[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 7 20:12:52 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
128bd1a5 by security tracker role at 2024-11-07T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,155 +1,235 @@
-CVE-2024-50172 [RDMA/bnxt_re: Fix a possible memory leak]
+CVE-2024-9926 (The Jetpack WordPress plugin does not have proper authorisation in one ...)
+ TODO: check
+CVE-2024-8442 (The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, ...)
+ TODO: check
+CVE-2024-8378 (The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code i ...)
+ TODO: check
+CVE-2024-51995 (Combodo iTop is a web based IT Service Management tool. An attacker ca ...)
+ TODO: check
+CVE-2024-51994 (Combodo iTop is a web based IT Service Management tool. In affected ve ...)
+ TODO: check
+CVE-2024-51993 (Combodo iTop is a web based IT Service Management tool. An attacker ac ...)
+ TODO: check
+CVE-2024-51989 (Password Pusher is an open source application to communicate sensitive ...)
+ TODO: check
+CVE-2024-51758 (Filament is a collection of full-stack components for accelerated Lara ...)
+ TODO: check
+CVE-2024-51504 (When using IPAuthenticationProvider in ZooKeeper Admin Server there is ...)
+ TODO: check
+CVE-2024-51428 (An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denia ...)
+ TODO: check
+CVE-2024-48954 (An issue was discovered in Logpoint before 7.5.0. Unvalidated input du ...)
+ TODO: check
+CVE-2024-48953 (An issue was discovered in Logpoint before 7.5.0. Endpoints for creati ...)
+ TODO: check
+CVE-2024-48952 (An issue was discovered in Logpoint before 7.5.0. SOAR uses a static J ...)
+ TODO: check
+CVE-2024-48951 (An issue was discovered in Logpoint before 7.5.0. Server-Side Request ...)
+ TODO: check
+CVE-2024-48950 (An issue was discovered in Logpoint before 7.5.0. An endpoint used by ...)
+ TODO: check
+CVE-2024-48290 (An issue in the Bluetooth Low Energy implementation of Realtek RTL8762 ...)
+ TODO: check
+CVE-2024-47073 (DataEase is an open source data visualization analysis tool that helps ...)
+ TODO: check
+CVE-2024-45794 (devtron is an open source tool integration platform for Kubernetes. In ...)
+ TODO: check
+CVE-2024-43438 (A flaw was found in Feedback. Bulk messaging in the activity's non-res ...)
+ TODO: check
+CVE-2024-43436 (A SQL injection risk flaw was found in the XMLDB editor tool available ...)
+ TODO: check
+CVE-2024-43434 (The bulk message sending feature in Moodle's Feedback module's non-res ...)
+ TODO: check
+CVE-2024-43431 (A vulnerability was found in Moodle. Insufficient capability checks ma ...)
+ TODO: check
+CVE-2024-43428 (To address a cache poisoning risk in Moodle, additional validation for ...)
+ TODO: check
+CVE-2024-43426 (A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notatio ...)
+ TODO: check
+CVE-2024-43425 (A flaw was found in Moodle. Additional restrictions are required to av ...)
+ TODO: check
+CVE-2024-40715 (A vulnerability in Veeam Backup & Replication Enterprise Manager has b ...)
+ TODO: check
+CVE-2024-30142 (HCL BigFix Compliance is affected by a missing secure flag on a cookie ...)
+ TODO: check
+CVE-2024-30141 (HCL BigFix Compliance is vulnerable to the generation of error message ...)
+ TODO: check
+CVE-2024-30140 (HCL BigFix Compliance is affected by unvalidated redirects and forward ...)
+ TODO: check
+CVE-2024-24914 (Authenticated Gaia users can inject code or commands by global variabl ...)
+ TODO: check
+CVE-2024-10969 (A vulnerability was found in 1000 Projects Bookstore Management System ...)
+ TODO: check
+CVE-2024-10968 (A vulnerability was found in 1000 Projects Bookstore Management System ...)
+ TODO: check
+CVE-2024-10967 (A vulnerability was found in code-projects E-Health Care System 1.0. I ...)
+ TODO: check
+CVE-2024-10966 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-10965 (A vulnerability classified as problematic was found in emqx neuron up ...)
+ TODO: check
+CVE-2024-10964 (A vulnerability classified as critical has been found in emqx neuron u ...)
+ TODO: check
+CVE-2024-10963 (A vulnerability was found in pam_access due to the improper handling o ...)
+ TODO: check
+CVE-2024-10668 (There exists an auth bypass in Google Quickshare where an attacker can ...)
+ TODO: check
+CVE-2024-10526 (Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a ...)
+ TODO: check
+CVE-2024-10203 (Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below ...)
