing a ...)
@@ -53,29 +53,29 @@ CVE-2024-45407 (Sunshine is a self-hosted game stream host
for Moonlight. Client
CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video
and ima ...)
TODO: check
CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR
Manager ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2024-45044 (Bareos is open source software for backup, archiving, and
recovery of ...)
TODO: check
CVE-2024-45032 (A vulnerability has been identified in Industrial Edge
Management Pro ...)
- TODO: check
+ NOT-FOR-US: Industrial Edge Management
CVE-2024-44893 (An issue in the component /jeecg-boot/jmreport/dict/list of
JimuReport ...)
- TODO: check
+ NOT-FOR-US: JimuReport
CVE-2024-44872 (A reflected cross-site scripting (XSS) vulnerability in
moziloCMS v3.0 ...)
- TODO: check
+ NOT-FOR-US: moziloCMS
CVE-2024-44871 (An arbitrary file upload vulnerability in the component
/admin/index.p ...)
- TODO: check
+ NOT-FOR-US: moziloCMS
CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: phpok
CVE-2024-44815 (An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a
physica
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-8645/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d81d7a4 by Salvatore Bonaccorso at 2024-09-10T22:43:02+02:00 Add CVE-2024-8645/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,9 @@ CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It CVE-2024-8654 (MongoDB Server may access non-initialized region of memory leading to ...) TODO: check CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 a ...) - TODO: check + - wireshark 4.2.6-1 + NOTE: https://www.wireshark.org/security/wnpa-sec-2024-10.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19559 CVE-2024-8543 (The Slider comparison image before and after plugin for WordPress is v ...) TODO: check CVE-2024-8504 (An attacker with authenticated access to VICIdial as an "agent" can ex ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d81d7a4120fe510764e082df2ddd0896bc9b8b0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d81d7a4120fe510764e082df2ddd0896bc9b8b0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e69f156e by Salvatore Bonaccorso at 2024-09-10T22:34:40+02:00 Process one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -315,7 +315,7 @@ CVE-2024-31489 (AAn improper certificate validation vulnerability [CWE-295] in F CVE-2024-30073 (Windows Security Zone Mapping Security Feature Bypass Vulnerability) TODO: check CVE-2024-27257 (IBM OpenPages 8.3 and 9.0 potentially exposes information about client ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-26191 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...) TODO: check CVE-2024-26186 (Microsoft SQL Server Native Scoring Remote Code Execution Vulnerabilit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e69f156eacd36d9c851c097b1beeb6d512a373ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e69f156eacd36d9c851c097b1beeb6d512a373ea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
500677f5 by security tracker role at 2024-09-10T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,359 @@
+CVE-2024-8655 (A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5.
It has b ...)
+ TODO: check
+CVE-2024-8654 (MongoDB Server may access non-initialized region of memory
leading to ...)
+ TODO: check
+CVE-2024-8645 (SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to
4.0.15 a ...)
+ TODO: check
+CVE-2024-8543 (The Slider comparison image before and after plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-8504 (An attacker with authenticated access to VICIdial as an "agent"
can ex ...)
+ TODO: check
+CVE-2024-8503 (An unauthenticated attacker can leverage a time-based SQL
injection vu ...)
+ TODO: check
+CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets
plugin for ...)
+ TODO: check
+CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in
Electron ...)
+ TODO: check
+CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could
allow an ...)
+ TODO: check
+CVE-2024-7770 (The Bit File Manager \u2013 100% Free & Open Source File
Manager and C ...)
+ TODO: check
+CVE-2024-7699 (An low privileged remote attacker can execute OS commands with
root pr ...)
+ TODO: check
+CVE-2024-7698 (A low privileged remote attacker canget access to CSRF tokens
of highe ...)
+ TODO: check
+CVE-2024-6876 (Out-of-Bounds read vulnerability in OSCAT Basic Library allows
an loca ...)
+ TODO: check
+CVE-2024-6282 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle,
Conditio ...)
+ TODO: check
+CVE-2024-45845 (nix 2.24 through 2.24.5 allows directory traversal via a
symlink in a ...)
+ TODO: check
+CVE-2024-45596 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2024-45595 (D-Tale is a visualizer for Pandas data structures. Users
hosting D-Tal ...)
+ TODO: check
+CVE-2024-45593 (Nix is a package manager for Linux and other Unix systems. A
bug in Ni ...)
+ TODO: check
+CVE-2024-45592 (auditor-bundle, formerly known as DoctrineAuditBundle,
integrates audi ...)
+ TODO: check
+CVE-2024-45591 (XWiki Platform is a generic wiki platform. The REST API
exposes the hi ...)
+ TODO: check
+CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser
<1.20.3 is ...)
+ TODO: check
+CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by
providing a ...)
+ TODO: check
+CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a
SAML au ...)
+ TODO: check
+CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight.
Clients that ...)
+ TODO: check
+CVE-2024-45393 (Computer Vision Annotation Tool (CVAT) is an interactive video
and ima ...)
+ TODO: check
+CVE-2024-45323 (An improper access control vulnerability[CWE-284] in FortiEDR
Manager ...)
+ TODO: check
+CVE-2024-45044 (Bareos is open source software for backup, archiving, and
recovery of ...)
+ TODO: check
+CVE-2024-45032 (A vulnerability has been identified in Industrial Edge
Management Pro ...)
+ TODO: check
+CVE-2024-44893 (An issue in the component /jeecg-boot/jmreport/dict/list of
JimuReport ...)
+ TODO: check
+CVE-2024-44872 (A reflected cross-site scripting (XSS) vulnerability in
moziloCMS v3.0 ...)
+ TODO: check
+CVE-2024-44871 (An arbitrary file upload vulnerability in the component
/admin/index.p ...)
+ TODO: check
+CVE-2024-44867 (phpok v3.0 was discovered to contain an arbitrary file read
vulnerabil ...)
+ TODO: check
+CVE-2024-44815 (An issue in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a
physica ...)
+ TODO: check
+CVE-2024-44677 (eladmin v2.7 and before is vulnerable to Server-Side Request
Forgery ( ...)
+ TODO: check
+CVE-2024-44676 (eladmin v2.7 and before is vulnerable to Cross Site Scripting
(XSS) wh ...)
+ TODO: check
+CVE-2024-44667 (Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE
Router M7628 ...)
+ TODO: check
+CVE-2024-44087 (A vulnerability has been identified in Automation License
Manager V5 ( ...)
+ TODO: check
+CVE-2024-43800 (serve-static serves static files. serve-static passes
untrusted user i ...)
+ TODO: check
+CVE-2024-43799 (Send is a library for streaming files from the file system as
a http r ...)
+ TODO: check
+CVE-2024-43796 (Express.js minimalist web framework for node. In express <
4.20.0, pas ...)
+ T
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-45508/htmldoc via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9eba1ae4 by Salvatore Bonaccorso at 2024-09-10T19:23:17+02:00 Track fixed version for CVE-2024-45508/htmldoc via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1543,7 +1543,7 @@ CVE-2024-45522 (Linen before cd37c3e does not verify that the domain is linen.de CVE-2024-45509 (In MISP through 2.4.196, app/Controller/BookmarksController.php does n ...) NOT-FOR-US: MISP CVE-2024-45508 (HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ...) - - htmldoc (bug #1081236) + - htmldoc 1.9.18-2 (bug #1081236) [bookworm] - htmldoc (Minor issue) NOTE: https://github.com/michaelrsweet/htmldoc/issues/528 NOTE: https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9eba1ae420f14b8926f1b66ff241bf89a76eac81 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9eba1ae420f14b8926f1b66ff241bf89a76eac81 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-6221
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a84b4d72 by Salvatore Bonaccorso at 2024-09-10T18:06:41+02:00 Add Debian bug reference for CVE-2024-6221 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4529,7 +4529,7 @@ CVE-2024-7905 (A vulnerability classified as critical has been found in DedeBIZ CVE-2024-7904 (A vulnerability was found in DedeBIZ 6.3.0. It has been rated as criti ...) NOT-FOR-US: DedeBIZ CVE-2024-6221 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Ac ...) - - python-flask-cors + - python-flask-cors (bug #1081300) [bookworm] - python-flask-cors (Minor issue) [bullseye] - python-flask-cors (Minor issue) NOTE: https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a84b4d722314d333e3f2f7cca6ce37e61168 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a84b4d722314d333e3f2f7cca6ce37e61168 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-7730/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 89f3b3a1 by Salvatore Bonaccorso at 2024-09-10T17:56:20+02:00 Track fixed version for CVE-2024-7730/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5964,7 +5964,7 @@ CVE-2024-20083 (In venc, there is a possible out of bounds write due to a missin CVE-2024-20082 (In Modem, there is a possible memory corruption due to a missing bound ...) NOT-FOR-US: Mediatek CVE-2024-7730 - - qemu + - qemu 1:9.1.0+ds-1 [bookworm] - qemu (Minor issue) NOTE: https://lore.kernel.org/qemu-devel/virtio-snd-fuzz-2427-fix-v1-manos.pitsidiana...@linaro.org/ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/2427 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89f3b3a18a09d02b690173dec1b0396e2571c1ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89f3b3a18a09d02b690173dec1b0396e2571c1ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference for CVE-2024-6221
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c4a210e4 by Salvatore Bonaccorso at 2024-09-10T17:41:05+02:00 Add reference for CVE-2024-6221 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4533,6 +4533,7 @@ CVE-2024-6221 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows th [bookworm] - python-flask-cors (Minor issue) [bullseye] - python-flask-cors (Minor issue) NOTE: https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d + NOTE: https://github.com/corydolphin/flask-cors/issues/337 CVE-2024-43353 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) NOT-FOR-US: WordPress plugin CVE-2024-43352 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4a210e4961ac3605f6613c8ee6ee191ff9f319c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4a210e4961ac3605f6613c8ee6ee191ff9f319c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73520a6a by security tracker role at 2024-09-10T08:12:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,93 @@ +CVE-2024-8611 (A vulnerability classified as critical was found in itsourcecode Tailo ...) + TODO: check +CVE-2024-8610 (A vulnerability classified as problematic has been found in SourceCode ...) + TODO: check +CVE-2024-8478 (The The Affiliate Super Assistent plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-8268 (The Frontend Dashboard plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2024-7955 (The Starbox WordPress plugin before 3.5.2 does not sanitise and escap ...) + TODO: check +CVE-2024-7891 (The Floating Contact Button WordPress plugin before 2.8 does not sanit ...) + TODO: check +CVE-2024-7784 (During internal Axis Security Development Model (ASDM) threat-modellin ...) + TODO: check +CVE-2024-7734 (An unauthenticated remote attacker canexploit the behavior of thepathf ...) + TODO: check +CVE-2024-7655 (The Community by PeepSo \u2013 Social Network, Membership, Registratio ...) + TODO: check +CVE-2024-7618 (The Community by PeepSo \u2013 Social Network, Membership, Registratio ...) + TODO: check +CVE-2024-6979 (Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a ...) + TODO: check +CVE-2024-6596 (An unauthenticated remote attacker can run malicious c# code included ...) + TODO: check +CVE-2024-6509 (Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found th ...) + TODO: check +CVE-2024-6342 (**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the ...) + TODO: check +CVE-2024-6173 (51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Gu ...) + TODO: check +CVE-2024-45504 (Cross-site request forgery (CSRF) vulnerability in multiple Alps Syste ...) + TODO: check +CVE-2024-45286 (Due to lack of proper authorization checks when calling user, a functi ...) + TODO: check +CVE-2024-45285 (The RFC enabled function module allows a low privileged user to perfor ...) + TODO: check +CVE-2024-45284 (An authenticated attacker with high privilege can use functions of SLC ...) + TODO: check +CVE-2024-45283 (SAP NetWeaver AS for Java allows an authorized attacker to obtain sens ...) + TODO: check +CVE-2024-45281 (SAP BusinessObjects Business Intelligence Platform allows a high privi ...) + TODO: check +CVE-2024-45280 (Due to insufficient encoding of user-controlled inputs, SAP NetWeaver ...) + TODO: check +CVE-2024-45279 (Due to insufficient input validation, CRM Blueprint Application Builde ...) + TODO: check +CVE-2024-44411 (D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the ...) + TODO: check +CVE-2024-44410 (D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the ...) + TODO: check +CVE-2024-44121 (Under certain conditions Statutory Reports in SAP S/4 HANA allows an a ...) + TODO: check +CVE-2024-44120 (SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site ...) + TODO: check +CVE-2024-44117 (The RFC enabled function module allows a low privileged user to perfor ...) + TODO: check +CVE-2024-44116 (The RFC enabled function module allows a low privileged user to add an ...) + TODO: check +CVE-2024-44115 (The RFC enabled function module allows a low privileged user to add UR ...) + TODO: check +CVE-2024-44114 (SAP NetWeaver Application Server for ABAP and ABAP Platform allow user ...) + TODO: check +CVE-2024-44113 (Due to missing authorization checks, SAP Business Warehouse (BEx Analy ...) + TODO: check +CVE-2024-44112 (Due to missing authorization check in SAP for Oil & Gas (Transportatio ...) + TODO: check +CVE-2024-44072 (OS command injection vulnerability exists in BUFFALO wireless LAN rout ...) + TODO: check +CVE-2024-42427 (Dell ThinOS versions 2402 and 2405, contains an Improper Neutralizatio ...) + TODO: check +CVE-2024-42424 (Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains ...) + TODO: check +CVE-2024-42380 (The RFC enabled function module allows a low privileged user to read a ...) + TODO: check +CVE-2024-42378 (Due to weak encoding of user-controlled inputs, eProcurement on SAP S/ ...) + TODO: check +CVE-2024-42371 (The RFC enabled function module allows a low privileged user to delete ...) + TODO: check +CVE-2024-41729 (Due to missing authorization checks, SAP BEx Analyzer allows an authen ...) + TODO: check +CVE-2024-41728 (Due to missing authorization check, SAP NetWeaver Application Server f ...) + TO
