[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 29 20:13:04 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc8e3358 by security tracker role at 2024-11-29T20:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2024-53983 (The Backstage Scaffolder plugin Houses types and utilities for buildin ...)
+ TODO: check
+CVE-2024-53980 (RIOT is an open-source microcontroller operating system, designed to m ...)
+ TODO: check
+CVE-2024-53979 (ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible c ...)
+ TODO: check
+CVE-2024-53865 (zhmcclient is a pure Python client library for the IBM Z HMC Web Servi ...)
+ TODO: check
+CVE-2024-53864 (Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP ...)
+ TODO: check
+CVE-2024-53861 (pyjwt is a JSON Web Token implementation in Python. An incorrect strin ...)
+ TODO: check
+CVE-2024-53848 (check-jsonschema is a CLI and set of pre-commit hooks for jsonschema v ...)
+ TODO: check
+CVE-2024-53507 (A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getH ...)
+ TODO: check
+CVE-2024-53506 (A SQL injection vulnerability has been identified in Siyuan 3.1.11 via ...)
+ TODO: check
+CVE-2024-53505 (A SQL injection vulnerability has been identified in Siyuan 3.1.11 via ...)
+ TODO: check
+CVE-2024-53504 (A SQL injection vulnerability has been identified in Siyuan 3.1.11 via ...)
+ TODO: check
+CVE-2024-52810 (@intlify/shared is a shared library for the intlify project. The lates ...)
+ TODO: check
+CVE-2024-52809 (vue-i18n is an internationalization plugin for Vue.js. In affected ve ...)
+ TODO: check
+CVE-2024-52801 (sftpgo is a full-featured and highly configurable event-driven file tr ...)
+ TODO: check
+CVE-2024-52800 (veraPDF is an open source PDF/A validation library. Executing policy c ...)
+ TODO: check
+CVE-2024-52782 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...)
+ TODO: check
+CVE-2024-52781 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...)
+ TODO: check
+CVE-2024-52780 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...)
+ TODO: check
+CVE-2024-52779 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...)
+ TODO: check
+CVE-2024-52778 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and ...)
+ TODO: check
+CVE-2024-52777 (DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, an ...)
+ TODO: check
+CVE-2024-52003 (Traefik (pronounced traffic) is an HTTP reverse proxy and load balance ...)
+ TODO: check
+CVE-2024-50357 (FutureNet NXR series routers provided by Century Systems Co., Ltd. hav ...)
+ TODO: check
+CVE-2024-49806 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains ...)
+ TODO: check
+CVE-2024-49805 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains ...)
+ TODO: check
+CVE-2024-49804 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could all ...)
+ TODO: check
+CVE-2024-49803 (IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow ...)
+ TODO: check
+CVE-2024-49360 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit ...)
+ TODO: check
+CVE-2024-48406 (Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and f ...)
+ TODO: check
+CVE-2024-47193 (WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and El ...)
+ TODO: check
+CVE-2024-47094 (Insertion of Sensitive Information into Log File in Checkmk GmbH's Che ...)
+ TODO: check
+CVE-2024-36671 (nodemcu before v3.0.0-release_20240225 was discovered to contain an in ...)
+ TODO: check
+CVE-2024-36626 (In prestashop 8.1.4, a NULL pointer dereference was identified in the ...)
+ TODO: check
+CVE-2024-36625 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_ ...)
+ TODO: check
+CVE-2024-36624 (Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construc ...)
+ TODO: check
+CVE-2024-36623 (moby v25.0.3 has a Race Condition vulnerability in the streamformatter ...)
+ TODO: check
+CVE-2024-36622 (In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnera ...)
+ TODO: check
+CVE-2024-36621 (moby v25.0.5 is affected by a Race Condition in builder/builder-next/a ...)
+ TODO: check
+CVE-2024-36620 (moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via d ...)
+ TODO: check
+CVE-2024-36619 (FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavco ...)
+ TODO: check
+CVE-2024-36618 (FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavforma ...)
+ TODO: check
+CVE-2024-36617 (FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF ...)
+ TODO: check
+CVE-2024-36616 (An integer overflow in the component /libavformat/westwood_vqa.c of FF ...)
+ TODO: check
+CVE-2024-36615 (FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. Thi ...)
+ TODO: check
+CVE-2024-36612 (Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the hand ...)
+ TODO: check
+CVE-2024-36611 (In Symfony v7.07, a security vulnerability was identified in the FormL ...)