+ TODO: check
+CVE-2024-50172 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3fc5410f225d1651580a4aeb7c72f55e28673b53 (6.12-rc4)
-CVE-2024-50171 [net: systemport: fix potential memory leak in bcm_sysport_xmit()]
+CVE-2024-50171 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/c401ed1c709948e57945485088413e1bb5e94bd1 (6.12-rc4)
-CVE-2024-50170 [net: bcmasp: fix potential memory leak in bcmasp_xmit()]
+CVE-2024-50170 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fed07d3eb8a8d9fcc0e455175a89bc6445d6faed (6.12-rc4)
-CVE-2024-50169 [vsock: Update rx_bytes on read_skb()]
+CVE-2024-50169 (In the Linux kernel, the following vulnerability has been resolved: v ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3543152f2d330141d9394d28855cb90b860091d2 (6.12-rc4)
-CVE-2024-50168 [net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()]
+CVE-2024-50168 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/2cb3f56e827abb22c4168ad0c1bbbf401bb2f3b8 (6.12-rc5)
-CVE-2024-50167 [be2net: fix potential memory leak in be_xmit()]
+CVE-2024-50167 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/e4dd8bfe0f6a23acd305f9b892c00899089bd621 (6.12-rc5)
-CVE-2024-50166 [fsl/fman: Fix refcount handling of fman-related devices]
+CVE-2024-50166 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.11.6-1
NOTE: https://git.kernel.org/linus/1dec67e0d9fbb087c2ab17bf1bd17208231c3bb1 (6.12-rc5)
-CVE-2024-50165 [bpf: Preserve param->string when parsing mount options]
+CVE-2024-50165 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1f97c03f43fadc407de5b5cb01c07755053e1c22 (6.12-rc5)
-CVE-2024-50164 [bpf: Fix overloading of MEM_UNINIT's meaning]
+CVE-2024-50164 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8ea607330a39184f51737c6ae706db7fdca7628e (6.12-rc5)
-CVE-2024-50163 [bpf: Make sure internal and UAPI bpf_redirect flags don't overlap]
+CVE-2024-50163 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/09d88791c7cd888d5195c84733caf9183dcfbd16 (6.12-rc4)
-CVE-2024-50162 [bpf: devmap: provide rxq after redirect]
+CVE-2024-50162 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ca9984c5f0ab3690d98b13937b2485a978c8dd73 (6.12-rc4)
-CVE-2024-50161 [bpf: Check the remaining info_cnt before repeating btf fields]
+CVE-2024-50161 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/797d73ee232dd1833dec4824bc53a22032e97c1c (6.12-rc4)
-CVE-2024-50160 [ALSA: hda/cs8409: Fix possible NULL dereference]
+CVE-2024-50160 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/c9bd4a82b4ed32c6d1c90500a52063e6e341517f (6.12-rc4)
-CVE-2024-50159 [firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()]
+CVE-2024-50159 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/39b13dce1a91cdfc3bec9238f9e89094551bd428 (6.12-rc4)
-CVE-2024-50158 [RDMA/bnxt_re: Fix out of bound check]
+CVE-2024-50158 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a9e6e7443922ac0a48243c35d03834c96926bff1 (6.12-rc4)
-CVE-2024-50157 [RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop]
+CVE-2024-50157 (In the Linux kernel, the following vulnerability has been resolved: R ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/8be3e5b0c96beeefe9d5486b96575d104d3e7d17 (6.12-rc4)
-CVE-2024-50156 [drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()]
+CVE-2024-50156 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/293f53263266bc4340d777268ab4328a97f041fa (6.12-rc4)
-CVE-2024-50155 [netdevsim: use cond_resched() in nsim_dev_trap_report_work()]
+CVE-2024-50155 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a1494d532e28598bde7a5544892ef9c7dbfafa93 (6.12-rc4)
-CVE-2024-50154 [tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().]
