[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 12 08:12:05 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c57b8b67 by security tracker role at 2024-11-12T08:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,233 @@
-CVE-2024-49395 [Bcc email header field is indirectly leaked by cryptographic info block]
+CVE-2024-9836 (The RSS Feed Widget WordPress plugin before 3.0.0 does not validate an ...)
+ TODO: check
+CVE-2024-9835 (The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the ...)
+ TODO: check
+CVE-2024-9357 (The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cro ...)
+ TODO: check
+CVE-2024-8882 (A buffer overflow vulnerability in the CGI program in the Zyxel GS1900 ...)
+ TODO: check
+CVE-2024-8881 (A post-authentication command injection vulnerability in the CGI progr ...)
+ TODO: check
+CVE-2024-52533 (gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one erro ...)
+ TODO: check
+CVE-2024-52532 (GNOME libsoup before 3.6.1 has an infinite loop, and memory consumptio ...)
+ TODO: check
+CVE-2024-52531 (GNOME libsoup before 3.6.1 allows a buffer overflow in applications th ...)
+ TODO: check
+CVE-2024-52530 (GNOME libsoup before 3.6.0 allows HTTP request smuggling in some confi ...)
+ TODO: check
+CVE-2024-52288 (libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised D ...)
+ TODO: check
+CVE-2024-52286 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
+ TODO: check
+CVE-2024-51992 (Orchid is a @laravel package that allows for rapid application develop ...)
+ TODO: check
+CVE-2024-51748 (Kanboard is project management software that focuses on the Kanban met ...)
+ TODO: check
+CVE-2024-51747 (Kanboard is project management software that focuses on the Kanban met ...)
+ TODO: check
+CVE-2024-51490 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-51489 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-51488 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-51487 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-51486 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-51485 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-51484 (Ampache is a web based audio/video streaming application and file mana ...)
+ TODO: check
+CVE-2024-51213 (Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a ...)
+ TODO: check
+CVE-2024-51190 (TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 ...)
+ TODO: check
+CVE-2024-51189 (TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 ...)
+ TODO: check
+CVE-2024-51188 (TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 ...)
+ TODO: check
+CVE-2024-51187 (TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 ...)
+ TODO: check
+CVE-2024-51186 (D-Link DIR-820L 1.05b03 was discovered to contain a remote code execut ...)
+ TODO: check
+CVE-2024-51135 (An XML External Entity (XXE) vulnerability in the component DocumentBu ...)
+ TODO: check
+CVE-2024-51054 (A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/sea ...)
+ TODO: check
+CVE-2024-51026 (The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting ...)
+ TODO: check
+CVE-2024-50991 (A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/ ...)
+ TODO: check
+CVE-2024-50990 (A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs ...)
+ TODO: check
+CVE-2024-50989 (A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul ...)
+ TODO: check
+CVE-2024-50667 (The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vuln ...)
+ TODO: check
+CVE-2024-50636 (PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, whi ...)
+ TODO: check
+CVE-2024-50601 (Persistent and reflected XSS vulnerabilities in the themeMode cookie a ...)
+ TODO: check
+CVE-2024-49560 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
+ TODO: check
+CVE-2024-49558 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
+ TODO: check
+CVE-2024-49557 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
+ TODO: check
+CVE-2024-48838 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
+ TODO: check
+CVE-2024-48837 (Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4. ...)
+ TODO: check
+CVE-2024-48322 (UsersController.php in Run.codes 1.5.2 and older has a reset password ...)
+ TODO: check
+CVE-2024-47799 (Exposure of sensitive system information to an unauthorized control sp ...)
+ TODO: check
+CVE-2024-47595 (An attacker who gains local membership to sapsys group could replace l ...)
+ TODO: check
+CVE-2024-47593 (SAP NetWeaver Application Server ABAP allows an unauthenticated attack ...)
+ TODO: check
+CVE-2024-47592 (SAP NetWeaver AS Java allows an unauthenticated attacker to brute forc ...)
+ TODO: check
+CVE-2024-47590 (An unauthenticated attacker can create a malicious link which they can ...)
+ TODO: check
+CVE-2024-47588 (In SAP NetWeaver Java (Software Update Manager 1.1), under certain con ...)
+ TODO: check
+CVE-2024-47587 (Cash Operations does not perform necessary authorization check for an ...)
+ TODO: check
+CVE-2024-47586 (SAP NetWeaver Application Server for ABAP and ABAP Platform allows an ...)
+ TODO: check
+CVE-2024-47131 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)
+ TODO: check
+CVE-2024-46966 (The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) appl ...)
+ TODO: check
+CVE-2024-46965 (The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser ...)
