[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Oct 12 10:44:32 BST 2024



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be0e5fa1 by Moritz Muehlenhoff at 2024-10-12T11:44:07+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,7 @@ CVE-2024-8531 (CWE-347: Improper Verification of Cryptographic Signature vulnera
 CVE-2024-8530 (CWE-306: Missing Authentication for Critical Function vulnerability ex ...)
 	NOT-FOR-US: Schneider
 CVE-2024-8376 (In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve me ...)
-	- mosquitto <unfixed>
+	- mosquitto <unfixed> (bug #1084982)
 	NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218
 	NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227
 	NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217
@@ -152,7 +152,7 @@ CVE-2024-47884 (foxmarks is a CLI read-only interface for Firefox's bookmarks an
 CVE-2024-47877 (Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 ...)
 	NOT-FOR-US: codeclysm/extract Go library
 CVE-2024-47875 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
-	- node-dompurify <unfixed>
+	- node-dompurify <unfixed> (bug #1084983)
 	NOTE: https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
 	NOTE: https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
 	NOTE: https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
@@ -177,14 +177,14 @@ CVE-2024-46215 (A vulnerability was discovered in KM08-708H-v1.1, There is a buf
 CVE-2024-46088 (An arbitrary file upload vulnerability in the ProductAction.entphone i ...)
 	NOT-FOR-US: Zhejiang University Entersoft Customer Resource Management System
 CVE-2024-45403 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
-	- h2o <unfixed>
+	- h2o <unfixed> (bug #1084984)
 	NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92
 	NOTE: https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562
 	NOTE: https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c
 CVE-2024-45402 (Picotls is a TLS protocol library that allows users select different c ...)
 	- picotls <itp> (bug #925405)
 CVE-2024-45397 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Wh ...)
-	- h2o <unfixed>
+	- h2o <unfixed> (bug #1084984)
 	NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-jf2c-xjcp-wg4c
 	NOTE: https://github.com/h2o/h2o/commit/15ed15a2efb83a77bb4baaa5a119e639c2f6898a
 CVE-2024-45396 (Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d ...)
@@ -230,7 +230,7 @@ CVE-2024-33579 (A DLL hijack vulnerability was reported in Lenovo Baiying that c
 CVE-2024-33578 (A DLL hijack vulnerability was reported in Lenovo Leyun that could all ...)
 	NOT-FOR-US: Lenovo
 CVE-2024-25622 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...)
-	- h2o <unfixed>
+	- h2o <unfixed> (bug #1084984)
 	NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-5m7v-cj65-h6pj
 	NOTE: https://github.com/h2o/h2o/issues/3332
 	NOTE: https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be
@@ -634,12 +634,12 @@ CVE-2024-7048 (In version v0.3.8 of open-webui, an improper privilege management
 CVE-2024-6747 (Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, ...)
 	- check-mk <removed>
 CVE-2024-48958 (execute_filter_delta in archive_read_support_format_rar.c in libarchiv ...)
-	- libarchive <unfixed>
+	- libarchive <unfixed> (bug #1084978)
 	[bullseye] - libarchive <not-affected> (RAR filter support introduced in 3.6.0)
 	NOTE: https://github.com/libarchive/libarchive/pull/2148
 	NOTE: https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 (v3.7.5)
 CVE-2024-48957 (execute_filter_audio in archive_read_support_format_rar.c in libarchiv ...)
-	- libarchive <unfixed>
+	- libarchive <unfixed> (bug #1084978)
 	[bullseye] - libarchive <not-affected> (RAR filter support introduced in 3.6.0)
 	NOTE: https://github.com/libarchive/libarchive/pull/2149
 	NOTE: https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b (v3.7.5)
@@ -651,7 +651,7 @@ CVE-2024-48942 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and
 CVE-2024-48941 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbuc ...)
 	NOT-FOR-US: Jira plugin
 CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.1 ...)
-	- lemonldap-ng <unfixed>
+	- lemonldap-ng <unfixed> (bug #1084979)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232
 CVE-2024-9680 (An attacker was able to achieve code execution in the content process  ...)
 	{DSA-5788-1 DLA-3914-1}
@@ -659,7 +659,7 @@ CVE-2024-9680 (An attacker was able to achieve code execution in the content pro
 	- firefox-esr 128.3.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
 CVE-2024-9675 (A vulnerability was found in Buildah. Cache mounts do not properly val ...)
-	- golang-github-containers-buildah <unfixed>
+	- golang-github-containers-buildah <unfixed> (bug #1084980)
 	[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317458	
 CVE-2024-9671 (A vulnerability was found in 3Scale. There is no auth mechanism to see ...)
@@ -865,7 +865,7 @@ CVE-2024-46316 (DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command i
 CVE-2024-46307 (A loop hole in the payment logic of Sparkshop v1.16 allows attackers t ...)
 	NOT-FOR-US: Sparkshop
 CVE-2024-46304 (A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a re ...)
-	- libcoap3 <unfixed>
+	- libcoap3 <unfixed> (bug #1084981)
 	- libcoap2 <removed>
 	- libcoap <removed>
 	NOTE: https://github.com/obgm/libcoap/issues/1509
@@ -1226,7 +1226,7 @@ CVE-2024-30092 (Windows Hyper-V Remote Code Execution Vulnerability)
 CVE-2024-27457 (Improper check for unusual or exceptional conditions in Intel(R) TDX M ...)
 	NOT-FOR-US: Intel
 CVE-2024-25885 (An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 all ...)
-	- xhtml2pdf <unfixed>
+	- xhtml2pdf <unfixed> (bug #1084986)
 	NOTE: https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
 CVE-2024-25825 (FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 1 ...)
 	NOT-FOR-US: FydeOS
@@ -1247,7 +1247,7 @@ CVE-2024-20659 (Windows Hyper-V Security Feature Bypass Vulnerability)
 CVE-2023-52952 (A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2 ...)
 	NOT-FOR-US: Siemens
 CVE-2024-28168 (Improper Restriction of XML External Entity Reference ('XXE') vulnerab ...)
-	- fop <unfixed>
+	- fop <unfixed> (bug #1084985)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/10/09/1
 	NOTE: https://issues.apache.org/jira/browse/FOP-3168
 	NOTE: https://github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134
@@ -2382,7 +2382,7 @@ CVE-2024-20385 (A vulnerability in the SSL/TLS implementation of Cisco Nexus Das
 CVE-2024-20365 (A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Ma ...)
 	NOT-FOR-US: Cisco
 CVE-2024-9407 (A vulnerability exists in the bind-propagation option of the Dockerfil ...)
-	- golang-github-containers-buildah <unfixed>
+	- golang-github-containers-buildah <unfixed> (bug #1084980)
 	[bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315887
 CVE-2024-9333 (Permissions bypass in M-Files Connector for Copilot before version 24. ...)
@@ -30453,7 +30453,7 @@ CVE-2023-6876 (The Clever Fox \u2013 One Click Website Importer by Nayra Themes
 CVE-2023-6491 (The Strong Testimonials plugin for WordPress is vulnerable to unauthor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51847 (An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cau ...)
-	- libcoap3 <unfixed>
+	- libcoap3 <unfixed> (bug #1084981)
 	- libcoap2 <removed>
 	- libcoap <removed>
 	NOTE: https://github.com/obgm/libcoap/issues/1509



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be0e5fa1fb690e61438336f231129ff81e1cf2d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be0e5fa1fb690e61438336f231129ff81e1cf2d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241012/d79edf0f/attachment.htm>


More information about the debian-security-tracker-commits mailing list