+CVE-2024-50154 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f (6.12-rc4)
-CVE-2024-50153 [scsi: target: core: Fix null-ptr-deref in target_alloc_device()]
+CVE-2024-50153 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/fca6caeb4a61d240f031914413fcc69534f6dc03 (6.12-rc4)
-CVE-2024-50152 [smb: client: fix possible double free in smb2_set_ea()]
+CVE-2024-50152 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/19ebc1e6cab334a8193398d4152deb76019b5d34 (6.12-rc4)
-CVE-2024-50151 [smb: client: fix OOBs when building SMB2_IOCTL request]
+CVE-2024-50151 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/1ab60323c5201bef25f2a3dc0ccc404d9aca77f1 (6.12-rc4)
-CVE-2024-50150 [usb: typec: altmode should keep reference to parent]
+CVE-2024-50150 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/befab3a278c59db0cc88c8799638064f6d3fd6f8 (6.12-rc4)
-CVE-2024-50149 [drm/xe: Don't free job in TDR]
+CVE-2024-50149 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/82926f52d7a09c65d916c0ef8d4305fc95d68c0c (6.12-rc4)
-CVE-2024-50148 [Bluetooth: bnep: fix wild-memory-access in proto_unregister]
+CVE-2024-50148 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/64a90991ba8d4e32e3173ddd83d0b24167a5668c (6.12-rc4)
-CVE-2024-50147 [net/mlx5: Fix command bitmask initialization]
+CVE-2024-50147 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d62b14045c6511a7b2d4948d1a83a4e592deeb05 (6.12-rc4)
-CVE-2024-50146 [net/mlx5e: Don't call cleanup on profile rollback failure]
+CVE-2024-50146 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.11.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0 (6.12-rc4)
-CVE-2024-50145 [octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()]
+CVE-2024-50145 (In the Linux kernel, the following vulnerability has been resolved: o ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/eb592008f79be52ccef88cd9a5249b3fc0367278 (6.12-rc5)
-CVE-2024-50144 [drm/xe: fix unbalanced rpm put() with fence_fini()]
+CVE-2024-50144 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/03a86c24aea0920a1ca20a0d7771d5e176db538d (6.12-rc4)
-CVE-2024-50143 [udf: fix uninit-value use in udf_get_fileshortad]
+CVE-2024-50143 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/264db9d666ad9a35075cc9ed9ec09d021580fbb1 (6.12-rc2)
-CVE-2024-50142 [xfrm: validate new SA's prefixlen using SA family when sel.family is unset]
+CVE-2024-50142 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
NOTE: https://git.kernel.org/linus/3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563 (6.12-rc5)
-CVE-2024-50141 [ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context]
+CVE-2024-50141 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.11.6-1
[bookworm] - linux 6.1.115-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/088984c8d54c0053fc4ae606981291d741c5924b (6.12-rc5)
-CVE-2024-50140 [sched/core: Disable page allocation in task_tick_mm_cid()]
+CVE-2024-50140 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/73ab05aa46b02d96509cb029a8d04fca7bbde8c7 (6.12-rc4)
-CVE-2024-50139 [KVM: arm64: Fix shift-out-of-bounds bug]
+CVE-2024-50139 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.11.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -219,7 +299,7 @@ CVE-2024-51988 (RabbitMQ is a feature rich, multi-protocol messaging and streami
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4
CVE-2024-51757 (happy-dom is a JavaScript implementation of a web browser without its ...)
NOT-FOR-US: happy-dom
-CVE-2024-51755 (Twig is a template language for PHP. In a sandbox, and attacker can ac ...)
+CVE-2024-51755 (Twig is a template language for PHP. In a sandbox, an attacker can acc ...)
- php-twig <unfixed> (bug #1086884)
- twig <removed>
NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-jjxq-ff2g-95vh
@@ -1080,7 +1160,7 @@ CVE-2024-38405 (Transient DOS while processing the CU information from RNR IE.)
NOT-FOR-US: Qualcomm
CVE-2024-38403 (Transient DOS while parsing BTM ML IE when per STA profile is not incl ...)
NOT-FOR-US: Qualcomm
-CVE-2024-36485 (Zohocorp ManageEngine ADAudit Plus versions8121 and prior are vulnerab ...)
+CVE-2024-36485 (Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2024-34891 (Insufficiently protected credentials in DAV server settings in 1C-Bitr ...)
NOT-FOR-US: 1C-Bitrix Bitrix24
@@ -17221,7 +17301,7 @@ CVE-2024-44943 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f442fa6141379a20b48ae3efabee827a3d260787 (6.10)
-CVE-2024-43440
+CVE-2024-43440 (A flaw was found in moodle. A local file may include risks when restor ...)
- moodle <removed>
CVE-2024-8214 (A vulnerability classified as critical was found in D-Link DNS-120, DN ...)
NOT-FOR-US: D-Link
@@ -66445,7 +66525,7 @@ CVE-2024-1145 (User enumeration vulnerability in Devklan's Alma Blog that affect
CVE-2024-1144 (Improper access control vulnerability in Devklan's Alma Blog that affe ...)
NOT-FOR-US: Devklan's Alma Blog
CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting versions ...)
- {DLA-3772-1 DLA-3771-1}
+ {DLA-3948-1 DLA-3772-1 DLA-3771-1}
- pypy3 7.3.16+dfsg-1
[bookworm] - pypy3 7.3.11+dfsg-2+deb12u2
- python3.12 3.12.2-1
@@ -66466,7 +66546,7 @@ CVE-2024-0450 (An issue was found in the CPython `zipfile` module affecting vers
NOTE: https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 (v3.9.19)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/
CVE-2023-6597 (An issue was found in the CPython `tempfile.TemporaryDirectory` class ...)