+ TODO: check
+CVE-2024-46964 (The com.video.downloader.all (aka All Video Downloader) application th ...)
+ TODO: check
+CVE-2024-46963 (The com.superfast.video.downloader (aka Super Unlimited Video Download ...)
+ TODO: check
+CVE-2024-46962 (The SYQ com.downloader.video.fast (aka Master Video Downloader) applic ...)
+ TODO: check
+CVE-2024-45827 (Improper neutralization of special elements used in an OS command ('OS ...)
+ TODO: check
+CVE-2024-45088 (IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site ...)
+ TODO: check
+CVE-2024-45087 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
+ TODO: check
+CVE-2024-44546 (Powerjob >= 3.20 is vulnerable to SQL injection via the version parame ...)
+ TODO: check
+CVE-2024-43439 (A flaw was found in moodle. H5P error messages require additional sani ...)
+ TODO: check
+CVE-2024-43437 (A flaw was found in moodle. Insufficient sanitizing of data when perfo ...)
+ TODO: check
+CVE-2024-43435 (A flaw was found in moodle. Insufficient capability checks make it pos ...)
+ TODO: check
+CVE-2024-43433 (A flaw was found in moodle. Matrix room membership and power levels ar ...)
+ TODO: check
+CVE-2024-43432 (A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH ...)
+ TODO: check
+CVE-2024-43430 (A flaw was found in moodle. External API access to Quiz can override c ...)
+ TODO: check
+CVE-2024-43429 (A flaw was found in moodle. Some hidden user profile fields are visibl ...)
+ TODO: check
+CVE-2024-43427 (A flaw was found in moodle. When creating an export of site administra ...)
+ TODO: check
+CVE-2024-42372 (Due to missing authorization check in SAP NetWeaver AS Java (System La ...)
+ TODO: check
+CVE-2024-39605 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)
+ TODO: check
+CVE-2024-39354 (If an attacker tricks a valid user into running Delta Electronics DIAS ...)
+ TODO: check
+CVE-2024-36061 (EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command inje ...)
+ TODO: check
+CVE-2024-34015 (Sensitive information disclosure during file browsing due to improper ...)
+ TODO: check
+CVE-2024-34014 (Arbitrary file overwrite during recovery due to improper symbolic link ...)
+ TODO: check
+CVE-2024-29075 (Active debug code vulnerability exists in Mesh Wi-Fi router RP562B fir ...)
+ TODO: check
+CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection vulnerabi ...)
+ TODO: check
+CVE-2024-25254 (SuperScan v4.1 was discovered to contain a buffer overflow via the Hos ...)
+ TODO: check
+CVE-2024-25253 (Driver Booster v10.6 was discovered to contain a buffer overflow via t ...)
+ TODO: check
+CVE-2024-23983 (Improper handling of canonical URL-encoding may lead to bypass not pro ...)
+ TODO: check
+CVE-2024-11102 (A vulnerability was found in SourceCodester Hospital Management System ...)
+ TODO: check
+CVE-2024-11101 (A vulnerability was found in 1000 Projects Beauty Parlour Management S ...)
+ TODO: check
+CVE-2024-11100 (A vulnerability was found in 1000 Projects Beauty Parlour Management S ...)
+ TODO: check
+CVE-2024-11099 (A vulnerability was found in code-projects Job Recruitment 1.0 and cla ...)
+ TODO: check
+CVE-2024-11097 (A vulnerability has been found in SourceCodester Student Record Manage ...)
+ TODO: check
+CVE-2024-11096 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2024-11078 (A vulnerability has been found in code-projects Job Recruitment 1.0 an ...)
+ TODO: check
+CVE-2024-11077 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2024-11076 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2024-11074 (A vulnerability classified as critical was found in itsourcecode Tailo ...)
+ TODO: check
+CVE-2024-11073 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2024-11070 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-11068 (The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vuln ...)
+ TODO: check
+CVE-2024-11067 (The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing ...)
+ TODO: check
+CVE-2024-10917 (In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLe ...)
+ TODO: check
+CVE-2024-10790 (The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-10695 (The Futurio Extra plugin for WordPress is vulnerable to Information Ex ...)
+ TODO: check
+CVE-2024-10694
+ REJECTED
+CVE-2024-10685 (The Contact Form 7 Redirect & Thank You Page plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-10672 (The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is ...)
+ TODO: check
+CVE-2024-10538 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-10345 (In Helix Core versions prior to 2024.2, an unauthenticated remote Deni ...)
+ TODO: check
+CVE-2024-10344 (In Helix Core versions prior to 2024.2, an unauthenticated remote Deni ...)