[Git][security-tracker-team/security-tracker][master] Drop rejected CVE-2024-43898
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a75ab3a by Salvatore Bonaccorso at 2024-09-10T09:28:16+02:00 Drop rejected CVE-2024-43898 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2622,9 +2622,8 @@ CVE-2024-43900 (In the Linux kernel, the following vulnerability has been resolv CVE-2024-43899 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.10.6-1 NOTE: https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1) -CVE-2024-43898 (In the Linux kernel, the following vulnerability has been resolved: e ...) - - linux 6.10.6-1 - NOTE: https://git.kernel.org/linus/83f4414b8f84249d538905825b088ff3ae555652 (6.11-rc1) +CVE-2024-43898 + REJECTED CVE-2024-43897 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.10.6-1 [bookworm] - linux 6.1.106-3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a75ab3afe0eaea7dd1744039cd7ef4de5ee2197 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a75ab3afe0eaea7dd1744039cd7ef4de5ee2197 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add universal-detector embedding for of uchardet
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e05a4b5 by Salvatore Bonaccorso at 2024-09-10T08:18:31+02:00 Add universal-detector embedding for of uchardet Thanks: Yavor Doganov - - - - - 1 changed file: - data/embedded-code-copies Changes: = data/embedded-code-copies = @@ -3801,3 +3801,7 @@ node-dompurify - cacti 1.2.26+ds1-1 (embed) NOTE: Since 1.2.26+ds1-1 cacti depends on on node-dompurify and link purify.js instead of using NOTE: upstream vendored version. + +uchardet + - universal-detector (fork) + NOTE: https://lists.debian.org/debian-security-tracker/2024/09/msg5.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e05a4b5110eae60e930a92d3bc402c086edcda4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e05a4b5110eae60e930a92d3bc402c086edcda4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-37288/kibana
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c55a346d by Salvatore Bonaccorso at 2024-09-10T07:57:47+02:00 Add CVE-2024-37288/kibana - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -66,7 +66,7 @@ CVE-2024-42500 (HPE has identified a denial of service vulnerability in HPE HP-U CVE-2024-40643 (Joplin is a free, open source note taking and to-do application. Jopli ...) - joplin (bug #931306) CVE-2024-37288 (A deserialization issue in Kibana can lead to arbitrary code execution ...) - TODO: check + - kibana (bug #700337) CVE-2024-27387 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) NOT-FOR-US: Samsung CVE-2024-27383 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c55a346d3dfc276ee5915557071d146dedea5cee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c55a346d3dfc276ee5915557071d146dedea5cee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-40643/joplin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b28f57ad by Salvatore Bonaccorso at 2024-09-10T07:57:04+02:00 Add CVE-2024-40643/joplin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -64,7 +64,7 @@ CVE-2024-42759 (An issue in Ellevo v.6.2.0.38160 allows a remote attacker to esc CVE-2024-42500 (HPE has identified a denial of service vulnerability in HPE HP-UX Syst ...) NOT-FOR-US: HPE CVE-2024-40643 (Joplin is a free, open source note taking and to-do application. Jopli ...) - TODO: check + - joplin (bug #931306) CVE-2024-37288 (A deserialization issue in Kibana can lead to arbitrary code execution ...) TODO: check CVE-2024-27387 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b28f57ad964981dfb344921319edd2b1a1d1fa07 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b28f57ad964981dfb344921319edd2b1a1d1fa07 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove uneeded TODO item
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 61886a73 by Salvatore Bonaccorso at 2024-09-10T07:43:31+02:00 Remove uneeded TODO item - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,7 +31,6 @@ CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances, t NOTE: https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6 (v3.14.0) NOTE: https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de (v2.16.1) NOTE: https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233 (v1.44.8) - TODO: check CVE-2024-45406 (Craft is a content management system (CMS). Craft CMS 5 stored XSS can ...) NOT-FOR-US: Craft CMS CVE-2024-45296 (path-to-regexp turns path strings into a regular expressions. In certa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61886a731237059253276f946013d1f4f9a8862e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61886a731237059253276f946013d1f4f9a8862e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-6572/check-mk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf32e8de by Salvatore Bonaccorso at 2024-09-10T07:41:15+02:00 Add CVE-2024-6572/check-mk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,7 +23,7 @@ CVE-2024-6796 (In Baxter Connex health portal released before 8/30/2024, an impr CVE-2024-6795 (In Connex health portal released before8/30/2024, SQL injection vulner ...) NOT-FOR-US: Baxter Connex health portal CVE-2024-6572 (Improper host key checking in active check 'Check SFTP Service' and sp ...) - TODO: check + - check-mk CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances, the san ...) - php-twig - twig View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf32e8deb28d74f44070527d0cbf21bc8a3ca669 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf32e8deb28d74f44070527d0cbf21bc8a3ca669 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-24510/sogo
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4d256ee0 by Salvatore Bonaccorso at 2024-09-10T07:38:01+02:00 Add CVE-2024-24510/sogo - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -81,7 +81,8 @@ CVE-2024-27366 (An issue was discovered in Samsung Mobile Processor, Wearable Pr CVE-2024-27364 (An issue was discovered in Mobile Processor, Wearable Processor Exynos ...) NOT-FOR-US: Samsung CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows ...) - TODO: check + - sogo 5.10.0-1 + NOTE: Fixed by: https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424 (SOGo-5.10.0) CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediat ...) NOT-FOR-US: ONLYOFFICE Docs CVE-2024-8586 (WebITR from Uniong has an Open Redirect vulnerability, which allows un ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d256ee0870a97ba89bb6f05d0dd9fe654ff73ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d256ee0870a97ba89bb6f05d0dd9fe654ff73ea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fb74a2ae by Salvatore Bonaccorso at 2024-09-10T07:34:40+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,17 +11,17 @@ CVE-2024-8372 (Improper sanitization of the value of the '[srcset]' attribute in CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and August 14, ...) NOT-FOR-US: Rapid7 Insight Platform CVE-2024-7341 (A session fixation issue was discovered in the SAML adapters provided ...) - TODO: check + NOT-FOR-US: Keycloak CVE-2024-7318 (A vulnerability was found in Keycloak. Expired OTP codes are still usa ...) NOT-FOR-US: Keycloak CVE-2024-7260 (An open redirect vulnerability was found in Keycloak. A specially craf ...) NOT-FOR-US: Keycloak CVE-2024-7015 (Improper Authentication, Missing Authentication for Critical Function, ...) - TODO: check + NOT-FOR-US: Profelis Informatics and Consulting PassBox CVE-2024-6796 (In Baxter Connex health portal released before 8/30/2024, an improper ...) - TODO: check + NOT-FOR-US: Baxter Connex health portal CVE-2024-6795 (In Connex health portal released before8/30/2024, SQL injection vulner ...) - TODO: check + NOT-FOR-US: Baxter Connex health portal CVE-2024-6572 (Improper host key checking in active check 'Check SFTP Service' and sp ...) TODO: check CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances, the san ...) @@ -37,53 +37,53 @@ CVE-2024-45406 (Craft is a content management system (CMS). Craft CMS 5 stored X CVE-2024-45296 (path-to-regexp turns path strings into a regular expressions. In certa ...) TODO: check CVE-2024-45041 (External Secrets Operator is a Kubernetes operator that integrates ext ...) - TODO: check + NOT-FOR-US: External Secrets Kubernetes Operator CVE-2024-44902 (A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows at ...) - TODO: check + NOT-FOR-US: Thinkphp CVE-2024-44849 (Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via A ...) - TODO: check + NOT-FOR-US: Qualitor CVE-2024-44725 (AutoCMS v5.4 was discovered to contain a SQL injection vulnerability v ...) - TODO: check + NOT-FOR-US: AutoCMS CVE-2024-44724 (AutoCMS v5.4 was discovered to contain a PHP code injection vulnerabil ...) - TODO: check + NOT-FOR-US: AutoCMS CVE-2024-44721 (SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) vi ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2024-44720 (SeaCMS v13.1 was discovered to an arbitrary file read vulnerability vi ...) - TODO: check + NOT-FOR-US: SeaCMS CVE-2024-44375 (D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the d ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-44335 (D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.0 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-44334 (D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-44333 (D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2024-44085 (ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object ...) - TODO: check + NOT-FOR-US: ONLYOFFICE Docs CVE-2024-42759 (An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate ...) - TODO: check + NOT-FOR-US: Ellevo CVE-2024-42500 (HPE has identified a denial of service vulnerability in HPE HP-UX Syst ...) - TODO: check + NOT-FOR-US: HPE CVE-2024-40643 (Joplin is a free, open source note taking and to-do application. Jopli ...) TODO: check CVE-2024-37288 (A deserialization issue in Kibana can lead to arbitrary code execution ...) TODO: check CVE-2024-27387 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-27383 (An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-27368 (An issue was discovered in Samsung Mobile Processor Exynos Mobile Proc ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-27367 (An issue was discovered in Samsung Mobile Processor Exynos Wearable Pr ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-27366 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-27364 (An issue was discovered in Mobile Processor, Wearable Processor Exynos ...) - TODO: check + NOT-FOR-US: Samsung CVE-2024-24510 (Cross
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-45411/php-twig
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5cf90ce2 by Salvatore Bonaccorso at 2024-09-09T22:23:01+02:00 Add CVE-2024-45411/php-twig - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,6 +25,12 @@ CVE-2024-6795 (In Connex health portal released before8/30/2024, SQL injection v CVE-2024-6572 (Improper host key checking in active check 'Check SFTP Service' and sp ...) TODO: check CVE-2024-45411 (Twig is a template language for PHP. Under some circumstances, the san ...) + - php-twig + - twig + NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-6j75-5wfj-gh66 + NOTE: https://github.com/twigphp/Twig/commit/11f68e2aeb526bfaf638e30d4420d8a710f3f7c6 (v3.14.0) + NOTE: https://github.com/twigphp/Twig/commit/2102dd135986db79192d26fb5f5817a566e0a7de (v2.16.1) + NOTE: https://github.com/twigphp/Twig/commit/7afa198603de49d147e90d18062e7b9addcf5233 (v1.44.8) TODO: check CVE-2024-45406 (Craft is a content management system (CMS). Craft CMS 5 stored XSS can ...) NOT-FOR-US: Craft CMS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cf90ce230c5b3bbd861f8af3af37a6d2c5e8ac1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cf90ce230c5b3bbd861f8af3af37a6d2c5e8ac1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ec350ae1 by Salvatore Bonaccorso at 2024-09-09T22:19:21+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2024-8605 (A vulnerability classified as problematic was found in code-projects I ...) - TODO: check + NOT-FOR-US: code-projects Inventory Management CVE-2024-8604 (A vulnerability classified as problematic has been found in SourceCode ...) - TODO: check + NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software versions p ...) - TODO: check + NOT-FOR-US: TechExcel Back Office Software CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec350ae1052348a6004792857748f0f942d0353f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec350ae1052348a6004792857748f0f942d0353f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-45508/htmldoc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d3f7de20 by Salvatore Bonaccorso at 2024-09-09T22:13:49+02:00 Add Debian bug reference for CVE-2024-45508/htmldoc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1447,7 +1447,7 @@ CVE-2024-45522 (Linen before cd37c3e does not verify that the domain is linen.de CVE-2024-45509 (In MISP through 2.4.196, app/Controller/BookmarksController.php does n ...) NOT-FOR-US: MISP CVE-2024-45508 (HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ...) - - htmldoc + - htmldoc (bug #1081236) [bookworm] - htmldoc (Minor issue) NOTE: https://github.com/michaelrsweet/htmldoc/issues/528 NOTE: https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3f7de2064f741d2dbc17401fc587b00cbb409e3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3f7de2064f741d2dbc17401fc587b00cbb409e3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db200084 by security tracker role at 2024-09-09T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,83 @@
+CVE-2024-8605 (A vulnerability classified as problematic was found in
code-projects I ...)
