[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 7 09:12:36 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c92c5df7 by security tracker role at 2024-04-07T08:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2024-3417 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2024-3416 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+	TODO: check
+CVE-2024-3415 (A vulnerability was found in SourceCodester Human Resource Information ...)
+	TODO: check
+CVE-2024-3414 (A vulnerability was found in SourceCodester Human Resource Information ...)
+	TODO: check
+CVE-2024-30415 (Vulnerability of improper permission control in the window management  ...)
+	TODO: check
+CVE-2024-30414 (Command injection vulnerability in the AccountManager module. Impact:  ...)
+	TODO: check
+CVE-2024-30413 (Vulnerability of improper permission control in the window management  ...)
+	TODO: check
+CVE-2023-6877 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & ...)
+	TODO: check
 CVE-2024-3413 (A vulnerability has been found in SourceCodester Human Resource Inform ...)
 	NOT-FOR-US: SourceCodester Human Resource Information System
 CVE-2024-3378 (A vulnerability has been found in iboss Secure Web Gateway up to 10.1  ...)
@@ -373,7 +389,7 @@ CVE-2024-28871 (LibHTP is a security-aware parser for the HTTP protocol and the
 	NOTE: https://redmine.openinfosecfoundation.org/issues/6757
 CVE-2024-28787 (IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application G ...)
 	NOT-FOR-US: IBM
-CVE-2024-27575 (Directory Traversal vulnerability in INOTEC Sicherheitstechnik GmbH IN ...)
+CVE-2024-27575 (INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote a ...)
 	NOT-FOR-US: INOTEC
 CVE-2024-27268 (IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is  ...)
 	NOT-FOR-US: IBM
@@ -3243,7 +3259,7 @@ CVE-2023-39311 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion F
 CVE-2023-34020 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in U ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-28085 (wall in util-linux through 2.40, often installed with setgid tty permi ...)
-	{DSA-5650-1}
+	{DSA-5650-1 DLA-3782-1}
 	- util-linux 2.39.3-11 (bug #1067849)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/03/27/5
 	NOTE: https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253 (v2.40)
@@ -11791,6 +11807,7 @@ CVE-2024-23496 (A heap-based buffer overflow vulnerability exists in the GGUF li
 CVE-2024-22873 (Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Ser ...)
 	NOT-FOR-US: Tencent Blueking CMDB
 CVE-2024-22201 (Jetty is a Java based web server and servlet engine. An HTTP/2 SSL con ...)
+	{DLA-3780-1}
 	- jetty9 9.4.54-1 (bug #1064923)
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
 	NOTE: https://github.com/jetty/jetty.project/issues/11256
@@ -16484,6 +16501,7 @@ CVE-2023-52426 (libexpat through 2.5.0 allows recursive XML Entity Expansion if
 	NOTE: CVE is for fixing billion laughs attacks for users compiling *without* XML_DTD defined,
 	NOTE: which is not the case for Debian.
 CVE-2023-52425 (libexpat through 2.5.0 allows a denial of service (resource consumptio ...)
+	{DLA-3783-1}
 	- expat 2.6.0-1 (bug #1063238)
 	NOTE: https://github.com/libexpat/libexpat/pull/789
 	NOTE: Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1
@@ -186668,6 +186686,7 @@ CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is
 CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...)
 	NOT-FOR-US: Element-IT HTTP Commander
 CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...)
+	{DLA-3781-1}
 	- libgd2 2.3.3-1
 	[bullseye] - libgd2 <no-dsa> (Minor issue)
 	[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -193584,6 +193603,7 @@ CVE-2021-38117
 CVE-2021-38116
 	RESERVED
 CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...)
+	{DLA-3781-1}
 	- libgd2 2.3.3-1 (bug #991912)
 	[bullseye] - libgd2 <no-dsa> (Minor issue)
 	[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -195059,6 +195079,7 @@ CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Win
 CVE-2021-3668
 	RESERVED
 CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...)
+	{DLA-3782-1}
 	- util-linux 2.36.1-8 (low; bug #991619)
 	[stretch] - util-linux <no-dsa> (Minor issue)
 	NOTE: https://github.com/karelzak/util-linux/issues/1395
@@ -392704,7 +392725,7 @@ CVE-2018-14555
 CVE-2018-14554
 	RESERVED
 CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL point ...)
-	{DLA-2106-1}
+	{DLA-3781-1 DLA-2106-1}
 	- libgd2 2.3.0-1 (low; bug #951287)
 	[stretch] - libgd2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1599032



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c92c5df7d75471660b2750a81000ee7d0f8a8fbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c92c5df7d75471660b2750a81000ee7d0f8a8fbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240407/e2660cab/attachment.htm>

More information about the debian-security-tracker-commits mailing list