+ TODO: check
+CVE-2024-36610 (A deserialization vulnerability exists in the Stub class of the VarDum ...)
+ TODO: check
+CVE-2024-35371 (Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization f ...)
+ TODO: check
+CVE-2024-35369 (In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c m ...)
+ TODO: check
+CVE-2024-35368 (FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame ...)
+ TODO: check
+CVE-2024-35367 (FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_alti ...)
+ TODO: check
+CVE-2024-35366 (FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the par ...)
+ TODO: check
+CVE-2024-11992 (Absolute path traversal vulnerability in Quick.CMS, version 6.7, the e ...)
+ TODO: check
+CVE-2024-11990 (A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could al ...)
+ TODO: check
CVE-2024-XXXX [ruzstd uninit and out-of-bounds memory reads]
- rust-ruzstd <not-affected> (Only affects 0.7.x)
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0400.html
@@ -553,6 +661,7 @@ CVE-2024-10308 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stor
CVE-2024-10240 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2024-48651 (In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritan ...)
+ {DLA-3975-1}
- proftpd-dfsg 1.3.8.b+dfsg-4 (bug #1082326)
NOTE: https://github.com/proftpd/proftpd/issues/1830
NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/cec01cc0a2523453e5da5a486bc6d977c3768db1
@@ -83007,7 +83116,7 @@ CVE-2023-6516 (To keep its cache database efficient, `named` running as a recurs
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series
NOTE: which entered unstable as the fixed version as workaround.
CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...)
- {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3859-1 DLA-3816-1 DLA-3736-1}
+ {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3974-1 DLA-3859-1 DLA-3816-1 DLA-3736-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
[bookworm] - dnsmasq <no-dsa> (Update proposed for next point release)
@@ -83056,7 +83165,7 @@ CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4
NOTE: https://github.com/dnsjava/dnsjava/commit/07ac36a11578cc1bce0cd8ddf2fe568f062aee78 (v3.6.0)
NOTE: https://github.com/dnsjava/dnsjava/commit/3ddc45ce8cdb5c2274e10b7401416f497694e1cf (v3.6.0)
CVE-2023-50868 (The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe ...)
- {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3859-1 DLA-3816-1 DLA-3736-1}
+ {DSA-5633-1 DSA-5626-1 DSA-5621-1 DSA-5620-1 DLA-3974-1 DLA-3859-1 DLA-3816-1 DLA-3736-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
[bookworm] - dnsmasq <no-dsa> (Update proposed for next point release)
@@ -92793,6 +92902,7 @@ CVE-2023-6746 (An insertion of sensitive information into log file vulnerability
CVE-2023-6690 (A race condition in GitHub Enterprise Server allowed an existing admin ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2023-51713 (make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of- ...)
+ {DLA-3975-1}
- proftpd-dfsg 1.3.8.a+dfsg-1
[bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u3
[buster] - proftpd-dfsg <no-dsa> (Minor issue)
@@ -93848,7 +93958,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
NOT-FOR-US: Bosch
CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
- {DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
+ {DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
- dropbear 2022.83-4 (bug #1059001)
[bookworm] - dropbear 2022.83-1+deb12u1
[bullseye] - dropbear 2020.81-3+deb11u1
@@ -135883,6 +135993,7 @@ CVE-2023-28452 (An issue was discovered in CoreDNS through 1.10.1. There is a vu
CVE-2023-28451 (An issue was discovered in Technitium 11.0.2. There is a vulnerability ...)
NOT-FOR-US: Technitium
CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...)
+ {DLA-3974-1}
- dnsmasq 2.90-1 (bug #1033165)
[bookworm] - dnsmasq <no-dsa> (Minor issue)
[buster] - dnsmasq <no-dsa> (Minor issue)
@@ -220478,6 +220589,7 @@ CVE-2022-26885 (When using tasks to read config files, there is a risk of databa
CVE-2022-26884 (Users can read any files by log server, Apache DolphinScheduler users ...)
NOT-FOR-US: Apache DolphinScheduler
CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was found in dn ...)
+ {DLA-3974-1}
- dnsmasq 2.87-1 (bug #1014715)
[buster] - dnsmasq <no-dsa> (Minor issue)
[stretch] - dnsmasq <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc8e3358a27085243628e014f15e1c3f39e3efe3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc8e3358a27085243628e014f15e1c3f39e3efe3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241129/df405f64/attachment.htm>
More information about the debian-security-tracker-commits
mailing list