+ TODO: check
+CVE-2024-8604 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software
versions p ...)
+ TODO: check
+CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in
https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
@@ -32633,31 +32714,37 @@ CVE-2024-31810 (TOTOLINK EX200 V4.0.3c.7646_B20201211
was discovered to contain
CVE-2024-31771 (Insecure Permission vulnerability in TotalAV v.6.0.740 allows
a local ...)
NOT-FOR-US: TotalAV
CVE-2024-31460 (Cacti provides an operational monitoring and fault management
framewor ...)
+ {DLA-3884-1}
- cacti 1.2.27+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u3
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
NOTE:
https://github.com/Cacti/cacti/commit/8b516cb9a73322ad532231e74000c2ee097b495e
CVE-2024-31459 (Cacti provides an operational monitoring and fault management
framewor ...)
+ {DLA-3884-1}
- cacti 1.2.27+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u3
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
NOTE:
https://github.com/Cacti/cacti/commit/96d9a4c60693d87ba0e347f1c7d33047b4effc61
CVE-2024-31458 (Cacti provides an operational monitoring and fault management
framewor ...)
+ {DLA-3884-1}
- cacti 1.2.27+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u3
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x
NOTE:
https://github.com/Cacti/cacti/commit/9e87882007b6091171d1a4786f0de4ae20efef7b
CVE-2024-31445 (Cacti provides an operational monitoring and fault management
framewor ...)
+ {DLA-3884-1}
- cacti 1.2.27+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u3
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc
NOTE:
https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886
CVE-2024-31444 (Cacti provides an operational monitoring and fault management
framewor ...)
+ {DLA-3884-1}
- cacti 1.2.27+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u3
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87
NOTE:
https://github.com/Cacti/cacti/commit/86d614c38c54e0ce58774d86617ecfbb853fb57b
CVE-2024-31443 (Cacti provides an operational monitoring and fault management
framewor ...)
+ {DLA-3884-1}
- cacti 1.2.27+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u3
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3
@@ -32723,6 +32810,7 @@ CVE-2024-27082 (Cacti provides an operational
monitoring and fault management fr
CVE-2024-25662 (Oxygen XML Web Author v26.0.0 and older and Oxygen Content
Fusion v6.1 ...)
NOT-FOR-US: Oxygen XML Web Author and Oxygen Content Fusion
CVE-2024-25641 (Cacti provides an operational monitoring and fault management
framewor ...)
+ {DLA-3884-1}
- cacti 1.2.27+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u3
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
@@ -53905,6 +53993,7 @@ CVE-2024-28111 (Canarytokens helps track activity and
actions on a network. Cana
CVE-2024-28110 (Go SDK for CloudEvents is the official CloudEvents SDK to
integrate ap ...)
NOT-FOR-US: cloudevents/sdk-go
CVE-2024-28102 (JWCrypto implements JWK, JWS, and JWE specifications using
python-cryp ...)
+ {DLA-3883-1}
- python-jwcrypto 1.5.6-1 (bug #1065688)
[bookworm] - python-jwcrypto 1.1.0-1+deb12u1
NOTE:
https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97
@@ -156668,6 +156757,7 @@ CVE-2022-41446 (An access control issue in
/Admin/dashboard.php of Record Manage
CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record
Management System ...)
NOT-FOR-US: Record Management System
CVE-2022-41444 (Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via
crafted P ...)
+ {DLA-3884-1}
- cacti 1.2.22+ds1-1
[buster] - cacti (Vulnerable code introduced later)
NOTE: https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db200084cec671e808d4b8d92d8121f3c3cce4d7
--
View it on GitLab:
http
[Git][security-tracker-team/security-tracker][master] Update more ruby3.3 fixes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 807f2b0d by Salvatore Bonaccorso at 2024-09-09T21:42:26+02:00 Update more ruby3.3 fixes ruby3.3/3.3.5-1 updates rexml gem to 3.3.6, which does fix all of the CVEs CVE-2024-43398, CVE-2024-41946 and CVE-2024-41123 which are fixed in rexml 3.3.6 and earlier. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2968,7 +2968,7 @@ CVE-2024-43785 (gitoxide An idiomatic, lean, fast & safe pure Rust implementatio CVE-2024-43780 (Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9 ...) - mattermost-server (bug #823556) CVE-2024-43398 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS ...) - - ruby3.3 + - ruby3.3 3.3.5-1 - ruby3.2 - ruby3.1 [bookworm] - ruby3.1 (Minor issue) @@ -8323,7 +8323,7 @@ CVE-2024-41962 (Bostr is an nostr relay aggregator proxy that acts like a regula CVE-2024-41961 (Elektra is an opinionated Openstack Dashboard for Operators and Consum ...) NOT-FOR-US: Elektra CVE-2024-41946 (REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulner ...) - - ruby3.3 + - ruby3.3 3.3.5-1 - ruby3.2 - ruby3.1 [bookworm] - ruby3.1 (Minor issue) @@ -8344,7 +8344,7 @@ CVE-2024-41162 (Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7 CVE-2024-41144 (Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9. ...) - mattermost-server (bug #823556) CVE-2024-41123 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some ...) - - ruby3.3 + - ruby3.3 3.3.5-1 - ruby3.2 - ruby3.1 [bookworm] - ruby3.1 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/807f2b0d2a0d7acea414aceb5d7e7403b55bf72e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/807f2b0d2a0d7acea414aceb5d7e7403b55bf72e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from rejected CVEs (they were duplicates)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1b825f32 by Salvatore Bonaccorso at 2024-09-09T15:29:14+02:00 Remove notes from rejected CVEs (they were duplicates) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -100297,7 +100297,6 @@ CVE-2023-34247 (Keystone is a content management system for Node.JS. There is an NOT-FOR-US: Keystone CMS CVE-2023-34122 REJECTED - NOT-FOR-US: Zoom CVE-2023-34121 (Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom V ...) NOT-FOR-US: Zoom CVE-2023-34120 (Improper privilege management in Zoom for Windows, Zoom Rooms for Wind ...) @@ -100308,7 +100307,6 @@ CVE-2023-34114 (Exposure of resource to wrong sphere in Zoom for Windows and Zoo NOT-FOR-US: Zoom CVE-2023-34113 REJECTED - NOT-FOR-US: Zoom CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) NOT-FOR-US: Siemens CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b825f328c5200f99035cd27bfe1477b6e4d0938 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b825f328c5200f99035cd27bfe1477b6e4d0938 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-6716 (not a valid security issue)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 932c74b7 by Salvatore Bonaccorso at 2024-09-09T15:27:46+02:00 Remove notes from CVE-2024-6716 (not a valid security issue) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12751,11 +12751,6 @@ CVE-2024-6465 (The WP Links Page plugin for WordPress is vulnerable to unauthori NOT-FOR-US: WordPress plugin CVE-2024-6716 REJECTED - - tiff (unimportant) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2297636 - NOTE: https://gitlab.com/libtiff/libtiff/-/issues/620 - NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/553 - NOTE: Negligible security impact if following documentation/recommendations CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path Disclosure ...) NOT-FOR-US: WordPress plugin CVE-2024-6070 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/932c74b78ecefc1cc6e2a17bbd601fcb93795dce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/932c74b78ecefc1cc6e2a17bbd601fcb93795dce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2024-42334
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f4b15f3 by Salvatore Bonaccorso at 2024-09-09T15:26:27+02:00 Remove notes from CVE-2024-42334 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3988,7 +3988,6 @@ CVE-2024-42335 (7Twenty - CWE-79: Improper Neutralization of Input During Web Pa NOT-FOR-US: 7Twenty CVE-2024-42334 REJECTED - NOT-FOR-US: Hargal CVE-2024-42006 (Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.) NOT-FOR-US: Keyfactor AWS Orchestrator CVE-2024-41773 (IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an aut ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f4b15f39fc69541ecbe3321deaa74c77d7970ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f4b15f39fc69541ecbe3321deaa74c77d7970ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90c396f0 by Salvatore Bonaccorso at 2024-09-09T11:30:26+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,23 +5,23 @@ CVE-2024-8585 (Orca HCM from LEARNING DIGITA does not properly restrict a specif CVE-2024-8584 (Orca HCM from LEARNING DIGITAL does not properly restrict access to a ...) TODO: check CVE-2024-8583 (A vulnerability was found in SourceCodester Online Bank Management Sys ...) - TODO: check + NOT-FOR-US: SourceCodester Online Bank Management System and Online Bank Management System CVE-2024-8582 (A vulnerability was found in SourceCodester Food Ordering Management S ...) - TODO: check + NOT-FOR-US: SourceCodester Food Ordering Management System CVE-2024-8580 (A vulnerability classified as critical was found in TOTOLINK AC1200 T8 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2024-7918 (The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7689 (The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7688 (The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7687 (The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-6910 (The EventON WordPress plugin before 2.2.17 does not sanitise and escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-5561 (The Popup Maker WordPress plugin before 1.19.1 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-45625 (Cross-site scripting vulnerability exists in Forminator versions prior ...) TODO: check CVE-2024-45203 (Improper authorization in handler for custom URL scheme issue in "@cos ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90c396f0f5d308562b968346f4695eb8b2b59715 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90c396f0f5d308562b968346f4695eb8b2b59715 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
140dbb05 by security tracker role at 2024-09-09T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,31 @@
+CVE-2024-8586 (WebITR from Uniong has an Open Redirect vulnerability, which
allows un ...)
+ TODO: check
+CVE-2024-8585 (Orca HCM from LEARNING DIGITA does not properly restrict a
specific pa ...)
+ TODO: check
+CVE-2024-8584 (Orca HCM from LEARNING DIGITAL does not properly restrict
access to a ...)
+ TODO: check
+CVE-2024-8583 (A vulnerability was found in SourceCodester Online Bank
Management Sys ...)
+ TODO: check
+CVE-2024-8582 (A vulnerability was found in SourceCodester Food Ordering
Management S ...)
+ TODO: check
+CVE-2024-8580 (A vulnerability classified as critical was found in TOTOLINK
AC1200 T8 ...)
+ TODO: check
+CVE-2024-7918 (The Pocket Widget WordPress plugin through 0.1.3 does not
sanitise and ...)
+ TODO: check
+CVE-2024-7689 (The Snapshot Backup WordPress plugin through 2.1.1 does not
have CSRF ...)
+ TODO: check
+CVE-2024-7688 (The AZIndex WordPress plugin through 0.8.1 does not have CSRF
checks i ...)
+ TODO: check
+CVE-2024-7687 (The AZIndex WordPress plugin through 0.8.1 does not have CSRF
check in ...)
+ TODO: check
+CVE-2024-6910 (The EventON WordPress plugin before 2.2.17 does not sanitise
and escap ...)
+ TODO: check
+CVE-2024-5561 (The Popup Maker WordPress plugin before 1.19.1 does not
sanitise and ...)
+ TODO: check
+CVE-2024-45625 (Cross-site scripting vulnerability exists in Forminator
versions prior ...)
+ TODO: check
+CVE-2024-45203 (Improper authorization in handler for custom URL scheme issue
in "@cos ...)
+ TODO: check
CVE-2024-6840
NOT-FOR-US: Ansible Automation Controller
CVE-2024-8579 (A vulnerability classified as critical has been found in
TOTOLINK AC12 ...)
@@ -1018,7 +1046,7 @@ CVE-2024-8385 (A difference in the handling of
StructFields and ArrayTypes in WA
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8385
CVE-2024-8384 (The JavaScript garbage collector could mis-color
cross-compartment obj ...)
- {DSA-5767-1 DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird
@@ -1027,13 +1055,13 @@ CVE-2024-8384 (The JavaScript garbage collector could
mis-color cross-compartmen
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8384
CVE-2024-8383 (Firefox normally asks for confirmation before asking the
operating sys ...)
- {DSA-5767-1 DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8383
CVE-2024-8382 (Internal browser event interfaces were exposed to web content
when pri ...)
- {DSA-5767-1 DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird
@@ -1042,7 +1070,7 @@ CVE-2024-8382 (Internal browser event interfaces were
exposed to web content whe
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382
CVE-2024-8381 (A potentially exploitable type confusion could be triggered
when looki ...)
- {DSA-5767-1 DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird
@@ -45939,7 +45967,7 @@ CVE-2024-27706 (Cross Site Scripting vulnerability in
Huly Platform v.0.6.202 al
NOT-FOR-US: Huily Platform
CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows
attackers ...)
NOT-FOR-US: Leantime
-CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25
and earlie ...)