+ TODO: check
+CVE-2024-10323 (The JetWidgets For Elementor plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-10315 (In Gliffy Online an insecure configuration was discovered in versions ...)
+ TODO: check
+CVE-2024-10314 (In Helix Core versions prior to 2024.2, an unauthenticated remote Deni ...)
+ TODO: check
+CVE-2024-10179 (The Slickstream: Engagement and Conversions plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-49395 (In mutt and neomutt, PGP encryption does not use the --hidden-recipien ...)
- mutt <unfixed>
- neomutt <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2325332
-CVE-2024-49394 [In-Reply-To email header field it not protected by cryptograpic signing]
+CVE-2024-49394 (In mutt and neomutt the In-Reply-To email header field is not protecte ...)
- mutt <unfixed>
- neomutt <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2325330
-CVE-2024-49393 [To and Cc email header fields are not protected by cryptographic signing]
+CVE-2024-49393 (In neomutt and mutt, the To and Cc email headers are not validated by ...)
- mutt <unfixed>
- neomutt <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2325317
-CVE-2024-11079 [Unsafe Tagging Bypass via hostvars Object in Ansible-Core]
+CVE-2024-11079 (A flaw was found in Ansible-Core. This vulnerability allows attackers ...)
- ansible-core <unfixed>
- ansible 5.4.0-1
NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2325171
-CVE-2024-50263 [fork: only invoke khugepaged, ksm hooks if no error]
+CVE-2024-50263 (In the Linux kernel, the following vulnerability has been resolved: f ...)
- linux 6.11.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1095,7 +1307,7 @@ CVE-2024-10965 (A vulnerability classified as problematic was found in emqx neur
NOT-FOR-US: emqx neuron
CVE-2024-10964 (A vulnerability classified as critical has been found in emqx neuron u ...)
NOT-FOR-US: emqx neuron
-CVE-2024-10963 (A vulnerability was found in pam_access due to the improper handling o ...)
+CVE-2024-10963 (A flaw was found in pam_access, where certain rules in its configurati ...)
- pam <unfixed> (bug #1087019)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2324291
NOTE: https://github.com/linux-pam/linux-pam/issues/834
@@ -1270,14 +1482,17 @@ CVE-2024-51736 (Symphony process is a module for the Symphony PHP framework whic
CVE-2024-51409 (Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote at ...)
NOT-FOR-US: Tenda
CVE-2024-50345 (symfony/http-foundation is a module for the Symphony PHP framework whi ...)
+ {DSA-5809-1}
- symfony 6.4.14+dfsg-1
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
NOTE: Fixed by: https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819 (v5.4.46, v6.4.14, v7.1.7)
CVE-2024-50343 (symfony/validator is a module for the Symphony PHP framework which pro ...)
+ {DSA-5809-1}
- symfony 6.4.11+dfsg-1
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
NOTE: Fixed by: https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f (v5.4.43, v6.4.11, v7.1.4)
CVE-2024-50342 (symfony/http-client is a module for the Symphony PHP framework which p ...)
+ {DSA-5809-1}
- symfony 6.4.14+dfsg-1
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm
NOTE: Fixed by; https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b (v5.4.46, v6.4.14, v7.1.7)
@@ -1288,6 +1503,7 @@ CVE-2024-50341 (symfony/security-bundle is a module for the Symphony PHP framewo
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v
NOTE: Fixed by: https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105 (v6.4.10, v7.0.10, v7.1.3)
CVE-2024-50340 (symfony/runtime is a module for the Symphony PHP framework which enabl ...)
+ {DSA-5809-1}
- symfony 6.4.14+dfsg-1
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j
NOTE: Fixed by: https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa (v5.4.46, v6.4.14, v7.1.7)
@@ -1516,9 +1732,11 @@ CVE-2024-10028 (The Everest Backup \u2013 WordPress Cloud Backup, Migration, Res
CVE-2024-10020 (The Heateor Social Login WordPress plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2024-10826 (Use after free in Family Experiences in Google Chrome on Android prior ...)
+ {DSA-5810-1}
- chromium 130.0.6723.116-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-10827 (Use after free in Serial in Google Chrome prior to 130.0.6723.116 allo ...)
+ {DSA-5810-1}
- chromium 130.0.6723.116-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-9878 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
@@ -3154,6 +3372,7 @@ CVE-2024-10525 (In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a ma
CVE-2024-10456 (Delta Electronics InfraSuite Device Master versions prior to 1.0.12 ar ...)
NOT-FOR-US: Delta Electronics
CVE-2024-10573 (An out-of-bounds write flaw was found in mpg123 when handling crafted ...)
