[Git][security-tracker-team/security-tracker][master] new rails issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 18 12:06:07 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc37ec04 by Moritz Mühlenhoff at 2024-10-18T13:05:35+02:00
new rails issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -377,9 +377,13 @@ CVE-2024-48180 (ClassCMS <=4.8 is vulnerable to file inclusion in the nowView me
CVE-2024-47889 (Action Mailer is a framework for designing email service layers. Start ...)
TODO: check
CVE-2024-47888 (Action Text brings rich text content and editing to Rails. Starting in ...)
- TODO: check
+ - rails <unfixed>
+ NOTE: https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
+ NOTE: https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
CVE-2024-47887 (Action Pack is a framework for handling and responding to web requests ...)
- TODO: check
+ - rails <unfixed>
+ NOTE: https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
+ NOTE: https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
CVE-2024-46213 (REDAXO CMS v2.11.0 was discovered to contain a remote code execution ( ...)
NOT-FOR-US: REDAXO CMS
CVE-2024-46212 (An issue in the component /index.php?page=backup/export of REDAXO CMS ...)
@@ -510,7 +514,9 @@ CVE-2024-45072 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an
CVE-2024-45071 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored c ...)
NOT-FOR-US: IBM
CVE-2024-41128 (Action Pack is a framework for handling and responding to web requests ...)
- TODO: check
+ - rails <unfixed>
+ NOTE: https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
+ NOTE: https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
CVE-2024-38814 (An authenticated SQL injection vulnerability in VMware HCX was private ...)
NOT-FOR-US: VMware
CVE-2024-29155 (On Microchip RN4870 devices, when more than one consecutive PairReqNoI ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc37ec04d0ea3adeb24b47ac35a937203ff01010
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc37ec04d0ea3adeb24b47ac35a937203ff01010
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241018/118f5735/attachment.htm>
More information about the debian-security-tracker-commits
mailing list