+CVE-2024-26258 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
NOT-FOR-US: WRC-X3200GST3-B
CVE-2024-25568 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
NOT-FOR-US: WRC-X3200GST3-B
@@ -91555,7 +91583,7 @@ CVE-2023-4409 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: NBS&HappySoftWeChat
CVE-2023-4407 (
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e985ed47 by Salvatore Bonaccorso at 2024-09-09T09:12:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,23 +1,23 @@
CVE-2024-8579 (A vulnerability classified as critical has been found in
TOTOLINK AC12 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-8578 (A vulnerability was found in TOTOLINK AC1200 T8
4.1.5cu.861_B20230220. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-8577 (A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10
4.1.5cu ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-8576 (A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10
4.1.5cu ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-8575 (A vulnerability was found in TOTOLINK AC1200 T8
4.1.5cu.861_B20230220 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-8574 (A vulnerability has been found in TOTOLINK AC1200 T8
4.1.5cu.861_B2023 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-8573 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-42343 (Loway - CWE-204: Observable Response Discrepancy)
- TODO: check
+ NOT-FOR-US: Loway
CVE-2024-42342 (Loway - CWE-444: Inconsistent Interpretation of HTTP Requests
('HTTP ...)
- TODO: check
+ NOT-FOR-US: Loway
CVE-2024-42341 (Loway - CWE-601: URL Redirection to Untrusted Site ('Open
Redirect'))
- TODO: check
+ NOT-FOR-US: Loway
CVE-2024-8572 (A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It
has been ...)
NOT-FOR-US: Gouniverse GoLang CMS
CVE-2024-8571 (A vulnerability was found in erjemin roll_cms up to
1484fe2c4e0805946a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e985ed47b89009b2388508ecc3d59d68c354dcf3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e985ed47b89009b2388508ecc3d59d68c354dcf3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a179b27 by security tracker role at 2024-09-08T20:12:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,23 @@
+CVE-2024-8579 (A vulnerability classified as critical has been found in
TOTOLINK AC12 ...)
+ TODO: check
+CVE-2024-8578 (A vulnerability was found in TOTOLINK AC1200 T8
4.1.5cu.861_B20230220. ...)
+ TODO: check
+CVE-2024-8577 (A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10
4.1.5cu ...)
+ TODO: check
+CVE-2024-8576 (A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10
4.1.5cu ...)
+ TODO: check
+CVE-2024-8575 (A vulnerability was found in TOTOLINK AC1200 T8
4.1.5cu.861_B20230220 ...)
+ TODO: check
+CVE-2024-8574 (A vulnerability has been found in TOTOLINK AC1200 T8
4.1.5cu.861_B2023 ...)
+ TODO: check
+CVE-2024-8573 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
+ TODO: check
+CVE-2024-42343 (Loway - CWE-204: Observable Response Discrepancy)
+ TODO: check
+CVE-2024-42342 (Loway - CWE-444: Inconsistent Interpretation of HTTP Requests
('HTTP ...)
+ TODO: check
+CVE-2024-42341 (Loway - CWE-601: URL Redirection to Untrusted Site ('Open
Redirect'))
+ TODO: check
CVE-2024-8572 (A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It
has been ...)
NOT-FOR-US: Gouniverse GoLang CMS
CVE-2024-8571 (A vulnerability was found in erjemin roll_cms up to
1484fe2c4e0805946a ...)
@@ -996,7 +1016,7 @@ CVE-2024-8385 (A difference in the handling of
StructFields and ArrayTypes in WA
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8385
CVE-2024-8384 (The JavaScript garbage collector could mis-color
cross-compartment obj ...)
- {DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird
@@ -1005,13 +1025,13 @@ CVE-2024-8384 (The JavaScript garbage collector could
mis-color cross-compartmen
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8384
CVE-2024-8383 (Firefox normally asks for confirmation before asking the
operating sys ...)
- {DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8383
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8383
CVE-2024-8382 (Internal browser event interfaces were exposed to web content
when pri ...)
- {DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird
@@ -1020,7 +1040,7 @@ CVE-2024-8382 (Internal browser event interfaces were
exposed to web content whe
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382
CVE-2024-8381 (A potentially exploitable type confusion could be triggered
when looki ...)
- {DSA-5765-1 DLA-3869-1}
+ {DSA-5767-1 DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
- thunderbird
@@ -3936,7 +3956,8 @@ CVE-2024-42336 (Servision - CWE-287: Improper
Authentication)
NOT-FOR-US: Servision
CVE-2024-42335 (7Twenty - CWE-79: Improper Neutralization of Input During Web
Page Gen ...)
NOT-FOR-US: 7Twenty
-CVE-2024-42334 (Hargal - CWE-284: Improper Access Control)
+CVE-2024-42334
+ REJECTED
NOT-FOR-US: Hargal
CVE-2024-42006 (Keyfactor AWS Orchestrator through 2.0 allows Information
Disclosure.)
NOT-FOR-US: Keyfactor AWS Orchestrator
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a179b27885e7e91d8877f52e1f1e4cef46090e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a179b27885e7e91d8877f52e1f1e4cef46090e6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-45751/tgt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9154322c by Salvatore Bonaccorso at 2024-09-08T20:55:57+02:00 Add Debian bug reference for CVE-2024-45751/tgt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -301,7 +301,7 @@ CVE-2024-7349 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quiz CVE-2024-6792 (The WP ULike WordPress plugin before 4.7.2.1 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achieve ent ...) - - tgt + - tgt (bug #1081158) NOTE: https://github.com/fujita/tgt/pull/67 NOTE: https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd (v1.0.93) NOTE: https://www.openwall.com/lists/oss-security/2024/09/07/2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9154322c59af26aa06e6b92942b61ff93aef00ba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9154322c59af26aa06e6b92942b61ff93aef00ba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Specify version where switch to links happened
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 21ec8e83 by Salvatore Bonaccorso at 2024-09-08T20:54:55+02:00 Specify version where switch to links happened - - - - - 1 changed file: - data/embedded-code-copies Changes: = data/embedded-code-copies = @@ -3798,4 +3798,6 @@ python-pyproject-hooks NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html node-dompurify - [bullseye] - cacti (embed) + - cacti 1.2.26+ds1-1 (embed) + NOTE: Since 1.2.26+ds1-1 cacti depends on on node-dompurify and link purify.js instead of using + NOTE: upstream vendored version. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21ec8e8349f394d154bcf95a02afa146ec9f8c91 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21ec8e8349f394d154bcf95a02afa146ec9f8c91 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference to oss-security ost for CVE-2024-45751/tgt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1486a82c by Salvatore Bonaccorso at 2024-09-08T20:43:10+02:00 Add reference to oss-security ost for CVE-2024-45751/tgt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -304,6 +304,7 @@ CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achie - tgt NOTE: https://github.com/fujita/tgt/pull/67 NOTE: https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd (v1.0.93) + NOTE: https://www.openwall.com/lists/oss-security/2024/09/07/2 CVE-2024-45400 (ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text ...) NOT-FOR-US: ckeditor-plugin-openlink CKEditor plugin CVE-2024-42495 (Credentials to access device configuration were transmitted using an u ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1486a82c08777bb9ca70861444079f886993e695 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1486a82c08777bb9ca70861444079f886993e695 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge rust-quinn-proto RUSTSEC-2024-0373 with CVE-2024-45311 entry
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6e711f7a by Salvatore Bonaccorso at 2024-09-08T20:32:38+02:00 Merge rust-quinn-proto RUSTSEC-2024-0373 with CVE-2024-45311 entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,3 @@ -CVE-2024- [RUSTSEC-2024-0373] - - rust-quinn-proto (Only affects 0.11.x) - NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0373.html CVE-2024-8572 (A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been ...) NOT-FOR-US: Gouniverse GoLang CMS CVE-2024-8571 (A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a ...) @@ -1220,7 +1217,9 @@ CVE-2024-45313 (Overleaf is a web-based collaborative LaTeX editor. When install CVE-2024-45312 (Overleaf is a web-based collaborative LaTeX editor. Overleaf Community ...) - overleaf (bug #973563) CVE-2024-45311 (Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ...) - TODO: check + - rust-quinn-proto (Only affects 0.11.x) + NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0373.html + NOTE: https://github.com/advisories/GHSA-vr26-jcq5-fjj8 CVE-2024-45308 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...) NOT-FOR-US: HedgeDoc CVE-2024-45306 (Vim is an open source, command line text editor. Patch v9.1.0038 optim ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e711f7a880507931db4c0b1fccd3c055f1bdfba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e711f7a880507931db4c0b1fccd3c055f1bdfba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ec50febb by security tracker role at 2024-09-08T08:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,37 @@ +CVE-2024-8572 (A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been ...) + TODO: check +CVE-2024-8571 (A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a ...) + TODO: check +CVE-2024-8570 (A vulnerability was found in itsourcecode Tailoring Management System ...) + TODO: check +CVE-2024-8569 (A vulnerability has been found in code-projects Hospital Management Sy ...) + TODO: check +CVE-2024-8568 (A vulnerability, which was classified as critical, was found in Mini-T ...) + TODO: check +CVE-2024-8567 (A vulnerability, which was classified as critical, has been found in i ...) + TODO: check +CVE-2024-8566 (A vulnerability classified as problematic was found in code-projects O ...) + TODO: check +CVE-2024-8565 (A vulnerability was found in SourceCodesters Clinics Patient Managemen ...) + TODO: check +CVE-2024-8564 (A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been ...) + TODO: check +CVE-2024-6928 (The Opti Marketing WordPress plugin through 2.0.9 does not properly sa ...) + TODO: check +CVE-2024-6925 (The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check ...) + TODO: check +CVE-2024-6924 (The TrueBooker WordPress plugin before 1.0.3 does not properly saniti ...) + TODO: check +CVE-2024-6859 (The WP MultiTasking WordPress plugin through 0.1.12 does not validate ...) + TODO: check +CVE-2024-6856 (The WP MultiTasking WordPress plugin through 0.1.12 does not have CSR ...) + TODO: check +CVE-2024-6855 (The WP MultiTasking WordPress plugin through 0.1.12 does not have CSR ...) + TODO: check +CVE-2024-6853 (The WP MultiTasking WordPress plugin through 0.1.12 does not have CSR ...) + TODO: check +CVE-2024-6852 (The WP MultiTasking WordPress plugin through 0.1.12 does not have CSR ...) + TODO: check CVE-2024-8563 (A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been ...) NOT-FOR-US: SourceCodester PHP CRUD CVE-2024-8562 (A vulnerability was found in SourceCodester PHP CRUD 1.0 and classifie ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec50febb1eecb402cb0eb2960a29ce223f945ef4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec50febb1eecb402cb0eb2960a29ce223f945ef4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for asterisk issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f402f14b by Salvatore Bonaccorso at 2024-09-08T07:02:58+02:00 Track fixed version for asterisk issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -381,7 +381,11 @@ CVE-2024-44587 (itsourcecode Alton Management System 1.0 is vulnerable to SQL In CVE-2024-42885 (SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an a ...) NOT-FOR-US: ESAFENET CDG CVE-2024-42491 (Asterisk is an open-source private branch exchange (PBX). Prior to ver ...) - TODO: check + - asterisk 1:20.9.3~dfsg+~cs6.14.60671435-1 + NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9 + NOTE: https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2 (18.24.3) + NOTE: https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0 (20.9.3) + NOTE: https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742 (21.4.3) CVE-2024-24759 (MindsDB is a platform for building artificial intelligence from enterp ...) NOT-FOR-US: MindsDB CVE-2023-51712 (An issue was discovered in Trusted Firmware-M through 2.0.0. The lack ...) @@ -6667,7 +6671,7 @@ CVE-2024-42408 (The InfoScan client download page can be intercepted with a prox CVE-2024-42366 (VRCX is an assistant/companion application for VRChat. In versions pri ...) NOT-FOR-US: VRCX CVE-2024-42365 (Asterisk is an open source private branch exchange (PBX) and telephony ...) - - asterisk (bug #1078574) + - asterisk 1:20.9.3~dfsg+~cs6.14.60671435-1 (bug #1078574) NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44 NOTE: https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71 (21.4.2) NOTE: https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993 (20.9.