[Git][security-tracker-team/security-tracker][master] new xml-security-c issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 28 13:18:35 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9b547e4 by Moritz Muehlenhoff at 2024-06-28T14:18:03+02:00
new xml-security-c issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -521,7 +521,10 @@ CVE-2024-35526 (An issue in Daemon PTY Limited FarCry Core framework before 7.2.
CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig) specification, s ...)
NOT-FOR-US: W3C XML Signature Syntax and Processing (XMLDsig) specification
CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML Signature ...)
- TODO: check
+ - xml-security-c <unfixed>
+ NOTE: https://cloud.google.com/blog/topics/threat-intelligence/apache-library-allows-server-side-request-forgery
+ NOTE: https://www.sonatype.com/blog/the-exploited-ivanti-connect-ssrf-vulnerability-stems-from-xmltooling-oss-library
+ NOTE: https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2024-21893.md
CVE-2024-34400 (An issue was discovered in VirtoSoftware Virto Kanban Board Web Part b ...)
NOT-FOR-US: VirtoSoftware Virto Kanban Board
CVE-2024-30931 (Stored Cross Site Scripting vulnerability in Emby Media Server Emby Me ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9b547e462e1ca2d8a54eeebf33f87b0f030a0c4
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9b547e462e1ca2d8a54eeebf33f87b0f030a0c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240628/60f2f268/attachment.htm>
More information about the debian-security-tracker-commits
mailing list