- {DLA-3772-1}
+ {DLA-3948-1 DLA-3772-1}
- python3.12 3.12.1-1
- python3.11 3.11.8-1 (bug #1070135)
[bookworm] - python3.11 3.11.2-6+deb12u2
@@ -106410,7 +106490,7 @@ CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct Objec
CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0 ...)
NOT-FOR-US: Netmaker
CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...)
- {DLA-3614-1 DLA-3575-1}
+ {DLA-3948-1 DLA-3614-1 DLA-3575-1}
- python3.12 3.12.0~rc1-2
- python3.11 3.11.5-1
[bookworm] - python3.11 3.11.2-6+deb12u2
@@ -122605,8 +122685,7 @@ CVE-2023-30469 (Cross-site Scripting vulnerability in Hitachi Ops Center Analyze
NOT-FOR-US: Hitachi
CVE-2023-30468
RESERVED
-CVE-2023-1973
- RESERVED
+CVE-2023-1973 (A flaw was found in Undertow package. Using the FormAuthenticationMech ...)
- undertow <unfixed> (bug #1068815)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185662
CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...)
@@ -124967,8 +125046,7 @@ CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is afflict
NOT-FOR-US: PnPSCADA
CVE-2023-1933
RESERVED
-CVE-2023-1932 [rendering of invalid html with SafeHTML leads to HTML injection and XSS]
- RESERVED
+CVE-2023-1932 (A flaw was found in hibernate-validator's 'isValid' method in the org. ...)
- libhibernate-validator-java <unfixed> (bug #1063540)
[bookworm] - libhibernate-validator-java <no-dsa> (Minor issue)
[bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
@@ -141432,7 +141510,7 @@ CVE-2023-24331 (Command Injection vulnerability in D-Link Dir 816 with firmware
CVE-2023-24330 (Command Injection vulnerability in D-Link Dir 882 with firmware versio ...)
NOT-FOR-US: D-Link
CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows ...)
- {DLA-3575-1}
+ {DLA-3948-1 DLA-3575-1}
- python3.11 3.11.4-1
[bookworm] - python3.11 3.11.2-6+deb12u2
- python3.9 <removed>
@@ -352186,8 +352264,8 @@ CVE-2020-11928 (In the media-library-assistant plugin before 2.82 for WordPress,
NOT-FOR-US: media-library-assistant plugin for WordPress
CVE-2020-11927
RESERVED
-CVE-2020-11926
- RESERVED
+CVE-2020-11926 (An issue was discovered in Luvion Grand Elite 3 Connect through 2020-0 ...)
+ TODO: check
CVE-2020-11925 (An issue was discovered in Luvion Grand Elite 3 Connect through 2020-0 ...)
NOT-FOR-US: Luvion Grand Elite 3 Connect
CVE-2020-11924 (An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials ar ...)
@@ -352196,18 +352274,18 @@ CVE-2020-11923 (An issue was discovered in WiZ Colors A60 1.14.0. API credential
NOT-FOR-US: WiZ Colors A60
CVE-2020-11922 (An issue was discovered in WiZ Colors A60 1.14.0. The device sends unn ...)
NOT-FOR-US: WiZ Colors A60
-CVE-2020-11921
- RESERVED
+CVE-2020-11921 (An issue was discovered in Lush 2 through 2020-02-25. Due to the lack ...)
+ TODO: check
CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
NOT-FOR-US: Svakom Siime Eye
-CVE-2020-11919
- RESERVED
-CVE-2020-11918
- RESERVED
-CVE-2020-11917
- RESERVED
-CVE-2020-11916
- RESERVED
+CVE-2020-11919 (An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The ...)
+ TODO: check
+CVE-2020-11918 (An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. Whe ...)
+ TODO: check
+CVE-2020-11917 (An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It ...)
+ TODO: check
+CVE-2020-11916 (An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The ...)
+ TODO: check
CVE-2020-11915 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
NOT-FOR-US: Svakom Siime Eye
CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...)
@@ -360480,12 +360558,12 @@ CVE-2019-20461
RESERVED
CVE-2019-20460
RESERVED
-CVE-2019-20459
- RESERVED
-CVE-2019-20458
- RESERVED
-CVE-2019-20457
- RESERVED
+CVE-2019-20459 (An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 de ...)
+ TODO: check
+CVE-2019-20458 (An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 de ...)
+ TODO: check
+CVE-2019-20457 (An issue was discovered on Brother MFC-J491DW C1806180757 devices. The ...)
+ TODO: check
CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic.)
NOT-FOR-US: Codoforum
CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/128bd1a5a5255dd9f8bf2d40176af4fe6285c6a9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/128bd1a5a5255dd9f8bf2d40176af4fe6285c6a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241107/833a13dc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list