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f402f14b5feb0f5c1d06b92f2c47350b640e20bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f402f14b5feb0f5c1d06b92f2c47350b640e20bf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed verison for ruby-sidekiq issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7f94b60d by Salvatore Bonaccorso at 2024-09-08T06:54:57+02:00 Track fixed verison for ruby-sidekiq issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -120014,7 +120014,7 @@ CVE-2023-26143 (Versions of the package blamer before 1.0.4 are vulnerable to Ar CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...) NOT-FOR-US: Crow CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial ...) - - ruby-sidekiq (bug #1059300) + - ruby-sidekiq 7.2.1+dfsg-2 (bug #1059300) [bookworm] - ruby-sidekiq (Minor issue) [bullseye] - ruby-sidekiq (Minor issue) [buster] - ruby-sidekiq (Minor issue, DoS still possible) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f94b60d1c36a9d8a4b358cf8ba584d2197e91ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f94b60d1c36a9d8a4b358cf8ba584d2197e91ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a91ac033 by Salvatore Bonaccorso at 2024-09-07T23:02:17+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,49 +29,49 @@ CVE-2024-6849 (The Preloader Plus \u2013 WordPress Loading Screen Plugin plugin CVE-2024-6010 (The Cost Calculator Builder PRO plugin for WordPress is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2024-42024 (A vulnerability that allows an attacker in possession of the Veeam ONE ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-42023 (An improper access control vulnerability allows low-privileged users t ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-42022 (An incorrect permission assignment vulnerability allows an attacker to ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-42021 (An improper access control vulnerability allows an attacker with valid ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-42020 (A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widg ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-42019 (A vulnerability that allows an attacker to access the NTLM hash of the ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-40718 (A server side request forgery vulnerability allows a low-privileged us ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-40714 (An improper certificate validation vulnerability in TLS certificate va ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-40713 (A vulnerability that allows a user who has been assigned a low-privile ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-40712 (A path traversal vulnerability allows an attacker with a low-privilege ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-40711 (A deserialization of untrusted data vulnerability with a malicious pay ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-40710 (A series of related high-severity vulnerabilities, the most notable en ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-40709 (A missing authorization vulnerability allows a local low-privileged us ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-40681 (IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in ...) NOT-FOR-US: IBM CVE-2024-40680 (IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a d ...) NOT-FOR-US: IBM CVE-2024-39718 (An improper input validation vulnerability that allows a low-privilege ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-39715 (A code injection vulnerability that allows a low-privileged user with ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-39714 (A code injection vulnerability that permits a low-privileged user to u ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-38651 (A code injection vulnerability can allow a low-privileged user to over ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-38650 (An authentication bypass vulnerability can allow a low privileged atta ...) - TODO: check + NOT-FOR-US: Veeam CVE-2024-37068 (IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 us ...) NOT-FOR-US: IBM CVE-2024-1596 (The Ninja Forms - File Uploads plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8521 (A vulnerability, which was classified as problematic, was found in Wav ...) NOT-FOR-US: Wavelog CVE-2024-8439 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a91ac033f070b8e749fb7531a0436ac07748dd01 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a91ac033f070b8e749fb7531a0436ac07748dd01 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90476f59 by Salvatore Bonaccorso at 2024-09-07T22:56:03+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55,9 +55,9 @@ CVE-2024-40710 (A series of related high-severity vulnerabilities, the most nota CVE-2024-40709 (A missing authorization vulnerability allows a local low-privileged us ...) TODO: check CVE-2024-40681 (IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-40680 (IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a d ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-39718 (An improper input validation vulnerability that allows a low-privilege ...) TODO: check CVE-2024-39715 (A code injection vulnerability that allows a low-privileged user with ...) @@ -69,7 +69,7 @@ CVE-2024-38651 (A code injection vulnerability can allow a low-privileged user t CVE-2024-38650 (An authentication bypass vulnerability can allow a low privileged atta ...) TODO: check CVE-2024-37068 (IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 us ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-1596 (The Ninja Forms - File Uploads plugin for WordPress is vulnerable to S ...) TODO: check CVE-2024-8521 (A vulnerability, which was classified as problematic, was found in Wav ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90476f59be8c9b9fed90b4a29ee84eab6adfc4f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90476f59be8c9b9fed90b4a29ee84eab6adfc4f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: edd0cd43 by Salvatore Bonaccorso at 2024-09-07T22:54:14+02:00 Process some NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,33 +1,33 @@ CVE-2024-8563 (A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been ...) - TODO: check + NOT-FOR-US: SourceCodester PHP CRUD CVE-2024-8562 (A vulnerability was found in SourceCodester PHP CRUD 1.0 and classifie ...) - TODO: check + NOT-FOR-US: SourceCodester PHP CRUD CVE-2024-8561 (A vulnerability has been found in SourceCodester PHP CRUD 1.0 and clas ...) - TODO: check + NOT-FOR-US: SourceCodester PHP CRUD CVE-2024-8560 (A vulnerability, which was classified as critical, was found in Source ...) - TODO: check + NOT-FOR-US: SourceCodester Simple Invoice Generator System CVE-2024-8559 (A vulnerability, which was classified as critical, has been found in S ...) - TODO: check + NOT-FOR-US: SourceCodester Online Food Menu CVE-2024-8558 (A vulnerability classified as problematic was found in SourceCodester ...) - TODO: check + NOT-FOR-US: SourceCodester Food Ordering Management System CVE-2024-8557 (A vulnerability classified as critical has been found in SourceCodeste ...) - TODO: check + NOT-FOR-US: SourceCodester Food Ordering Management System CVE-2024-8555 (A vulnerability was found in SourceCodester Clinics Patient Management ...) - TODO: check + NOT-FOR-US: SourceCodester Clinics Patient Management System CVE-2024-8554 (A vulnerability was found in SourceCodester Clinics Patient Management ...) - TODO: check + NOT-FOR-US: SourceCodester Clinics Patient Management System CVE-2024-8538 (The Big File Uploads \u2013 Increase Maximum File Upload Size plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8523 (A vulnerability was found in lmxcms up to 1.4 and classified as critic ...) - TODO: check + NOT-FOR-US: lmxcms CVE-2024-7620 (The Customizer Export/Import plugin for WordPress is vulnerable to arb ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7112 (The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-6849 (The Preloader Plus \u2013 WordPress Loading Screen Plugin plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-6010 (The Cost Calculator Builder PRO plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-42024 (A vulnerability that allows an attacker in possession of the Veeam ONE ...) TODO: check CVE-2024-42023 (An improper access control vulnerability allows low-privileged users t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edd0cd433d664bb790b890adc3fcbc1207fcce67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edd0cd433d664bb790b890adc3fcbc1207fcce67 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 03c6f15c by security tracker role at 2024-09-07T20:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,77 @@ +CVE-2024-8563 (A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been ...) + TODO: check +CVE-2024-8562 (A vulnerability was found in SourceCodester PHP CRUD 1.0 and classifie ...) + TODO: check +CVE-2024-8561 (A vulnerability has been found in SourceCodester PHP CRUD 1.0 and clas ...) + TODO: check +CVE-2024-8560 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2024-8559 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2024-8558 (A vulnerability classified as problematic was found in SourceCodester ...) + TODO: check +CVE-2024-8557 (A vulnerability classified as critical has been found in SourceCodeste ...) + TODO: check +CVE-2024-8555 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + TODO: check +CVE-2024-8554 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + TODO: check +CVE-2024-8538 (The Big File Uploads \u2013 Increase Maximum File Upload Size plugin f ...) + TODO: check +CVE-2024-8523 (A vulnerability was found in lmxcms up to 1.4 and classified as critic ...) + TODO: check +CVE-2024-7620 (The Customizer Export/Import plugin for WordPress is vulnerable to arb ...) + TODO: check +CVE-2024-7112 (The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin plugin ...) + TODO: check +CVE-2024-6849 (The Preloader Plus \u2013 WordPress Loading Screen Plugin plugin for W ...) + TODO: check +CVE-2024-6010 (The Cost Calculator Builder PRO plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-42024 (A vulnerability that allows an attacker in possession of the Veeam ONE ...) + TODO: check +CVE-2024-42023 (An improper access control vulnerability allows low-privileged users t ...) + TODO: check +CVE-2024-42022 (An incorrect permission assignment vulnerability allows an attacker to ...) + TODO: check +CVE-2024-42021 (An improper access control vulnerability allows an attacker with valid ...) + TODO: check +CVE-2024-42020 (A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widg ...) + TODO: check +CVE-2024-42019 (A vulnerability that allows an attacker to access the NTLM hash of the ...) + TODO: check +CVE-2024-40718 (A server side request forgery vulnerability allows a low-privileged us ...) + TODO: check +CVE-2024-40714 (An improper certificate validation vulnerability in TLS certificate va ...) + TODO: check +CVE-2024-40713 (A vulnerability that allows a user who has been assigned a low-privile ...) + TODO: check +CVE-2024-40712 (A path traversal vulnerability allows an attacker with a low-privilege ...) + TODO: check +CVE-2024-40711 (A deserialization of untrusted data vulnerability with a malicious pay ...) + TODO: check +CVE-2024-40710 (A series of related high-severity vulnerabilities, the most notable en ...) + TODO: check +CVE-2024-40709 (A missing authorization vulnerability allows a local low-privileged us ...) + TODO: check +CVE-2024-40681 (IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in ...) + TODO: check +CVE-2024-40680 (IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a d ...) + TODO: check +CVE-2024-39718 (An improper input validation vulnerability that allows a low-privilege ...) + TODO: check +CVE-2024-39715 (A code injection vulnerability that allows a low-privileged user with ...) + TODO: check +CVE-2024-39714 (A code injection vulnerability that permits a low-privileged user to u ...) + TODO: check +CVE-2024-38651 (A code injection vulnerability can allow a low-privileged user to over ...) + TODO: check +CVE-2024-38650 (An authentication bypass vulnerability can allow a low privileged atta ...) + TODO: check +CVE-2024-37068 (IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 us ...) + TODO: check +CVE-2024-1596 (The Ninja Forms - File Uploads plugin for WordPress is vulnerable to S ...) + TODO: check CVE-2024-8521 (A vulnerability, which was classified as problematic, was found in Wav ...) NOT-FOR-US: Wavelog CVE-2024-8439 @@ -30,6 +104,7 @@ CVE-2024-8394 (When aborting the verification of an OTR chat session, an attacke [bullseye] - thunderbird (Vulnerable code not present) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8394 CVE-2024-7652 (An error in the ECMA-262 specification
[Git][security-tracker-team/security-tracker][master] Add upstream commit references for CVE-2023-27043
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f2dee33 by Salvatore Bonaccorso at 2024-09-07T17:25:57+02:00 Add upstream commit references for CVE-2023-27043 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -117603,6 +117603,10 @@ CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-m [bullseye] - pypy3 (Minor issue, wait until upstream has decided whether to backport to older branches) [buster] - pypy3 (Minor issue, wait until upstream has decided whether to backport to older branches) NOTE: https://github.com/python/cpython/issues/102988 + NOTE: https://github.com/python/cpython/commit/15068242bd4405475f70a81805a8895ca309a310 (v3.12.6) + NOTE: https://github.com/python/cpython/commit/bc4a703a934a59657ecd018320ef990bc5542803 (v3.11.10) + NOTE: https://github.com/python/cpython/commit/2a9273a0e4466e2f057f9ce6fe98cd8ce570331b (v3.10.15) + NOTE: https://github.com/python/cpython/commit/ee953f2b8fc12ee9b8209ab60a2f06c603e5a624 (v3.9.20) CVE-2023-27042 (Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/Se ...) NOT-FOR-US: Tenda CVE-2023-27041 (School Registration and Fee System v1.0 was discovered to contain a SQ ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2dee333925977a95e5ce02f4518fba4a49eabf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2dee333925977a95e5ce02f4518fba4a49eabf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for various python3.12 issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50e58df8 by Salvatore Bonaccorso at 2024-09-07T17:23:15+02:00
Track fixed version for various python3.12 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -988,7 +988,7 @@ CVE-2023-49233 (Insufficient access checks in Visual
Planning Admin Center 8 bef
NOT-FOR-US: Visual Planning Admin Center
CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython.
Regul ...)
- python3.13 3.13.0~rc2-1
- - python3.12
+ - python3.12 3.12.6-1
- python3.11
- python3.9
- python2.7
@@ -2732,7 +2732,7 @@ CVE-2023-7260 (Path Traversal vulnerability discovered in
OpenText\u2122 CX-E Vo
CVE-2024-8088 (There is a HIGH severity vulnerability affecting the CPython
"zipfile" ...)
{DSA-5759-1}
- python3.13 3.13.0~rc2-1
- - python3.12
+ - python3.12 3.12.6-1
- python3.11
- python3.9
- python2.7
@@ -3973,7 +3973,7 @@ CVE-2024-7922 (A vulnerability was found in D-Link
DNS-120, DNR-202L, DNS-315L,
NOT-FOR-US: D-Link
CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython,
specifically ...)
- python3.13 3.13.0~rc2-1
- - python3.12
+ - python3.12 3.12.6-1
- python3.11
[bookworm] - python3.11 (Minor issue, wait until merged
into 3.11 branch)
- python3.9
@@ -117587,7 +117587,7 @@ CVE-2023-27045
CVE-2023-27044
RESERVED
CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses
e-mail ad ...)
- - python3.12 (bug #1059299)
+ - python3.12 3.12.6-1 (bug #1059299)
- python3.11 (bug #1059298)
[bookworm] - python3.11 (Minor issue, wait until upstream
has decided whether to backport to older branches)
- python3.10
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50e58df88012f002fd3a4d21375465aa729910d6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50e58df88012f002fd3a4d21375465aa729910d6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-7652
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f6f89764 by Salvatore Bonaccorso at 2024-09-07T14:33:44+02:00
Add CVE-2024-7652
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -30,7 +30,14 @@ CVE-2024-8394 (When aborting the verification of an OTR chat
session, an attacke
[bullseye] - thunderbird (Vulnerable code not present)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8394
CVE-2024-7652 (An error in the ECMA-262 specification relating to Async
Generators co ...)
