[Git][security-tracker-team/security-tracker][master] Add two glpi issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 1 20:27:22 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c0914a44 by Salvatore Bonaccorso at 2024-02-01T21:26:45+01:00
Add two glpi issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,10 @@ CVE-2024-24059 (springboot-manager v1.6 is vulnerable to Arbitrary File Upload.
CVE-2024-23832 (Mastodon is a free, open-source social network server based on Activit ...)
- mastodon <itp> (bug #859741)
CVE-2024-23645 (GLPI is a Free Asset and IT Management Software package. A malicious U ...)
- TODO: check
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x
+ NOTE: https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0
+ NOTE: https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a
CVE-2024-23328 (Dataease is an open source data visualization analysis tool. A deseria ...)
NOT-FOR-US: Dataease
CVE-2024-22939 (Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remo ...)
@@ -115,7 +118,9 @@ CVE-2023-51509 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2023-51506 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51446 (GLPI is a Free Asset and IT Management Software package. When authenti ...)
- TODO: check
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8
+ NOTE: https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35
CVE-2023-37621 (An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers ...)
NOT-FOR-US: Fronius Datalogger Web
CVE-2024-24747 (MinIO is a High Performance Object Storage. When someone creates an ac ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0914a4482d5ab528858e6c9edd57791d46b3358
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0914a4482d5ab528858e6c9edd57791d46b3358
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240201/e834247c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list