+ {DSA-5811-1}
- mpg123 1.32.8-1 (bug #1086443)
NOTE: https://www.openwall.com/lists/oss-security/2024/10/30/2
NOTE: https://sourceforge.net/p/mpg123/bugs/322/
@@ -3308,11 +3527,13 @@ CVE-2024-10108 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is
CVE-2023-5816 (The Code Explorer plugin for WordPress is vulnerable to arbitrary exte ...)
NOT-FOR-US: WordPress plugin
CVE-2024-46956 (An issue was discovered in psi/zfile.c in Artifex Ghostscript before 1 ...)
+ {DSA-5808-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707895
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ea69a1388245ad959d31c272b5ba66d40cebba2c (ghostpdl-10.04.0)
CVE-2024-46955 (An issue was discovered in psi/zcolor.c in Artifex Ghostscript before ...)
+ {DSA-5808-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707990
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6
@@ -3327,16 +3548,19 @@ CVE-2024-46954 (An issue was discovered in decode_utf8 in base/gp_utf8.c in Arti
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=282f691f5e57b6bf55ba51ad8c2be2cce8edb938 (ghostpdl-10.04.0)
CVE-2024-46953 (An issue was discovered in base/gsdevice.c in Artifex Ghostscript befo ...)
+ {DSA-5808-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707793
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=294a3755e33f453dd92e2a7c4cfceb087ac09d6a (ghostpdl-10.04.0)
CVE-2024-46952 (An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript befor ...)
+ {DSA-5808-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708001
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1fb76aaddac34530242dfbb9579d9997dae41264 (ghostpdl-10.04.0)
CVE-2024-46951 (An issue was discovered in psi/zcolor.c in Artifex Ghostscript before ...)
+ {DSA-5808-1}
- ghostscript 10.04.0~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707991
NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8
@@ -15684,7 +15908,7 @@ CVE-2024-45590 (body-parser is Node.js body parsing middleware. body-parser <1.2
CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by providing a ...)
NOT-FOR-US: Yeti
CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a SAML au ...)
- {DSA-5774-1}
+ {DSA-5774-1 DLA-3949-1}
- ruby-saml 1.17.0-1 (bug #1081560)
NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae (v1.12.3)
@@ -84024,7 +84248,7 @@ CVE-2024-20698 (Windows Kernel Elevation of Privilege Vulnerability)
CVE-2024-20697 (Windows libarchive Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2024-20696 (Windows libarchive Remote Code Execution Vulnerability)
- {DSA-5806-1}
+ {DSA-5806-1 DLA-3950-1}
- libarchive 3.7.4-1.1 (bug #1086155)
NOTE: https://github.com/libarchive/libarchive/pull/2172
NOTE: https://github.com/libarchive/libarchive/commit/eac15e252010c1189a5c0f461364dbe2cd2a68b1 (v3.7.5)
@@ -187427,7 +187651,7 @@ CVE-2022-36229
CVE-2022-36228 (Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Perm ...)
NOT-FOR-US: Nokelock Smart padlock
CVE-2022-36227 (In libarchive before 3.6.2, the software does not check for an error a ...)
- {DLA-3294-1}
+ {DLA-3950-1 DLA-3294-1}
- libarchive 3.6.2-1 (bug #1024669)
NOTE: https://github.com/libarchive/libarchive/issues/1754
NOTE: https://github.com/libarchive/libarchive/pull/1759
@@ -216230,6 +216454,7 @@ CVE-2022-26282
CVE-2022-26281 (BigAnt Server v5.6.06 was discovered to contain an incorrect access co ...)
NOT-FOR-US: BigAnt Server
CVE-2022-26280 (Libarchive v3.6.0 was discovered to contain an out-of-bounds read via ...)
+ {DLA-3950-1}
- libarchive 3.6.2-1 (bug #1008953)
[buster] - libarchive <not-affected> (Vulnerable code not present)
[stretch] - libarchive <not-affected> (Vulnerable code not present)
@@ -259226,6 +259451,7 @@ CVE-2021-36977 (matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-ba
- libmatio <not-affected> (Vulnerable code not yet present)
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2021-440.yaml
CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (ca ...)
+ {DLA-3950-1}
- libarchive 3.6.0-1 (bug #991442)
[buster] - libarchive <not-affected> (Vulnerable code introduced by 47bb818 in version 3.4.1)
[stretch] - libarchive <not-affected> (Vulnerable code introduced by 47bb818 in version 3.4.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c57b8b6743866e57504c1bf499386d9f848d8b9a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c57b8b6743866e57504c1bf499386d9f848d8b9a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241112/bee0995b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list