- TODO: check
+ - firefox 128.0-1
+ - firefox-esr 115.13.0esr-1
+ - thunderbird 1:115.13.0-1
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1901411
+ NOTE:
https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-7652
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-30/#CVE-2024-7652
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/#CVE-2024-7652
CVE-2024-7622 (The Revision Manager TMC plugin for WordPress is vulnerable to
unautho ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7611 (The Enter Addons \u2013 Ultimate Template Builder for Elementor
plugin ...)
=
data/DSA/list
=
@@ -109,7 +109,7 @@
[bullseye] - bind9 1:9.16.50-1~deb11u1
[bookworm] - bind9 1:9.18.28-1~deb12u1
[18 Jul 2024] DSA-5733-1 thunderbird - security update
- {CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6604}
+ {CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6604 CVE-2024-7652}
[bullseye] - thunderbird 1:115.13.0-1~deb11u1
[bookworm] - thunderbird 1:115.13.0-1~deb12u1
[18 Jul 2024] DSA-5732-1 chromium - security update
@@ -130,7 +130,7 @@
[bullseye] - exim4 4.94.2-7+deb11u3
[bookworm] - exim4 4.96-15+deb12u5
[10 Jul 2024] DSA-5727-1 firefox-esr - security update
- {CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6604}
+ {CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6604 CVE-2024-7652}
[bullseye] - firefox-esr 115.13.0esr-1~deb11u1
[bookworm] - firefox-esr 115.13.0esr-1~deb12u1
[05 Jul 2024] DSA-5726-1 krb5 - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6f89764af7f96b5d77f7809a613aa04ee558fa6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6f89764af7f96b5d77f7809a613aa04ee558fa6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for mariadb for bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 54d74a70 by Salvatore Bonaccorso at 2024-09-07T14:19:14+02:00 Track proposed update for mariadb for bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -70,3 +70,5 @@ CVE-2024-31755 [bookworm] - cjson 1.7.15-1+deb12u2 CVE-2023-52890 [bookworm] - ntfs-3g 1:2022.10.3-1+deb12u1 +CVE-2024-21096 + [bookworm] - mariadb 1:10.11.9-0+deb12u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d74a70b2d7f7db87544f89567d5e1a66872a36 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d74a70b2d7f7db87544f89567d5e1a66872a36 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream tags for CVE-2024-6232
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8471a180 by Salvatore Bonaccorso at 2024-09-07T13:53:25+02:00 Reference upstream tags for CVE-2024-6232 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -988,10 +988,10 @@ CVE-2024-6232 (There is a MEDIUM severity vulnerability affecting CPython. [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) NOTE: https://github.com/python/cpython/issues/121285 NOTE: https://github.com/python/cpython/pull/121286 - NOTE: https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373 (3.13-branch) - NOTE: https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 (3.12-branch) - NOTE: https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf (3.11-branch) - NOTE: https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 (3.10-branch) + NOTE: https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373 (v3.13.0rc2) + NOTE: https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 (v3.12.6) + NOTE: https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf (v3.11.10) + NOTE: https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 (v3.10.15) CVE-2024-45231 - python-django 3:4.2.16-1 [bookworm] - python-django (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8471a180aeee97d0add60d5546622ac6d90d81d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8471a180aeee97d0add60d5546622ac6d90d81d7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream tags for CVE-2024-8088
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5ce594d1 by Salvatore Bonaccorso at 2024-09-07T13:49:42+02:00 Reference upstream tags for CVE-2024-8088 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2733,13 +2733,13 @@ CVE-2024-8088 (There is a HIGH severity vulnerability affecting the CPython "zip NOTE: https://mail.python.org/archives/list/security-annou...@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ NOTE: https://github.com/python/cpython/pull/122906 NOTE: https://github.com/python/cpython/issues/122905 - NOTE: https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 (3.13-branch) - NOTE: https://github.com/python/cpython/commit/dcc5182f27c156a1ef78e10613bb45788dea (3.12-branch) - NOTE: https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e (3.11-branch) - NOTE: https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db (3.10-branch) + NOTE: https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 (v3.13.0rc2) + NOTE: https://github.com/python/cpython/commit/dcc5182f27c156a1ef78e10613bb45788dea (v3.12.6) + NOTE: https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e (v3.11.10) + NOTE: https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db (v3.10.15) NOTE: Regression (cf. #1080245): https://github.com/python/cpython/issues/123270 - NOTE: Regression fixed by https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798 (3.11-branch) - NOTE: Regression fixed by https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7 (3.9-branch) + NOTE: Regression fixed by: https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798 (v3.11.10) + NOTE: Regression fixed by: https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7 (v3.9.20) CVE-2024-8077 (A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. ...) NOT-FOR-US: TOTOLINK CVE-2024-8076 (A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ce594d1cc1002e84af6929e3b0364d31fbfb0a2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ce594d1cc1002e84af6929e3b0364d31fbfb0a2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-49582/apr
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b99ac55a by Salvatore Bonaccorso at 2024-09-07T13:45:08+02:00 Track fixed version for CVE-2023-49582/apr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2251,7 +2251,7 @@ CVE-2024-34087 (An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6 CVE-2024-28077 (A denial-of-service issue was discovered on certain GL-iNet devices. S ...) NOT-FOR-US: GL-iNet devices CVE-2023-49582 (Lax permissions set by the Apache Portable Runtime library on Unix pla ...) - - apr (bug #1080375) + - apr 1.7.5-1 (bug #1080375) [bookworm] - apr (Minor issue) [bullseye] - apr (Minor issue; can be fixed in next update) NOTE: https://www.openwall.com/lists/oss-security/2024/08/26/1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b99ac55a2ee4f2f46069b254753627210514a280 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b99ac55a2ee4f2f46069b254753627210514a280 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-7592
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 78150762 by Salvatore Bonaccorso at 2024-09-07T13:43:46+02:00 Update status for CVE-2024-7592 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3973,6 +3973,11 @@ CVE-2024-7592 (There is a LOW severity vulnerability affecting CPython, specific [bullseye] - python3.9 (Minor issue, wait until merged into 3.9 branch) NOTE: https://github.com/python/cpython/pull/123075 NOTE: https://github.com/python/cpython/issues/123067 + NOTE: https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621 (v3.13.0rc2) + NOTE: https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1 (v3.12.6) + NOTE: https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f (v3.11.10) + NOTE: https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a (v3.10.15) + NOTE: https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774 (v3.9.20) NOTE: https://mail.python.org/archives/list/security-annou...@python.org/thread/HXJLNUNGCQUS2W7WR6GFIZIHFOOK/ CVE-2024-6348 (Predictable seed generation in the security access mechanism of UDS in ...) NOT-FOR-US: Nissan View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/781507624347205c5d0e0133d9846e6f422546ea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/781507624347205c5d0e0133d9846e6f422546ea You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-6923
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfa3c548 by Salvatore Bonaccorso at 2024-09-07T13:38:47+02:00 Update status for CVE-2024-6923 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8110,7 +8110,7 @@ CVE-2024-7211 (The 1E Platform's component utilized the third-party Duende Ident NOT-FOR-US: 1E Platform CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython. The emai ...) - python3.13 3.13.0~rc2-1 - - python3.12 + - python3.12 3.12.5-1 - python3.11 [bookworm] - python3.11 (Minor issue, wait until merged into 3.11 branch) - python3.9 @@ -8119,6 +8119,11 @@ CVE-2024-6923 (There is a MEDIUM severity vulnerability affecting CPython. The [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) NOTE: https://github.com/python/cpython/issues/121650 NOTE: https://github.com/python/cpython/pull/122233 + NOTE: https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0 (v3.13.0rc2) + NOTE: https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7 (v3.12.5) + NOTE: https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533 (v3.11.10) + NOTE: https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147 (v3.10.15) + NOTE: https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6 (v3.9.20) CVE-2024-6873 (It is possible to crash or redirect the execution flow of the ClickHou ...) - clickhouse (bug #1077820) [bookworm] - clickhouse (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa3c5481d64b788d3af20f74efd4c695b4887b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa3c5481d64b788d3af20f74efd4c695b4887b8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 50dfd2af by Salvatore Bonaccorso at 2024-09-07T10:44:32+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2024-8521 (A vulnerability, which was classified as problematic, was found in Wav ...) - TODO: check + NOT-FOR-US: Wavelog CVE-2024-8439 REJECTED CVE-2024-45771 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: RapidCMS CVE-2024-44845 (DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated ...) - TODO: check + NOT-FOR-US: DrayTek Vigor3900 CVE-2024-44844 (DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated ...) - TODO: check + NOT-FOR-US: DrayTek Vigor3900 CVE-2024-44839 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: RapidCMS CVE-2024-44838 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: RapidCMS CVE-2024-8443 - opensc [bookworm] - opensc (Minor issue) @@ -21,7 +21,7 @@ CVE-2024-8517 (SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html?lang=fr NOTE: https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/ CVE-2024-8509 (A vulnerability was found in Forklift Controller. There is no verifica ...) - TODO: check + NOT-FOR-US: Forklift Controller CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for WordPres ...) NOT-FOR-US: WordPress plugin CVE-2024-8394 (When aborting the verification of an OTR chat session, an attacker cou ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50dfd2af7d9399ef75336407f6568bfccb5f3f5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50dfd2af7d9399ef75336407f6568bfccb5f3f5a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: df75550d by security tracker role at 2024-09-07T08:12:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,17 @@ +CVE-2024-8521 (A vulnerability, which was classified as problematic, was found in Wav ...) + TODO: check +CVE-2024-8439 + REJECTED +CVE-2024-45771 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-44845 (DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated ...) + TODO: check +CVE-2024-44844 (DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated ...) + TODO: check +CVE-2024-44839 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2024-44838 (RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check CVE-2024-8443 - opensc [bookworm] - opensc (Minor issue) @@ -107,11 +121,11 @@ CVE-2023-34979 (An OS command injection vulnerability has been reported to affec NOT-FOR-US: QNAP CVE-2023-34974 (An OS command injection vulnerability has been reported to affect seve ...) NOT-FOR-US: QNAP -CVE-2024-45498 +CVE-2024-45498 (Example DAG: example_inlet_event_extra.py shipped with Apache Airflow ...) - airflow (bug #819700) -CVE-2024-45034 +CVE-2024-45034 (Apache Airflow versions before 2.10.1 have a vulnerability that allows ...) - airflow (bug #819700) -CVE-2024-34158 +CVE-2024-34158 (Calling Parse on a "// +build" build tag line with deeply nested expre ...) - golang-1.23 - golang-1.22 - golang-1.21 @@ -122,7 +136,7 @@ CVE-2024-34158 NOTE: https://go.dev/issue/69141 NOTE: https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) NOTE: https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) -CVE-2024-34156 +CVE-2024-34156 (Calling Decoder.Decode on a message which contains deeply nested struc ...) - golang-1.23 - golang-1.22 - golang-1.21 @@ -133,7 +147,7 @@ CVE-2024-34156 NOTE: https://go.dev/issue/69139 NOTE: https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) NOTE: https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) -CVE-2024-34155 +CVE-2024-34155 (Calling any of the Parse functions on Go source code which contains de ...) - golang-1.23 - golang-1.22 - golang-1.21 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df75550d9cd46dced8112ea4793a2e6396e1fafb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df75550d9cd46dced8112ea4793a2e6396e1fafb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-8443/opensc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b58f91f by Salvatore Bonaccorso at 2024-09-07T09:39:57+02:00 Add CVE-2024-8443/opensc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2024-8443 + - opensc + [bookworm] - opensc (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2310494 CVE-2024-8517 (SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command inje ...) - spip 4.3.2+dfsg-1 NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html?lang=fr View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b58f91feb40dadb0acf7637c82e8045d9f940c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b58f91feb40dadb0acf7637c82e8045d9f940c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4dd85d12 by Salvatore Bonaccorso at 2024-09-07T09:37:36+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -34,11 +34,11 @@ CVE-2024-45299 (alf.io is an open source ticket reservation system for conferenc CVE-2024-45295 REJECTED CVE-2024-45294 (The HL7 FHIR Core Artifacts repository provides the java core object h ...) - TODO: check + NOT-FOR-US: HL7 FHIR Core Artifacts CVE-2024-45040 (gnark is a fast zk-SNARK library that offers a high-level API to desig ...) - TODO: check + NOT-FOR-US: gnark CVE-2024-45039 (gnark is a fast zk-SNARK library that offers a high-level API to desig ...) - TODO: check + NOT-FOR-US: gnark CVE-2024-44837 (A cross-site scripting (XSS) vulnerability in the component \bean\Mana ...) NOT-FOR-US: Drug CVE-2024-44739 (Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerabi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dd85d1271854cdf4a1ba6a26472a2d967d6b051 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4dd85d1271854cdf4a1ba6a26472a2d967d6b051 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-8418/aardvark-dns
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 92c7f28e by Salvatore Bonaccorso at 2024-09-07T09:32:14+02:00 Update status for CVE-2024-8418/aardvark-dns - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -330,11 +330,14 @@ CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (Cla NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They cont ...) - aardvark-dns 1.12.2-1 (bug #1080964) - [bookworm] - aardvark-dns (Minor issue) + [bookworm] - aardvark-dns (Vulnerable code not present) NOTE: https://github.com/containers/aardvark-dns/issues/500 NOTE: https://github.com/containers/aardvark-dns/pull/503 - NOTE: https://github.com/containers/aardvark-dns/commit/6d76c50978755b8162d176ec7eea0e09f8d57a42 - NOTE: https://github.com/containers/aardvark-dns/commit/39d0043c306c936fb5b6480b456cc1fdec869e25 + NOTE: Introduced with https://github.com/containers/aardvark-dns/commit/a3ffae3ba9efa5c6dc9d332b792aeab3cb71832e (v1.12.0) + NOTE: https://github.com/containers/aardvark-dns/commit/6d76c50978755b8162d176ec7eea0e09f8d57a42 (main) + NOTE: https://github.com/containers/aardvark-dns/commit/39d0043c306c936fb5b6480b456cc1fdec869e25 (main) + NOTE: https://github.com/containers/aardvark-dns/commit/aa109bbd6743abd7027e589cc4b871dd2dce7d50 (v1.12.2) + NOTE: https://github.com/containers/aardvark-dns/commit/4a27dcfea4e3f203f169c28e1a2ea8a6fe193912 (v1.12.2) CVE-2024-8417 (A vulnerability was found in \u4e91\u8bfe\u7f51\u7edc\u79d1\u6280\u670 ...) NOT-FOR-US: Yunke Online School System CVE-2024-8416 (A vulnerability was found in SourceCodester Food Ordering Management S ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c7f28e53742d683b206ca8486ffac55eba9783 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92c7f28e53742d683b206ca8486ffac55eba9783 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e08a5e5b by Salvatore Bonaccorso at 2024-09-06T22:51:34+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -22,15 +22,15 @@ CVE-2024-7599 (The Advanced Sermons plugin for WordPress is
vulnerable to Stored
CVE-2024-7493 (The WPCOM Member plugin for WordPress is vulnerable to
privilege escal ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6445 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: DataFlowX Technology DataDiodeX
CVE-2024-45758 (H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily
set the JD ...)
