[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Nov 17 20:12:15 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c027d6c9 by security tracker role at 2024-11-17T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1272,7 +1272,8 @@ CVE-2024-28726 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink
 	NOT-FOR-US: D-Link
 CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to Arbitrary C ...)
 	TODO: check
-CVE-2024-21540 (All versions of the package source-map-support are vulnerable to Direc ...)
+CVE-2024-21540
+	REJECTED
 	TODO: check
 CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions improperly valida ...)
 	- python3.12 <not-affected> (Fixed with first upload to Debian unstable)
@@ -43794,6 +43795,7 @@ CVE-2024-35240 (Umbraco Commerce is an open source dotnet ecommerce solution. In
 CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution. In affec ...)
 	NOT-FOR-US: Umbraco Commerce
 CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+	{DLA-3956-1}
 	- smarty3 3.1.48-2 (bug #1072530)
 	- smarty4 4.5.4-1 (bug #1072529)
 	NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
@@ -78321,7 +78323,7 @@ CVE-2023-52161 (The Access Point functionality in eapol_auth_key_handle in eapol
 	- iwd 2.14-1 (bug #1064062)
 	NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/
 	NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca (2.14)
-CVE-2024-0793
+CVE-2024-0793 (A flaw was found in kube-controller-manager. This issue occurs when th ...)
 	NOT-FOR-US: kube-controller-manager
 CVE-2024-25580 (An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15. ...)
 	[experimental] - qt6-base 6.6.2+dfsg-1
@@ -79571,7 +79573,7 @@ CVE-2023-6681 (A vulnerability was found in JWCrypto. This flaw allows an attack
 	[bullseye] - python-jwcrypto <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2260843
 	NOTE: https://github.com/latchset/jwcrypto/commit/d2655d370586cb830e49acfb450f87598da60be8 (v1.5.1)
-CVE-2023-6110 [deleting a non existing access rule deletes another existing access rule in it's scope]
+CVE-2023-6110 (A flaw was found in OpenStack. When a user tries to delete a non-exist ...)
 	- python-openstackclient 6.3.0-2
 	[bookworm] - python-openstackclient <no-dsa> (Minor issue)
 	[bullseye] - python-openstackclient <no-dsa> (Minor issue)
@@ -80028,7 +80030,7 @@ CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0
 	NOT-FOR-US: IBM
 CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and ...)
 	NOT-FOR-US: Grav CMS
-CVE-2023-4639 [Cookie Smuggling/Spoofing]
+CVE-2023-4639 (A flaw was found in Undertow, which incorrectly parses cookies with ce ...)
 	- undertow <unfixed> (bug #1063539)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
 CVE-2023-3966 (A flaw was found in Open vSwitch where multiple versions are vulnerabl ...)
@@ -106338,7 +106340,7 @@ CVE-2023-38040 (A reflected XSS vulnerability exists in Revive Adserver 5.4.1 an
 	NOT-FOR-US: Revive Adserver
 CVE-2023-3025 (The Dropbox Folder Share plugin for WordPress is vulnerable to Server- ...)
 	NOT-FOR-US: Dropbox Folder Share plugin for WordPress
-CVE-2023-43091 [Code injection via service.json file]
+CVE-2023-43091 (A flaw was found in GNOME Maps, which is vulnerable to a code injectio ...)
 	- gnome-maps 45~rc-1
 	[bookworm] - gnome-maps <ignored> (Minor issue, mostly hardening since service.json served from fixed/trusted source)
 	[bullseye] - gnome-maps <not-affected> (Vulnerable code not present)
@@ -132169,6 +132171,7 @@ CVE-2023-28449
 CVE-2023-28448 (Versionize is a framework for version tolerant serializion/deserializa ...)
 	NOT-FOR-US: Versionize (firecracker-microvm / framework for version tolerant serializion/deserialization of Rust data structures)
 CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty did n ...)
+	{DLA-3956-1}
 	- smarty3 3.1.48-1 (bug #1033964)
 	[bookworm] - smarty3 <no-dsa> (Minor issue)
 	[buster] - smarty3 <no-dsa> (Minor issue)
@@ -132372,8 +132375,7 @@ CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an u
 	NOT-FOR-US: WAB-MAT
 CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro W ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-1419
-	RESERVED
+CVE-2023-1419 (A script injection vulnerability was found in the Debezium database co ...)
 	NOT-FOR-US: Debezium
 CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System
@@ -142554,8 +142556,7 @@ CVE-2023-6717 (A flaw was found in the SAML client registration in Keycloak that
 	NOT-FOR-US: Keycloak
 CVE-2023-6544 (A flaw was found in the Keycloak package. This issue occurs due to a p ...)
 	NOT-FOR-US: Keycloak
-CVE-2023-0657
-	RESERVED
+CVE-2023-0657 (A flaw was found in Keycloak. This issue occurs due to improperly enfo ...)
 	NOT-FOR-US: Keycloak
 CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows a re ...)
 	NOT-FOR-US: SonicOS
@@ -177389,7 +177390,7 @@ CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (
 CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...)
 	NOT-FOR-US: VBASE
 CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...)
-	{DLA-3262-1}
+	{DLA-3956-1 DLA-3262-1}
 	- smarty3 3.1.47-1 (bug #1019897)
 	- smarty4 4.2.1-1 (bug #1019896)
 	NOTE: https://github.com/smarty-php/smarty/issues/454
@@ -322124,8 +322125,7 @@ CVE-2020-25721 (Kerberos acceptors need easy access to stable AD identifiers (eg
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14557
 	NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html
-CVE-2020-25720
-	RESERVED
+CVE-2020-25720 (A vulnerability was found in Samba where a delegated administrator wit ...)
 	- samba 2:4.17.8+dfsg-1
 	[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
 	[buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c027d6c99b28b6368ffb34d35ade2df9ffbe6e28

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c027d6c99b28b6368ffb34d35ade2df9ffbe6e28
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241117/ed80cd7a/attachment.htm>

More information about the debian-security-tracker-commits mailing list