[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jun 30 21:12:49 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73b9c503 by security tracker role at 2024-06-30T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2024-5062 (A reflected Cross-Site Scripting (XSS) vulnerability was identified in ...)
+	TODO: check
+CVE-2024-35119 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+	TODO: check
+CVE-2024-31902 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...)
+	TODO: check
+CVE-2024-31898 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+	TODO: check
+CVE-2024-28798 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...)
+	TODO: check
+CVE-2024-28797 (IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-s ...)
+	TODO: check
+CVE-2024-28795 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+	TODO: check
+CVE-2024-28794 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+	TODO: check
+CVE-2023-50964 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+	TODO: check
+CVE-2023-50954 (IBM InfoSphere Information Server 11.7 returns sensitive information i ...)
+	TODO: check
+CVE-2023-50953 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+	TODO: check
+CVE-2023-50952 (IBM InfoSphere Information Server 11.7 is vulnerable to server-side re ...)
+	TODO: check
+CVE-2023-35022 (IBM InfoSphere Information Server 11.7 could allow a local user to upd ...)
+	TODO: check
 CVE-2024-6415 (A vulnerability classified as problematic was found in Ingenico Estate ...)
 	NOT-FOR-US: ngenico Estate Manager
 CVE-2024-6414 (A vulnerability classified as problematic has been found in Parsec Aut ...)
@@ -3503,17 +3529,17 @@ CVE-2024-38448 (htags in GNU Global through 6.6.12 allows code execution in situ
 	NOTE: https://lists.gnu.org/archive/html/bug-global/2024-05/msg00009.html
 CVE-2024-38443 (C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3 ...)
 	NOT-FOR-US: The Algorithms - C
-CVE-2024-38441 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...)
+CVE-2024-38441 (Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ...)
 	- netatalk <unfixed> (bug #1074475)
 	NOTE: https://github.com/Netatalk/netatalk/issues/1098
 	NOTE: https://netatalk.io/security/CVE-2024-38441
 	NOTE: https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5 (netatalk-3-2-1)
-CVE-2024-38440 (Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffe ...)
+CVE-2024-38440 (Netatalk before 3.2.1 has an off-by-one error, and resultant heap-base ...)
 	- netatalk <unfixed> (bug #1074474)
 	NOTE: https://github.com/Netatalk/netatalk/issues/1097
 	NOTE: https://netatalk.io/security/CVE-2024-38440
 	NOTE: https://github.com/Netatalk/netatalk/commit/77b5d99007cfef4d73d76fd6f0c26584891608e5 (netatalk-3-2-1)
-CVE-2024-38439 (Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer ...)
+CVE-2024-38439 (Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ...)
 	- netatalk <unfixed> (bug #1074473)
 	NOTE: https://github.com/Netatalk/netatalk/issues/1096
 	NOTE: https://netatalk.io/security/CVE-2024-38439
@@ -22515,7 +22541,7 @@ CVE-2024-27282 (An issue was discovered in Ruby 3.x through 3.3.0. If attacker-s
 	NOTE: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
 	NOTE: https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a
 CVE-2024-33602 (nscd: netgroup cache assumes NSS callback uses in-buffer strings  The  ...)
-	{DSA-5678-1}
+	{DSA-5678-1 DLA-3850-1}
 	- glibc 2.37-19
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31680
 	NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/
@@ -22523,7 +22549,7 @@ CVE-2024-33602 (nscd: netgroup cache assumes NSS callback uses in-buffer strings
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008
 	NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b
 CVE-2024-33601 (nscd: netgroup cache may terminate daemon on memory allocation failure ...)
-	{DSA-5678-1}
+	{DSA-5678-1 DLA-3850-1}
 	- glibc 2.37-19
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31679
 	NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/
@@ -22531,7 +22557,7 @@ CVE-2024-33601 (nscd: netgroup cache may terminate daemon on memory allocation f
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007
 	NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=c04a21e050d64a1193a6daab872bca2528bda44b
 CVE-2024-33600 (nscd: Null pointer crashes after notfound response  If the Name Servic ...)
-	{DSA-5678-1}
+	{DSA-5678-1 DLA-3850-1}
 	- glibc 2.37-19
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31678
 	NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/
@@ -22540,7 +22566,7 @@ CVE-2024-33600 (nscd: Null pointer crashes after notfound response  If the Name
 	NOTE: Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=b048a482f088e53144d26a61c390bed0210f49f2
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7835b00dbce53c3c87bbbb1754a95fb5e58187aa
 CVE-2024-33599 (nscd: Stack-based buffer overflow in netgroup cache  If the Name Servi ...)
-	{DSA-5678-1}
+	{DSA-5678-1 DLA-3850-1}
 	- glibc 2.37-19
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=31677
 	NOTE: https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73b9c50349c0683dc8e5a406d8f5881d825af0c0

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73b9c50349c0683dc8e5a406d8f5881d825af0c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240630/fffa7c0b/attachment.htm>

More information about the debian-security-tracker-commits mailing list