TODO: check
CVE-2024-45405 (`gix-path` is a crate of the `gitoxide` project (an
implementation of ...)
TODO: check
CVE-2024-45300 (alf.io is an open source ticket reservation system for
conferences, tr ...)
- TODO: check
+ NOT-FOR-US: Alf.io
CVE-2024-45299 (alf.io is an open source ticket reservation system for
conferences, tr ...)
- TODO: check
+ NOT-FOR-US: Alf.io
CVE-2024-45295
REJECTED
CVE-2024-45294 (The HL7 FHIR Core Artifacts repository provides the java core
object h ...)
@@ -40,69 +40,69 @@ CVE-2024-45040 (gnark is a fast zk-SNARK library that
offers a high-level API to
CVE-2024-45039 (gnark is a fast zk-SNARK library that offers a high-level API
to desig ...)
TODO: check
CVE-2024-44837 (A cross-site scripting (XSS) vulnerability in the component
\bean\Mana ...)
- TODO: check
+ NOT-FOR-US: Drug
CVE-2024-44739 (Sourcecodester Simple Forum Website v1.0 has a SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Simple Forum Website
CVE-2024-44408 (D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to
Information Disclo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44402 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection
via msp_ ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-44401 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection
via sub4 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2024-38642 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38641 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-38640 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32771 (An improper restriction of excessive authentication attempts
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32763 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-32762 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27126 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27125 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-27122 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-25584 (Dovecot accepts dot LF DOT LF symbol as end of DATA command.
RFC requi ...)
- TODO: check
+ NOT-FOR-US: OX Dovecot Pro core
CVE-2024-21906 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21904 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21903 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21898 (An OS command injection vulnerability has been reported to
affect seve ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-21897 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-1744 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Ariva Computer Accord ORS
CVE-2023-51368 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-51367 (A buffer copy without checking size of input vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2023-51366 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-202
[Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51ce462d by Salvatore Bonaccorso at 2024-09-06T22:42:16+02:00 Add thunderbird to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -48,6 +48,8 @@ smarty3 -- smarty4 -- +thunderbird (jmm) +-- twisted -- xen View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51ce462dffeae6bf8e151aef6c8f07d90b544b31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51ce462dffeae6bf8e151aef6c8f07d90b544b31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new thunderbird issues from mfsa2024-{43,44}
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4eaf708 by Salvatore Bonaccorso at 2024-09-06T22:40:37+02:00
Add new thunderbird issues from mfsa2024-{43,44}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -7,7 +7,10 @@ CVE-2024-8509 (A vulnerability was found in Forklift
Controller. There is no ver
CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for
WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8394 (When aborting the verification of an OTR chat session, an
attacker cou ...)
- TODO: check
+ - thunderbird
+ [bookworm] - thunderbird (Vulnerable code not present)
+ [bullseye] - thunderbird (Vulnerable code not present)
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8394
CVE-2024-7652 (An error in the ECMA-262 specification relating to Async
Generators co ...)
TODO: check
CVE-2024-7622 (The Revision Manager TMC plugin for WordPress is vulnerable to
unautho ...)
@@ -829,19 +832,34 @@ CVE-2024-8388 (Multiple prompts and panels from both
Firefox and the Android OS
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8388
CVE-2024-8387 (Memory safety bugs present in Firefox 129, Firefox ESR 128.1,
and Thun ...)
- firefox 130.0-1
+ - thunderbird
+ [bookworm] - thunderbird (Vulnerable code not present)
+ [bullseye] - thunderbird (Vulnerable code not present)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8387
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8387
CVE-2024-8386 (If a site had been granted the permission to open popup
windows, it co ...)
- firefox 130.0-1
+ - thunderbird
+ [bookworm] - thunderbird (Vulnerable code not present)
+ [bullseye] - thunderbird (Vulnerable code not present)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8386
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8386
CVE-2024-8385 (A difference in the handling of StructFields and ArrayTypes in
WASM co ...)
- firefox 130.0-1
+ - thunderbird
+ [bookworm] - thunderbird (Vulnerable code not present)
+ [bullseye] - thunderbird (Vulnerable code not present)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8385
CVE-2024-8384 (The JavaScript garbage collector could mis-color
cross-compartment obj ...)
{DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
+ - thunderbird
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8384
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8384
CVE-2024-8383 (Firefox normally asks for confirmation before asking the
operating sys ...)
{DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
@@ -852,14 +870,20 @@ CVE-2024-8382 (Internal browser event interfaces were
exposed to web content whe
{DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
+ - thunderbird
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8382
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8382
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8382
CVE-2024-8381 (A potentially exploitable type confusion could be triggered
when looki ...)
{DSA-5765-1 DLA-3869-1}
- firefox 130.0-1
- firefox-esr 115.15.0esr-1
+ - thunderbird
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8381
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8381
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8381
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-44/#CVE-2024-8381
CVE-2024-8374 (UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are
vulnerab ...)
- cura (Vulnerable code not present)
NOTE: Introduced by:
https://github.com/Ultimaker/Cura/commit/55e5cd8982e266a8b28b062fb113e150aaef815d
(5.7.0-beta.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4eaf708eef0a5d30d721ce0a5fd
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a45297b7 by Salvatore Bonaccorso at 2024-09-06T22:33:42+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5,19 +5,19 @@ CVE-2024-8517 (SPIP before 4.3.2, 4.2.16, and 4.1.18 is
vulnerable to a command
CVE-2024-8509 (A vulnerability was found in Forklift Controller. There is no
verifica ...)
TODO: check
CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8394 (When aborting the verification of an OTR chat session, an
attacker cou ...)
TODO: check
CVE-2024-7652 (An error in the ECMA-262 specification relating to Async
Generators co ...)
TODO: check
CVE-2024-7622 (The Revision Manager TMC plugin for WordPress is vulnerable to
unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7611 (The Enter Addons \u2013 Ultimate Template Builder for Elementor
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7599 (The Advanced Sermons plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7493 (The WPCOM Member plugin for WordPress is vulnerable to
privilege escal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-6445 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2024-45758 (H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily
set the JD ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a45297b7876d085745fd34914e82728e18b5ba62
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a45297b7876d085745fd34914e82728e18b5ba62
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-8517/spip
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 381ebdc4 by Salvatore Bonaccorso at 2024-09-06T22:28:47+02:00 Add CVE-2024-8517/spip - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2024-8517 (SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command inje ...) - TODO: check + - spip 4.3.2+dfsg-1 + NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-2-SPIP-4-2-16-SPIP-4-1-18.html?lang=fr + NOTE: https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_2_a_big_upload/ CVE-2024-8509 (A vulnerability was found in Forklift Controller. There is no verifica ...) TODO: check CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for WordPres ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/381ebdc4cf6dc97b8f99053e670f888d311e6242 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/381ebdc4cf6dc97b8f99053e670f888d311e6242 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
741dd860 by security tracker role at 2024-09-06T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,3 +1,103 @@
+CVE-2024-8517 (SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a
command inje ...)
+ TODO: check
+CVE-2024-8509 (A vulnerability was found in Forklift Controller. There is no
verifica ...)
+ TODO: check
+CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for
WordPres ...)
+ TODO: check
+CVE-2024-8394 (When aborting the verification of an OTR chat session, an
attacker cou ...)
+ TODO: check
+CVE-2024-7652 (An error in the ECMA-262 specification relating to Async
Generators co ...)
+ TODO: check
+CVE-2024-7622 (The Revision Manager TMC plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2024-7611 (The Enter Addons \u2013 Ultimate Template Builder for Elementor
plugin ...)
+ TODO: check
+CVE-2024-7599 (The Advanced Sermons plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2024-7493 (The WPCOM Member plugin for WordPress is vulnerable to
privilege escal ...)
+ TODO: check
+CVE-2024-6445 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2024-45758 (H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily
set the JD ...)
+ TODO: check
+CVE-2024-45405 (`gix-path` is a crate of the `gitoxide` project (an
implementation of ...)
+ TODO: check
+CVE-2024-45300 (alf.io is an open source ticket reservation system for
conferences, tr ...)
+ TODO: check
+CVE-2024-45299 (alf.io is an open source ticket reservation system for
conferences, tr ...)
+ TODO: check
+CVE-2024-45295
+ REJECTED
+CVE-2024-45294 (The HL7 FHIR Core Artifacts repository provides the java core
object h ...)
+ TODO: check
+CVE-2024-45040 (gnark is a fast zk-SNARK library that offers a high-level API
to desig ...)
+ TODO: check
+CVE-2024-45039 (gnark is a fast zk-SNARK library that offers a high-level API
to desig ...)
+ TODO: check
+CVE-2024-44837 (A cross-site scripting (XSS) vulnerability in the component
\bean\Mana ...)
+ TODO: check
+CVE-2024-44739 (Sourcecodester Simple Forum Website v1.0 has a SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2024-44408 (D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to
Information Disclo ...)
+ TODO: check
+CVE-2024-44402 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection
via msp_ ...)
+ TODO: check
+CVE-2024-44401 (D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection
via sub4 ...)
+ TODO: check
+CVE-2024-38642 (An improper certificate validation vulnerability has been
reported to ...)
+ TODO: check
+CVE-2024-38641 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2024-38640 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-32771 (An improper restriction of excessive authentication attempts
vulnerabi ...)
+ TODO: check
+CVE-2024-32763 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2024-32762 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-27126 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-27125 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-27122 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-25584 (Dovecot accepts dot LF DOT LF symbol as end of DATA command.
RFC requi ...)
+ TODO: check
+CVE-2024-21906 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2024-21904 (A path traversal vulnerability has been reported to affect
several QNA ...)
+ TODO: check
+CVE-2024-21903 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2024-21898 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2024-21897 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2024-1744 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-51368 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
+ TODO: check
+CVE-2023-51367 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-51366 (A path traversal vulnerability has been reported
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d9853b55 by Salvatore Bonaccorso at 2024-09-06T22:09:23+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -64,9 +64,9 @@ CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achie NOTE: https://github.com/fujita/tgt/pull/67 NOTE: https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd (v1.0.93) CVE-2024-45400 (ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text ...) - TODO: check + NOT-FOR-US: ckeditor-plugin-openlink CKEditor plugin CVE-2024-42495 (Credentials to access device configuration were transmitted using an u ...) - TODO: check + NOT-FOR-US: Hughes Network Systems CVE-2024-40865 (The issue was addressed by suspending Persona when the virtual keyboar ...) TODO: check CVE-2024-39585 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 ...) @@ -777,7 +777,7 @@ CVE-2024-6473 (Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking CVE-2024-4629 (A vulnerability was found in Keycloak. This flaw allows attackers to b ...) NOT-FOR-US: Keycloak CVE-2024-4259 (Improper Privilege Management vulnerability in SAMPA\u015e Holding AKO ...) - TODO: check + NOT-FOR-US: SAMPAS Holding AKOS CVE-2024-45678 (Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM ...) NOT-FOR-US: YubiKeys CVE-2024-45588 (This vulnerability exists in Symphony XTS Web Trading platform version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9853b55729ac9a3d563de5b52b0d41e832f7e0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9853b55729ac9a3d563de5b52b0d41e832f7e0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes for CVE-2024-3647 hardening
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b3e040f8 by Salvatore Bonaccorso at 2024-09-06T21:36:09+02:00 Add notes for CVE-2024-3647 hardening - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24756,6 +24756,9 @@ CVE-2024-36472 (In GNOME Shell through 45.7, a portal helper can be launched aut [bullseye] - gnome-shell (Minor issue) [buster] - gnome-shell (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/4ab1ccf3f21b754ce4be77becf5df46084a893d8 (47.beta) + NOTE: As hardening related to CVE-2024-36472, version gnome-shell/47~rc-3 disabled + NOTE: the portal helper popup window and uses the notification/browser method. CVE-2024-36110 (ansibleguy-webui is an open source WebUI for using Ansible. Multiple f ...) NOT-FOR-US: ansibleguy-webui CVE-2024-36109 (CoCalc is web-based software that enables collaboration in research, t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e040f8ba12bbb38736fd9b13677584946a4244 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e040f8ba12bbb38736fd9b13677584946a4244 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2024-8250
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f888128b by Salvatore Bonaccorso at 2024-09-06T21:18:21+02:00
Reference fix for CVE-2024-8250
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1534,6 +1534,7 @@ CVE-2024-8250 (NTLMSSP dissector crash in Wireshark 4.2.0
to 4.0.6 and 4.0.0 to
[bookworm] - wireshark (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-11.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19943
+ NOTE: Fixed by:
https://gitlab.com/wireshark/wireshark/-/commit/66dcd56f1eae615697b6588ac4778a61a5576391
(v4.3.1)
CVE-2024-8198 (Heap buffer overflow in Skia in Google Chrome prior to
128.0.6613.113 ...)
{DSA-5761-1}
- chromium 128.0.6613.113-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f888128b91c207177c3cdfcf8c9e0a7be14445d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f888128b91c207177c3cdfcf8c9e0a7be14445d4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add commit references for golang issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fc528d2 by Salvatore Bonaccorso at 2024-09-06T21:08:35+02:00 Add commit references for golang issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,6 +7,8 @@ CVE-2024-34158 - golang-1.15 NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc NOTE: https://go.dev/issue/69141 + NOTE: https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1) + NOTE: https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7) CVE-2024-34156 - golang-1.23 - golang-1.22 @@ -16,6 +18,8 @@ CVE-2024-34156 - golang-1.15 NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc NOTE: https://go.dev/issue/69139 + NOTE: https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1) + NOTE: https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7) CVE-2024-34155 - golang-1.23 - golang-1.22 @@ -25,6 +29,8 @@ CVE-2024-34155 - golang-1.15 NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc NOTE: https://go.dev/issue/69138 + NOTE: https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1) + NOTE: https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7) CVE-2023-52916 [media: aspeed: Fix memory overwrite if timing is 1600x900] - linux 6.6.8-1 NOTE: https://git.kernel.org/linus/c281355068bc258fd619c5aefd978595bede7bfe (6.6-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fc528d216298e0d398a28b7fd66b202dcb8b189 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fc528d216298e0d398a28b7fd66b202dcb8b189 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new go issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22aae87d by Salvatore Bonaccorso at 2024-09-06T11:46:22+02:00 Add new go issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,27 @@ +CVE-2024-34158 + - golang-1.23 + - golang-1.22 + - golang-1.21 + - golang-1.19 + - golang-1.15 + NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + NOTE: https://go.dev/issue/69141 +CVE-2024-34156 + - golang-1.23 + - golang-1.22 + - golang-1.21 + - golang-1.19 + - golang-1.15 + NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + NOTE: https://go.dev/issue/69139 +CVE-2024-34155 + - golang-1.23 + - golang-1.22 + - golang-1.21 + - golang-1.19 + - golang-1.15 + NOTE: https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc + NOTE: https://go.dev/issue/69138 CVE-2023-52916 [media: aspeed: Fix memory overwrite if timing is 1600x900] - linux 6.6.8-1 NOTE: https://git.kernel.org/linus/c281355068bc258fd619c5aefd978595bede7bfe (6.6-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22aae87d75b5997fc1a3dfdbe6d7938ae7838126 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22aae87d75b5997fc1a3dfdbe6d7938ae7838126 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 615cc0cb by Salvatore Bonaccorso at 2024-09-06T11:36:26+02:00 Merge Linux CVEs from kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2023-52916 [media: aspeed: Fix memory overwrite if timing is 1600x900] + - linux 6.6.8-1 + NOTE: https://git.kernel.org/linus/c281355068bc258fd619c5aefd978595bede7bfe (6.6-rc1) +CVE-2023-52915 [media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer] + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://git.kernel.org/linus/7bf744f2de0a848fb1d717f5831b03db96feae89 (6.6-rc1) CVE-2024-8480 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2024-8427 (The Frontend Post Submission Manager Lite \u2013 Frontend Posting Word ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615cc0cb7221f4bc9f51caff95a2efb1961c7afb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615cc0cb7221f4bc9f51caff95a2efb1961c7afb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c2452208 by Salvatore Bonaccorso at 2024-09-06T10:20:15+02:00 Process two more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,11 +25,11 @@ CVE-2024-42495 (Credentials to access device configuration were transmitted usin CVE-2024-40865 (The issue was addressed by suspending Persona when the virtual keyboar ...) TODO: check CVE-2024-39585 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-39278 (Credentials to access device configuration information stored unencryp ...) TODO: check CVE-2024-38486 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 ...) - TODO: check + NOT-FOR-US: Dell CVE-2024-8473 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...) NOT-FOR-US: Job Portal CVE-2024-8472 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2452208e93cc9f120537f33aed271dc7b82d282 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2452208e93cc9f120537f33aed271dc7b82d282 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2024-45751/tgt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9ee77e5f by Salvatore Bonaccorso at 2024-09-06T10:18:34+02:00 Add CVE-2024-45751/tgt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,7 +15,9 @@ CVE-2024-7349 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quiz CVE-2024-6792 (The WP ULike WordPress plugin before 4.7.2.1 does not properly saniti ...) NOT-FOR-US: WordPress plugin CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achieve ent ...) - TODO: check + - tgt + NOTE: https://github.com/fujita/tgt/pull/67 + NOTE: https://github.com/fujita/tgt/commit/abd8e0d987ab56013d360077202bf2aca20a42dd (v1.0.93) CVE-2024-45400 (ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text ...) TODO: check CVE-2024-42495 (Credentials to access device configuration were transmitted using an u ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee77e5f586d3c98cf349bef19842ff4205f0c28 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ee77e5f586d3c98cf349bef19842ff4205f0c28 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e39afa59 by Salvatore Bonaccorso at 2024-09-06T10:16:17+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2024-8480 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8427 (The Frontend Post Submission Manager Lite \u2013 Frontend Posting Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8317 (The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8292 (The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8247 (The Newsletters plugin for WordPress is vulnerable to privilege escala ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7415 (The Remember Me Controls plugin for WordPress is vulnerable to Full Pa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-7349 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-6792 (The WP ULike WordPress plugin before 4.7.2.1 does not properly saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achieve ent ...) TODO: check CVE-2024-45400 (ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39afa59d4021a34c14e34a270e81cd6654a8aa8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39afa59d4021a34c14e34a270e81cd6654a8aa8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7cb106dc by security tracker role at 2024-09-06T08:11:52+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2024-8480 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...) + TODO: check +CVE-2024-8427 (The Frontend Post Submission Manager Lite \u2013 Frontend Posting Word ...) + TODO: check +CVE-2024-8317 (The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordPress i ...) + TODO: check +CVE-2024-8292 (The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for ...) + TODO: check +CVE-2024-8247 (The Newsletters plugin for WordPress is vulnerable to privilege escala ...) + TODO: check +CVE-2024-7415 (The Remember Me Controls plugin for WordPress is vulnerable to Full Pa ...) + TODO: check +CVE-2024-7349 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes p ...) + TODO: check +CVE-2024-6792 (The WP ULike WordPress plugin before 4.7.2.1 does not properly saniti ...) + TODO: check +CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achieve ent ...) + TODO: check +CVE-2024-45400 (ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text ...) + TODO: check +CVE-2024-42495 (Credentials to access device configuration were transmitted using an u ...) + TODO: check +CVE-2024-40865 (The issue was addressed by suspending Persona when the virtual keyboar ...) + TODO: check +CVE-2024-39585 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 ...) + TODO: check +CVE-2024-39278 (Credentials to access device configuration information stored unencryp ...) + TODO: check +CVE-2024-38486 (Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 ...) + TODO: check CVE-2024-8473 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...) NOT-FOR-US: Job Portal CVE-2024-8472 (Cross-Site Scripting (XSS) vulnerability, whereby user-controlled inpu ...) @@ -620,7 +650,7 @@ CVE-2024-20440 (A vulnerability in Cisco Smart Licensing Utility could allow an NOT-FOR-US: Cisco CVE-2024-20439 (A vulnerability in Cisco Smart Licensing Utility could allow an unauth ...) NOT-FOR-US: Cisco -CVE-2024-44082 +CVE-2024-44082 (In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13. ...) - ironic - ironic-python-agent NOTE: https://www.openwall.com/lists/oss-security/2024/09/04/4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb106dc616713ab9479349d54812c380a394e0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cb106dc616713ab9479349d54812c380a394e0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2024-8418/aardvark-dns via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f590a3a2 by Salvatore Bonaccorso at 2024-09-06T06:26:44+02:00 Add fixed version for CVE-2024-8418/aardvark-dns via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -147,7 +147,7 @@ CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (Cla [bookworm] - clamav (clamav is updated via -updates) NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They cont ...) - - aardvark-dns (bug #1080964) + - aardvark-dns 1.12.2-1 (bug #1080964) NOTE: https://github.com/containers/aardvark-dns/issues/500 NOTE: https://github.com/containers/aardvark-dns/pull/503 NOTE: https://github.com/containers/aardvark-dns/commit/6d76c50978755b8162d176ec7eea0e09f8d57a42 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f590a3a2f29bdac563775e714ec0c3c02900ad8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f590a3a2f29bdac563775e714ec0c3c02900ad8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-8418/aardvark-dns
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4e79e1e0 by Salvatore Bonaccorso at 2024-09-06T00:16:00+02:00 Add Debian bug reference for CVE-2024-8418/aardvark-dns - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -147,7 +147,7 @@ CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus (Cla [bookworm] - clamav (clamav is updated via -updates) NOTE: https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They cont ...) - - aardvark-dns + - aardvark-dns (bug #1080964) NOTE: https://github.com/containers/aardvark-dns/issues/500 NOTE: https://github.com/containers/aardvark-dns/pull/503 NOTE: https://github.com/containers/aardvark-dns/commit/6d76c50978755b8162d176ec7eea0e09f8d57a42 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e79e1e008edeee8def580d530980870ff0fbcda -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e79e1e008edeee8def580d530980870ff0fbcda You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for clamav issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5bf0be48 by Salvatore Bonaccorso at 2024-09-06T00:13:06+02:00
Add Debian bug reference for clamav issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -139,11 +139,11 @@ CVE-2024-32668 (An insufficient boundary validation in
the USB code could lead t
CVE-2024-2166 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Forcepoint Email Security
CVE-2024-20506 (A vulnerability in the ClamD service module of Clam AntiVirus
(ClamAV) ...)
- - clamav
+ - clamav (bug #1080962)
[bookworm] - clamav (clamav is updated via -updates)
NOTE:
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
CVE-2024-20505 (A vulnerability in the PDF parsing module of Clam AntiVirus
(ClamAV) v ...)
- - clamav
+ - clamav (bug #1080962)
[bookworm] - clamav (clamav is updated via -updates)
NOTE:
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
CVE-2024-8418 (A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1.
They cont ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bf0be480947efaa9c063114a0a2e9b092a1b1c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bf0be480947efaa9c063114a0a2e9b092a1b1c8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
